When proxy servers interfere with your Applets, sometimes changing DNS names to IP names in the URLs or CODEBASE parms helps, e.g. codebase="http://mindprod.com/" to codebase="http://65.110.21.43/". Why does something so off-the-wall work? It helps the security manager determine that you truly are talking only to the host you were loaded from. The security manager has access only to the proxy’s brain-damaged or non-existent DNS services.

There are two Java system properties http.proxyHost=proxyhost http.proxyHost=proxyhost and http.proxyPort=portNumber you can set in the standard way with the java.exe -D command line switch. They had different names without the http. in JDK 1.2-.

You often have the option of using a proxy server or bypassing it. For example, in your browser, you can configure the IP or DNS name of your proxy server and then your browser will talk only to it. If you erase that entry, then it will talk directly to the websites you browse. You may also configure a default proxy server in the operating system that all apps are requested to use. They may or may not take its advice.

Before you do your GET or POST, you can use code like this to set the System properties that cause HttpURLConnection to do the right thing for proxies.

System.setProperty( "proxySet", "true" );
System.setProperty( "http.proxyHost", proxyHostName );
System.setProperty( "http.proxyPort", Integer.toString( proxyHostPort ) );

Proxy Design Pattern

• To provide seemingly local access to a remote objects. RMI uses local proxy stub objects to access remote objects.
• To procrastinate creating expensive objects until they are needed.
• To provide restricted access to the original object.
• To implement a smart reference when you need something a little more elaborate than a bare pointer, e.g. lookup in a Hashtable, loading a persistent object into RAM or locking,
• To provide copy-on-write to reduce the overhead of logical cloning.
• To hide proprietary code from your clients. You only let them see the proxy object code.

1. Implemented with tiny wrapper methods (sometimes mechanically generated) that call the original method. This is how RMI works. The advantage of this approach is small proxy objects. The disadvantage is the hassle of generating and maintaining the proxy wrapper methods and making sure they stay in sync with the original objects.
2. Implemented with smart accessors that first find the correct object before doing any useful work. This is how the Objectstore POD works. Methods in the original class must first call a finder method to set an aRealObject reference, then do all their work via that handle. The base class dummy finder method is aRealObject = this; to make methods work on the base object. Nearly all the code goes in the base class. You need to write only an overriding finder method for each proxy type. The advantage of this method is ease of maintenance. You don’t have to write wrappers and ensure every method that needs one is wrapped with the precisely correct signature. The disadvantage is even direct use of the original object pays a small overhead of using a dummy finder method.

Proxy Authentication

JDK 1.4.2 introduced support for the NTLM authentication protocol on Windows platforms, which is a proprietary Microsoft authentication scheme (often used in corporate settings for Windows domain-based authentication with IIS, and proxy authentication with ISA proxy servers). You typically need to additionally set the http.auth.ntlm.domain property to specify the domain in which the account resides.

The jCIFS library provides this functionality to Unix clients as well; it also has an NTLM filter which allows your servlets to authenticate using NTLM (acting as the server side of NTLM). NTLM authentication is used throughout Windows network implementations, including connections to shared drives (which the jCIFS library also provides).