proxy : Java Glossary

When proxy servers interfere with your Applets, sometimes changing DNS (Domain Name Service) names to IP names in the URLs (Uniform Resource Locators) or CODEBASE parms helps, e.g. codebase=http://mindprod.com/ to codebase="http:// 65.110.21.43 /". Why does something so off-the-wall work? It helps the security manager determine that you truly are talking only to the host you were loaded from. The security manager has access only to the proxy’s brain-damaged or non-existent DNS services.

There are two Java system properties http.proxyHost=proxyhost http.proxyHost=proxyhost and http.proxyPort=portNumber you can set in the standard way with the java.exe -D command line switch. They had different names without the http. in Java version 1.2 -.

You often have the option of using a proxy server or bypassing it. For example, in your browser, you can configure the IP or DNS name of your proxy server and then your browser will talk only to it. If you erase that entry, then it will talk directly to the websites you browse. You may also configure a default proxy server in the operating system that all apps are requested to use. They may or may not take its advice.

Before you do your GET or POST, you can use code like this to set the System properties that cause HttpURLConnection to do the right thing for proxies.

System.setProperty( "proxySet", "true" );
System.setProperty( "http.proxyHost", proxyHostName );
System.setProperty( "http.proxyPort", Integer.toString( proxyHostPort ) );

The Proxy Blues

A proxy is supposed to speed up Internet access by caching, however, it is one extra layer of bureaucracy, so it can slow things down. I have noticed Google Chrome spending inordinate amounts of time resolving proxy even when it is fetching a file off hard disk!! nothing to do with the web at all! Google docs suggest clicking Control Panel ⇒ Internet Options ⇒ Network & Internet ⇒ Internet Properties ⇒Connections ⇒ LAN (Local Area Network) settings ⇒and unticking use automatic settings. This turns the proxy off both for local files and web access.

You would have thought a proxy would do its work transparently, without the end computers knowing it is there, but it not that simple. There are four types of most widely used protocols for a proxy: SOCKS4, SOCKS5, HTTP (Hypertext Transfer Protocol), HTTPS (Hypertext Transfer Protocol over SSL (Secure Socket Layer)). The advantage of doing this this way is the end computers voluntarily use the proxy. They have the option to try to bypass it.

My machine is using a Google Proxy server. How did this happen? What is the mechanism by which my computer decides which proxy to use? Why Google. My IAP (Internet Access Provider) is Shaw. I am using a Firefox browser.

Proxy Design Pattern

• To provide seemingly local access to a remote objects. RMI (Remote Method Invocation) uses local proxy stub objects to access remote objects.
• To procrastinate creating expensive objects until they are needed.
• To provide restricted access to the original object.
• To implement a smart reference when you need something a little more elaborate than a bare pointer, e.g. lookup in a Hashtable, loading a persistent object into RAM (Random Access Memory) or locking,
• To provide copy-on-write to reduce the overhead of logical cloning.
• To hide proprietary code from your clients. You only let them see the proxy object code.

1. Implemented with tiny wrapper methods (sometimes mechanically generated) that call the original method. This is how RMI works. The advantage of this approach is small proxy objects. The disadvantage is the hassle of generating and maintaining the proxy wrapper methods and making sure they stay in sync with the original objects.
2. Implemented with smart accessors that first find the correct object before doing any useful work. This is how the Objectstore POD works. Methods in the original class must first call a finder method to set an aRealObject reference, then do all their work via that handle. The base class dummy finder method is aRealObject = this; to make methods work on the base object. Nearly all the code goes in the base class. You need to write only an overriding finder method for each proxy type. The advantage of this method is ease of maintenance. You don’t have to write wrappers and ensure every method that needs one is wrapped with the precisely correct signature. The disadvantage is even direct use of the original object pays a small overhead of using a dummy finder method.

Proxy Authentication

JDK (Java Development Kit) 1.4.2 introduced support for the NTLM (New Technology LAN Manager protocol) authentication protocol on Windows platforms, which is a proprietary Microsoft authentication scheme (often used in corporate settings for Windows domain-based authentication with IIS (Internet Information Server) and proxy authentication with ISA (Industry Standard Architecture) proxy servers). You typically need to additionally set the http.auth.ntlm.domain property to specify the domain in which the account resides.

Learning More

The jCIFS library provides this functionality to Unix clients as well; it also has an NTLM filter which allows your servlets to authenticate using NTLM (acting as the server side of NTLM). NTLM authentication is used throughout Windows network implementations, including connections to shared drives (which the jCIFS library also provides).