Loadtest recoding with proxy chain

Similar Messages

• Load balancing proxy chain with LD

  Next Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
  In his current configuration he routes the HTTP requests from internal clients through a firewall and
  LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
  Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
  Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
  Thanks in advance,
  Oliver

  Next Week we have to do some consulting at a customers, who owns 4 LD 416. He wants to do full HA balancing of his web proxy chain, consisting of 2 proxy servers, 2 viruswalls and 2 applet traps.
  In his current configuration he routes the HTTP requests from internal clients through a firewall and
  LD1 into DMZ1-proxy, then through the firewall and LD2 to DMZ2-viruswall, then through the firewall and LD1 back to DMZ1-applettrap, and finally towards the internet. This results in a tremendous load on the firewall box.
  Our suggestion to overcome this situation is to set up to VLANs at interfaces 2 and 3 of LD1. The proxy servers will reside in VLAN2, the viruswall at VLAN3, and the applettrap at VLAN2 again. So the LD can bridge all the VLANs and balance the complete proxy chain.
  Will this work? Anything we overlooked? Is there somebody out there who has done something similar before? What configuration specialties have to been taken into account?
  Thanks in advance,
  Oliver

• Privacy Enhancing Filtering Proxy Chain for OS X

  A privacy enhanced web proxy is a nearly essential tool on the modern web: it blocks ads, malicious scripts, and conceals information used to track you around the web. I've provided a quick setup below in case it's useful to others. This will build a privatizing squid:privoxy proxy chain that works with any browser, and can be used by anyone on your LAN, including and especially secure VPN logins and ssh tunnels. In my experience, this setup is a lot more capable and effective than using a simple adblocking Firefox Add-On. There's a world of difference between reading ad-filled web pages with and without a filtering proxy server. I've also included information for a polipo proxy that can be used with Tor for full anonymity, as well as a script for ssh tunnelling
  Install Xcode and Macports
  Install squid, privoxy, and polipo:
  $ sudo port selfupdate
  $ sudo port install squid privoxy polipo
  $ sudo port load squid privoxy polipo
  Configure the squid/privoxy/polipo config files shown below, then relaunch the proxies and test to make sure they're up:
  $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Squid.plist
  $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Squid.plist
  $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Privoxy.plist
  $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Privoxy.plist
  $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Polipo.plist
  $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Polipo.plist
  $ nmap -p 3128,8118,8123 localhost
  Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-07 11:47 EST
  Nmap scan report for localhost (127.0.0.1)
  Host is up (0.00013s latency).
  PORT     STATE SERVICE
  3128/tcp open  squid-http
  8118/tcp open  privoxy
  8123/tcp open  polipo
  Now web applications can use your filtering web proxy chain. If you use the config files below, websites will not know where you came from (HTTP_REFERER header is forged), and will not know your User Agent (also forged), and read access is block to several HTTP header fields. Ads are filtered. Your connection looks like this:
  Application  <--port 3128-->  Squid  <--port 8118--> Privoxy  <----> Internet
  Configure your network to add an option to route your web traffic through this proxy. System Preferences>Network>Wi-Fi/Ethernet/...>Locations:>Edit Locations...> Gear icon, Duplicate Location, Advanced...>Proxies> Check boxes for HTTP and HTTPS web proxies with proxy server localhost:3128.
  While you're at it, configure your OS and browsers to block Adobe flash cookies. Read this WSJ article series to understand how this impacts your privacy.
  System Preferences>Flash Player>Block all sites from storing information, using your camera and microphone, and networking with peers. Also Delete all data and go to this Adobe Flash Player Settings web page and block all sites from storing information, using your camera and microphone, and networking with peers.
  Firefox/Safari>DO NOT ALLOW third party cookies, request not to be tracked
  Firefox Add-Ons: NoScript (blocks/manages JavaScript), Beef TACO (blocks/manages flash cookies), BetterPrivacy (blocks/manages flash cookies), and the EFFs HTTPS Everywhere.
  You can also download the Tor anonymous proxy chain for both OS X and iOS devices. This will run a little polipo proxy natively on mobile devices.
  Here are the config file settings. Search through the config file too see the appropriate location for these settings. Turn off http_access and icp_access (squid), permit-access (privoxy), and allowedClients (polipo) if you do not want everyone on your LAN to be able to use the proxy. Double check that you're not running an open web proxy on the internet.
  $ sudo vi /opt/local/etc/squid/squid.conf
  # See http://www.privoxy.org/user-manual/config.html
  # Define Privoxy as parent proxy (without ICP)
  cache_peer 127.0.0.1 parent 8118 7 no-query
  http_access allow localnet
  icp_access allow localnet
  via off
  # old 'http_anonymizer standard'
  header_access From deny all
  # forge Referer in Privoxy
  # header_access Referer deny all
  header_access Server deny all
  # forge User-Agent in Privoxy
  # header_access User-Agent deny all
  header_access WWW-Authenticate deny all
  header_access Link deny all
  # more privacy
  header_access Cache-Control deny all
  header_access Proxy-Connection deny all
  header_access X-Cache deny all
  header_access X-Cache-Lookup deny all
  header_access Via deny all
  header_access Forwarded-For deny all
  header_access X-Forwarded-For deny all
  header_access Pragma deny all
  header_access Keep-Alive deny all
  shutdown_lifetime 10 seconds
  # See http://www.privoxy.org/user-manual/config.html
  # Define ACL for protocol FTP
  acl ftp proto FTP
  # Do not forward FTP requests to Privoxy
  always_direct allow ftp
  # See http://www.privoxy.org/user-manual/config.html
  # Forward all the rest to Privoxy
  never_direct allow all
  dns_nameservers 10.0.1.2 10.0.1.1
  forwarded_for off
  $ sudo vi /opt/local/etc/privoxy/config
  forward  /      .
  $ sudo vi /opt/local/etc/privoxy/match-all.action
  +change-x-forwarded-for{block} \
  +deanimate-gifs{last} \
  +filter{refresh-tags} \
  +filter{img-reorder} \
  +filter{banners-by-size} \
  +filter{webbugs} \
  +filter{jumping-windows} \
  +filter{ie-exploits} \
  +hide-from-header{block} \
  +hide-referrer{conditional-block} \
  +session-cookies-only \
  +set-image-blocker{pattern} \
  / # Match all URLs
  # See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privo xy/
  +hide-referrer{conditional-forge} \
  +hide-user-agent{Mozilla/5.0} \
  / # Match all URLs
  $ sudo vi /opt/local/etc/privoxy/user.action
  # fix bing's travel site, others
  { -block }
  ads1.msn.com/
  .bing.com/travel/jsxc\.vjs\?
  .onecause.com
  .apple.com
  .go.com
  # sourceforge
  { -block -filter -deanimate-gifs}
  .sourceforge.net
  .dell.com
  # expedia
  { -hide-user-agent }
  .expedia.com
  # don't filter downloads
  {-filter -deanimate-gifs}
  /.*\.iso(\?|$)
  /.*\.mp3(\?|$)
  /.*\.mp4(\?|$)
  /.*\.mov(\?|$)
  /.*\.mpg(\?|$)
  /.*\.ogg(\?|$)
  /.*\.aac(\?|$)
  /.*\.zip(\?|$)
  /.*\.pdf(\?|$)
  /.*\.dmg(\?|$)
  /.*\.tar(\?|$)
  /.*\.gz(\?|$)
  /.*\.dat(\?|$)
  $ sudo vi /opt/local/etc/privoxy/config
  proxyAddress = "0.0.0.0"    # IPv4 only
  allowedClients = 127.0.0.1, 10.0.1.0/16

  This configuration looks great and I was try to apply for my laptop. Unfortunatly I'm not an expert, and I have problem with config file settings for squid.config.
  I was installing squid (at first 2.7 version but later 3.1, because being able to use the GUI squidMan)), Privoxy and polipo with sucess with MacPorts. Using also MacPort to get nmap.and proxies look to be up :
  Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-23 21:59 PHT
  Nmap scan report for localhost (127.0.0.1)
  Host is up (0.00046s latency).
  PORT     STATE SERVICE
  3128/tcp open  squid-http
  8118/tcp open  privoxy
  8123/tcp open  polipo
  Configure the network was not a problem (just an interrogation about FTP proxy ?)
  To edit and add lines and save  match-all.action,user.action
  was fine also. I don't know why the command sudo vi /opt/local/etc/privoxy/config is repeat twice one to add forward  / and later 
  proxyAddress = "0.0.0.0"    # IPv4 only
  allowedClients = 127.0.0.1, 10.0.1.0/16
  I was add these 3 lines anyway, the main problem being I guess to put properly configurations  for squid.conf
  Here below the template gave by SquidMan,(easier for me getting the main lines!) I just have modified Privoxy as parent proxy but I was not able to manage properly where adding these settings.( getting error about localhost ie).
  Could you kindly past them in this template ? I guess it will fix my configuration ! thank you in advance.
  Sincerly,
  Franck
  # WARNING - do not edit this template unless you know what you are doing
  # the parent cache
  cache_peer 127.0.0.1 parent 8118 7 no-query no-digest no-netdb-exchange default
  # disk and memory cache settings
  cache_dir ufs %CACHEDIR% %CACHESIZE% 16 256
  maximum_object_size %MAXOBJECTSIZE%
  # store coredumps in the first cache dir
  coredump_dir %CACHEDIR%
  # the hostname squid displays in error messages
  visible_hostname %VISIBLEHOSTNAME%
  # log & process ID file details
  cache_access_log %ACCESSLOG%
  cache_log %CACHELOG%
  cache_store_log %STORELOG%
  pid_filename %PIDFILE%
  # Squid listening port
  http_port %PORT%
  # Access Control lists
  acl localhost src 127.0.0.1/32
  acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
  acl manager proto cache_object
  acl SSL_ports port 443
  acl Safe_ports port 80                    # http
  acl Safe_ports port 21                    # ftp
  acl Safe_ports port 443                    # https
  acl Safe_ports port 70                    # gopher
  acl Safe_ports port 210                    # wais
  acl Safe_ports port 1025-65535          # unregistered ports
  acl Safe_ports port 280                    # http-mgmt
  acl Safe_ports port 488                    # gss-http
  acl Safe_ports port 591                    # filemaker
  acl Safe_ports port 777                    # multiling http
  acl CONNECT method CONNECT
  %ALLOWEDHOSTS%
  %DIRECTHOSTS%
  # Only allow cachemgr access from localhost
  http_access allow manager localhost
  http_access deny manager
  # Deny requests to certain unsafe ports
  http_access deny !Safe_ports
  # Deny CONNECT to other than secure SSL ports
  http_access deny CONNECT !SSL_ports
  # protect web apps running on the proxy host from external users
  http_access deny to_localhost
  # rules for client access go here
  http_access allow localhost
  %HTTPACCESSALLOWED%
  # after allowed hosts, deny all other access to this proxy
  # don't list any other access settings below this point
  http_access deny all
  # specify which hosts have direct access (bypassing the parent proxy)
  %ALWAYSDIRECT%
  always_direct deny all
  # hierarchy stop list (squid-recommended)
  hierarchy_stoplist cgi-bin ?
  # refresh patterns (squid-recommended)
  refresh_pattern ^ftp:                    1440          20%          10080
  refresh_pattern ^gopher:          1440          0%          1440
  refresh_pattern -i (/cgi-bin/|\?) 0          0%          0
  refresh_pattern .                    0          20%          4320

• Display authentication for proxy in proxy chain

  Hi all,
  I am a beginner to using proxies, so please bear with me. I am currently trying to set up a forward proxy using Sun Java Web Proxy System (SJSWPS) 4.0.7 to connect to another proxy, i.e. proxy chaining. The other proxy requires username and password authentication. For ease of description, I'll name that other proxy as Proxy A. The logical flow is as shown below.
  PC ----> SJSWPS -----> Proxy A (requires basic authentication) ---> Internet
  Is there any way to configure SJSWPS to display the authentication screen for Proxy A? The authentication screen is similar to the one used for basic authentication to access Administration Server of SJSWPS. Currently, SJSWPS just return 403 forbidden error instead of displaying the authentication screen.
  Can anyone please help? Thanks in advance!
  Edited by: test012030123 on Jun 3, 2009 12:56 AM
  Edited by: test012030123 on Jun 3, 2009 1:03 AM

  You have to edit your obj.conf and add the following entry to the object section which has the chaining instructions to proxyA.
  ObjectType fn="forward-proxy-auth"

• Forward/reverse proxy chain losing headers

  I have the following setup:
  user(browser) -> proxy1 -> proxy2 -> webserver
  This has both forward and reverse mappings. In proxy 1, I have an NSAPI plugin that appends a name/value(uid:userid) pair into the HTTP headers, at the end of my current header string . I use
  const char *HEADERS = "full-headers"; //HEADER NAME
  pblock_findval((char *)HEADERS, request->reqpb))
  pblock_remove((char *)HEADERS, request->reqpb);
  pblock_nvinsert((char *)HEADERS, (char*)"current list of NV pairs, uid: user123", request->reqpb);
  In the previous proxy versions to 3.63, the second proxy and teh webserver receive my entire header string(full-headers) without any issue and just as I sent it.
  With version 3.63, my UID is missing from the "
  Protocol Request PB (rq->reqpb)" section along with some other info in my header string. I use sdump to view the headers, plus my backend app is not receiving the uid.
  Has anyone else had the issue of their headers getting mangled, and or missing in Proxy 3.63 ?Or does anyone have any ideas to the issue?

  Yep, good catch
  There is a bug in the proxy : Proxy 3.6 SP3 removes "Proxy-authenticate:" HTTP header when forwarding requests to other proxies.
  This is basically in adherence to RFC2616 clause
  13.5.1 End-to-end and Hop-by-hop Headers:
  For the purpose of defining the behavior of caches and non-caching
  proxies, we divide HTTP headers into two categories:
  - End-to-end headers, which are transmitted to the ultimate
  recipient of a request or response. End-to-end headers in
  responses MUST be stored as part of a cache entry and MUST be
  transmitted in any response formed from a cache entry.
  - Hop-by-hop headers, which are meaningful only for a single
  transport-level connection, and are not stored by caches or
  forwarded by proxies.
  The following HTTP/1.1 headers are hop-by-hop headers:
  - Connection
  - Keep-Alive
  - Proxy-Authenticate
  - Proxy-Authorization
  - TE
  - Trailers
  - Transfer-Encoding
  - Upgrade
  All other headers defined by HTTP/1.1 are end-to-end headers.
  This somehow messed up the proxy chain configurations
  This has been fixed in SP4 which will be released in a week or two
  Thx
  Maneesh

• [SOLVED] Local SOCKS5 proxy server + proxy chaining

  Hi all,
  I'm looking for a proxy that can accept incoming SOCKS5 connections.  To be more specific, I'm looking to make the following configuration possible:
  multiple clients <--SOCKS5--> server with proxy <--SOCKS5--> another proxy <----> internet
  I have tried privoxy and polipo, but, while they can forward SOCKS5 requests, they can't accept incoming SOCKS5 connections, so I can't chain two proxies.  Is there any way to make this configuration possible?
  In other words, I'm looking for a proxy that can do this:
  SOCKS5 connection from somewhere <----> proxy on local network <----> SOCKS5 connection to another proxy
  For added bonus, I would also like to chain an arbitrary numbers of proxies.
  Thanks in advance!
  Last edited by amoradi (2011-09-28 06:10:12)

  Alright, it's working fine now!  Now for the sake of completeness of the thread, I'm going to [SOLVED] it and add the details on how the problem was solved!
  Doing a minimal config definitely helped narrow down the problem.  The real problem, however, was caused by the internal directive:
  internal: 192.168.1.0 port = 1080
  When I looked over netstat, I was concerned that it showed the listening ip as 192.168.1.0:1080 instead of my local network ip, 192.168.1.2.  Moreover, I did not get *any* log output when I tried to connect from other machines, probably an indication that the machines were not able to even find the proxy:
  $ netstat -na | grep 1080
  tcp 0 0 192.168.1.0:1080 0.0.0.0:* LISTEN
  So, I changed the internal directive to my real (local network) ip:
  internal: 192.168.1.2 port = 1080
  and BAM!  Everything worked fine afterward.  Also, I added a second internal directive for my local machine just in case I'll be using dante for myself too.  Then I just added the route directive to complete the basic server chaining I was looking for in the beginning.  It's working flawless.  Here's my working config:
  logoutput: stdout /var/log/sockd.log
  internal: 192.168.1.2 port = 1080
  internal: 127.0.0.1 port = 1080
  external: eth0
  user.notprivileged: root
  clientmethod: none
  method: none
  client pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: error connect disconnect
  pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: error connect disconnect
  protocol: udp tcp
  route {
  from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 10000
  There is another SOCKS5 proxy listening on port 10000 which is running on my local machine.  In my case, this is simply an SSH SOCKS5 proxy (with the -D switch).
  Of course, now I'll have to tighten security by adding a new use and adding block directives, but the basic thing is working.
  Thanks a lot dschrute, couldn't have done it without you mate!

• Communication problem with proxy server

  We have establish the configuration of an iPad to access the enterprise net, but when trying to access any webpage we get the next message: Safari can not open the page. Error:"There is a communication problem with proxy web server (HTTP)"
  The access has no problems with other movile devices.
  Ahy help?

  Hi,
  I am not sure whether you have already solved the problem or not....
  Do the following to deploy MobileBIService.war file on tomcat
  1.Stop Tomcat Web application server.
  2.Copy the file, MobileBIService.war from [Install directory]\Mobile 14\Client to the Tomcat's "Webapps" directory.
  In my case, I copied the MobileBIService.war from C:\Program Files (x86)\SAP BusinessObjects\Mobile14\Client to C:\Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps. ( I used BO 4.0 SP02)
  3.     Start Tomcat.
  Restarting Tomcat would automatically deploy war file as a Web App
  One folder u201CMobileBiServiceu201D will appear in webapps folder when MobileBIService.war is deployed successfully.
  Hope it helps.
  Regards,
  Ankur

• Administration of APEX in SQL Developer with Proxy Authentication impossibl

  Hello!
  We are using latest version of SQL Developer to administer APEX. We are connecting to the database with proxy authentication. The syntax is:
  personal_user[apex_ws_owner]
  e.g.: mdecker[apex_demo]
  When trying to deploy APEX application I go to "Database Object" -> Application Express -> Application1 [100] -> right mouse click: "Deploy Application". Then I select the appropriate database identifier and next, I am presented with a screen showing import options. In second line, it says: "Parsing Schema: MDECKER".
  This is wrong: it has to be Parsing Schema: APEX_DEMO. It seems that managing APEX with SQL Developer does not support Proxy Authentication.
  Could you please confirm?
  Is there a way to formally ask for this enhancement?
  Best regards,
  Martin
  Update:
  I found out that if I check the flag "Proxy Authentication" in the connect details and provide both passwords, the deploy application parsing schema is set to the correct APEX_DEMO account. However, we are using Proxy Authentication in order to avoid having to know the application password.
  Edited by: mdecker on Jan 28, 2013 4:48 PM

  There is a write-up about connecting to APEX here: <a href ="http://www.oracle.com/technology/products/database/application_express/html/sql_dev_integration.html" >SQL Dev Oracle APEX Integration</a>
  <p>You do need to have updated to Oracle APEX 3.0.1.
  <p>Regards <br>
  Sue

• JAX-WS client - WebLogic - SSL with proxy server

  Good night!
  I'm having trouble communicating with webservices using certificate authentication (weblogic.wsee.jaxws.sslclient.PersistentSSLInfo) through and going through a proxy server (weblogic.wsee.jaxws.proxy.ClientProxyFeature) .
  If communication with the webservice is done directly (no proxy server) everything happens perfectly, but to set the proxy server I get the exception "BAD_CERTIFICATE." it is as if the certificate was not attached in the request.
  The webservice client was generated by JDeveloper.
  Has anyone experienced this problem?
  Sorry for my bad english
  Exception
  javax.xml.ws.WebServiceException: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
       at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:218)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:204)
       at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)
       at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
       at com.sun.xml.ws.client.Stub.process(Stub.java:272)
       at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
       at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
       at $Proxy30.cleCadastroLote(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
       at $Proxy31.cleCadastroLote(Unknown Source)
       at br.com.tbl.ws.CleCadastroPortClient.main(CleCadastroPortClient.java:51)
  Webservice client with proxy server (error)
  import weblogic.wsee.jaxws.sslclient.PersistentSSLInfo;
  import javax.xml.ws.BindingProvider;
  import weblogic.wsee.jaxws.JAXWSProperties;
  import weblogic.wsee.jaxws.proxy.ClientProxyFeature;
  import weblogic.wsee.jaxws.sslclient.SSLClientUtil;
  public class CleCadastroPortClient
  public static void main(String [] args)
  try{
  CleCadastro_Service cleCadastro_Service = new CleCadastro_Service();
  CleCadastro cleCadastro = cleCadastro_Service.getCleCadastroPort();
  String clientKeyStore = "C:\\certificados.jks";
  String clientKeyStorePasswd = "xxxxx";
  String clientKeyAlias = "xxxxx";
  String clientKeyPass = "xxxxx";
  String trustKeystore = "C:\\keystore_completo.jks";
  String trustKeystorePasswd = "xxxxx";
  PersistentSSLInfo sslInfo = new PersistentSSLInfo();
  sslInfo.setKeystore(clientKeyStore);
  sslInfo.setKeystorePassword(clientKeyStorePasswd);
  sslInfo.setKeyAlias(clientKeyAlias);
  sslInfo.setKeyPassword(clientKeyPass);
  sslInfo.setTrustKeystore(trustKeystore);
  sslInfo.setTrustKeystorePassword(trustKeystorePasswd);
  ClientProxyFeature clientProxy = new ClientProxyFeature();
  clientProxy.setProxyHost("proxy.com");
  clientProxy.setProxyPort(Integer.parseInt("3128") );
  clientProxy.setProxyUserName("user");
  clientProxy.setProxyPassword("pass");
  clientProxy.attachsPort(cleCadastro);
  ((BindingProvider) cleCadastro).getRequestContext().put(JAXWSProperties.CLIENT_PERSISTENT_SSL_INFO, sslInfo);
  ((BindingProvider) cleCadastro).getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, SSLClientUtil.getSSLSocketFactory(sslInfo));
  ((BindingProvider) cleCadastro).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https:/xxxx/ws");
  String retorno = cleCadastro.cleCadastroLote("xml", "xml");
  }catch(Exception ex){
  ex.printStackTrace();
  Webservice client without proxy server (OK)
  import weblogic.wsee.jaxws.sslclient.PersistentSSLInfo;
  import javax.xml.ws.BindingProvider;
  import weblogic.wsee.jaxws.JAXWSProperties;
  import weblogic.wsee.jaxws.proxy.ClientProxyFeature;
  import weblogic.wsee.jaxws.sslclient.SSLClientUtil;
  public class CleCadastroPortClient
  public static void main(String [] args)
  try{
  CleCadastro_Service cleCadastro_Service = new CleCadastro_Service();
  CleCadastro cleCadastro = cleCadastro_Service.getCleCadastroPort();
  String clientKeyStore = "C:\\certificados.jks";
  String clientKeyStorePasswd = "xxxxx";
  String clientKeyAlias = "xxxxx";
  String clientKeyPass = "xxxxx";
  String trustKeystore = "C:\\keystore_completo.jks";
  String trustKeystorePasswd = "xxxxx";
  PersistentSSLInfo sslInfo = new PersistentSSLInfo();
  sslInfo.setKeystore(clientKeyStore);
  sslInfo.setKeystorePassword(clientKeyStorePasswd);
  sslInfo.setKeyAlias(clientKeyAlias);
  sslInfo.setKeyPassword(clientKeyPass);
  sslInfo.setTrustKeystore(trustKeystore);
  sslInfo.setTrustKeystorePassword(trustKeystorePasswd);
  ((BindingProvider) cleCadastro).getRequestContext().put(JAXWSProperties.CLIENT_PERSISTENT_SSL_INFO, sslInfo);
  ((BindingProvider) cleCadastro).getRequestContext().put(JAXWSProperties.SSL_SOCKET_FACTORY, SSLClientUtil.getSSLSocketFactory(sslInfo));
  ((BindingProvider) cleCadastro).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https:/xxxx/ws");
  String retorno = cleCadastro.cleCadastroLote("xml", "xml");
  }catch(Exception ex){
  ex.printStackTrace();
  }

  Hi,
  I tried to use the option "-DUseSunHttpHandler=true" and enabled "JSSE SSL", but it did not work, now showing the exception "General SSLEngine problem".
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:218)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:204)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:124)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:121)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at $Proxy308.cleCadastroLote(Unknown Source)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:115)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:153)>
  <05/09/2012 15h36min55s GMT-03:00> <Notice> <StdErr> <BEA-000000> <at com.sun.xml.ws.client.Stub.process(Stub.java:272)>

• Strange behaviour when using connection pooling with proxy authentication

  All
  I have developed an ASP.NET 1.1 Web application that uses ODP.NET 9.2.0.4 accessing Oracle Database 8i (which is to be upgraded to 10g in the coming months). I have enabled connection pooling and implemented proxy authentication.
  I am observing a strange behaviour in the live environment. If two users (User 1 and User 2) are executing SQL statements at the same time (concurrent threads in IIS), the following is occurring:
  * User 1 opens a new connection, executes a SELECT statement, and closes this connection. The audit log, which uses the USER function, shows User 1 executed this statement.
  * User 2 opens the same connection (before it is released to the connection pool?), excutes an INSERT statement, and closes this connection. The audit log shows User 1, not User 2, executed this statement.
  Is this a known issue when using connection pooling with proxy authentication? I appreciate your help.
  Regards,
  Chris

  Hi Chris,
  I tried to reproduce your complaint, but was unable to. I didnt use auditting however, just a series of "select user from dual" with proxy authentication. You might want to see if you can put together a small complete testcase for this and open a sr with support.
  Cheers
  Greg

• SRT Framework exception: The WSDL document is not compatible with proxy

  hello,
  I'd like to create a logical port to my web service but when I create this type of error:
  SRT Framework exception: The WSDL document is not compatible with proxy class "YAIRPORT_CO_AIRPORT_SOAP": "Unsupported Operation (s): getAirportInformationByISOCountryCode, getAirportInformationByAirportCode, getAirportInforma
  someone has an idea?
  thank you

  Hi,
  Most probably your class YAIRPORT_CO_AIRPORT_SOAP was't automatically generated by SAP from the .wsdl file. If so, then you have to generate it from this file and then create the logical port. For this purpose, go to se80, display the function group there you want to add the class, right-click it and choose Create -> Web Service. Then on the following screens choose Service Consumer, Local File and specify the .wsdl file for the web service you want to use. Finally specify a Package, Prefix and Transport Request, activate the changes and you're done. Now you can create the Logical Port.
  Hope this helps,
  Greg

• Copy process Chain with Meta chain

  Hi experts,
  how to copy the process chain with Meta chain, since the process chain which I planing to copy it hold meta chain and also local chain, I coping for change the technical name for the PC, is it possible to copy meta chain and local chain along with PC?
  and plz breif me about meta chain and local chain why we have to use them and where we have to use them?
  plz explain with scenario.
  Thanks,

  Hi,
  Once after the copy of the chains you need to change the start variant with the new one as the same start process can not be used in two process chains at the same time.
  So Once after changing the start process for your MC and LC then you are good to go ahead to trigger the same.
  If you trigger the MC then it will take care of trigerring the LC automatically.
  In terms of changes in the process chain, you can get the last changed details in the log view but you can track the timestamp of changes from the process chain tables like (RSPC* and then press F4). But you can not track which process has been changed in this.
  Thanks
  Murali

• Is Anyone Else Having Problems With Key Chains After Installation?

  My installation went ok but I'm having all kinds of problems with Key Chains now that I didn't before. In addition to them being corrupted, it won't let me save corrected names and passwords even when it asks for them.

  Is there a fix if you don't have your Key Chains folder from before the 10.6 installation? I keep having to re-type my MobileMe and student Gmail passwords in Mail, and if I check remember password in Key Chain, I keep having to re-type the password until I uncheck the box, but then that means I have re-type the password every time I send an email or put the computer to sleep.
  Also, Keychain Access's First Aid shows that there are no problems whatsoever. When I click on MobileMe in my System Preferences I get 8 or so consecutive errors stating "Keychain Error. There was a problem saving to your keychain. Try again or use Keychain Access to verify your keychain." When I look at my login within Keychain Access, it says my MobileMe keychain is restricted (even after entering my administrator password).

• JDBC Dynamic Credential with proxy users

  Hi
  We've developed an application with Business Components and it's been working very well. We're using JDBC Dynamic Credential like explain the document (How to Support JDBC Dynamic Credentials - http://www.oracle.com/technology/products/jdev/howtos/10g/dynamicjdbchowto.html). Now we want to use proxy users with JDBC Dynamic Credentials. How can we
  user proxy users with JDBC Credentials? What classes or parameters we need to change?
  I've been tested proxy users a lot, but in simple java classes, I don't know where to set some parameters in business components, for example, where can I set the following parameters?:
  OracleOCIConnectionPool.PROXY_USER_NAME
  OracleOCIConnectionPool.PROXYTYPE_USER_NAME
  Thanks in advance
  Liceth

  Hi Frank, thanks again
  Now we are using JDBC Credentials(like explain the paper http://www.oracle.com/technology/products/jdev/howtos/10g/dynamicjdbchowto.html), every user connects to the application with a diferent database user and password, then at database level the administrator can see diferents usernames (not the same user). Every application user correspond to a database user, relation one to one. The application works fine with that configuration. But, now for performance we want to change our application to use proxy users, I read that with proxy users redirectec to a single user, then the pooling connections are well reused, and at database level you have diferent usernames. Our principal goal is use pooling (for performance) and see diferent usernames at database level, this for facilitate administration tasks and auditory .
  We want that the application user autenticate with proxy users (username and password) but we have some problems because we don't know where specify that we're using proxy users. (The parameters OracleOCIConnectionPool.PROXY_USER_NAME
  OracleOCIConnectionPool.PROXYTYPE_USER_NAME).
  We want open our connections with the following code:
  OracleOCIConnectionPool ods = new OracleOCIConnectionPool();
  ods.setURL("jdbc:oracle:oci:@"+tnsAlias);
  ods.setUser("user_application");
  ods.setPassword("oracle");
  java.util.Properties prop = new java.util.Properties();
  prop.setProperty(OracleOCIConnectionPool.CONNPOOL_MIN_LIMIT,"3");
  prop.setProperty(OracleOCIConnectionPool.CONNPOOL_MAX_LIMIT,"20");
  prop.setProperty(OracleOCIConnectionPool.CONNPOOL_INCREMENT,"1");
  ods.setPoolConfig(prop);
  java.util.Properties userNameProp = new java.util.Properties();
  userNameProp.setProperty(OracleOCIConnectionPool.PROXY_USER_NAME,"Mark/123");
  Connection conn = ods.getProxyConnection(OracleOCIConnectionPool.PROXYTYPE_USER_NAME,userNameProp);
  with other user
  userNameProp.setProperty(OracleOCIConnectionPool.PROXY_USER_NAME,"Marty/123d");
  Connection conn = ods.getProxyConnection(OracleOCIConnectionPool.PROXYTYPE_USER_NAME,userNameProp);
  Thanks in advance
  Liceth

• How tune flash player 9 for use with proxy

  I use me browser with proxy. But flash player, when i show
  yourtube etc, use direct connection and not use proxy server. How
  tune flash player (last fersion, 9) for use with proxy. I want what
  all traffic go over proxy

  Will alienate? They've already alienated users a long time
  ago. That isn't the point, though, because it doesn't matter if
  users are alienated, it only matters if the users need flash.
  The only thing that could make flash player better is open
  source. I don't see why they don't do it. They make money on the
  authoring tool, not the player. All of my Linux machines are ppc
  and x86_64, no flash there. I also don't have flash on my PDA, a
  Palm T|X. If the player was open sourced, people would stop
  complaining about how much flash sucks -- because, right now, there
  are very serious, legitimate, complaints against it.
  Anyway, for now I'm hoping that SVG matures quickly.
  Although, I"m sure that once Adobe sees that train coming, they
  will extend Flash (dev.) to export SVG movies containing embedded
  binary data that can only play with their binary plugin.