Configuring proxies
Sometimes, AuthStates want to send messages to servers located in a different network, but a proxy server blocks the communication attempts. For example, the AuthState wants to send a message to the public internet, but is blocked by the common corporate proxy server. Certain AuthStates have properties that enable them to use the proxy configuration. Others AuthState do not have these possibilities. This chapter describes some workarounds for those cases where proxy configuration is not available out of the box.
Proxy authentication
If the proxy server requires basic authentication, the Java environment must be modified at runtime. To make this possible, the authentication flow must include an AuthState that sets the proxy settings for the Java process. Proceed as follows:
Create a Groovy based ScriptState with the following script content:
final String authUser = "user1"
final String authPassword = "password1"
Authenticator.setDefault(
new Authenticator() {
@Override
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(authUser, authPassword.toCharArray())
}
}
)In the authentication flow, configure this ScriptState AuthState just before your original AuthState (the one prompted by the proxy for authentication). Note that all subsequent AuthStates will use this proxy configuration. Also, setting a Java process proxy is still required. For this, see the following section Java process proxies.
Restart nevisAuth.
For more information about the ScriptState, see ScriptState.
Java process proxies
It is possible to set different proxies for the Java process. For more details, see Java Networking and Proxies. The following sections highlight only the most important configurations, which on their own cannot make it possible to use a proxy that requires authentication. To configure this, see the section Proxy authentication above.
HTTP proxy
It is possible to make nevisAuth use an HTTP proxy, by modifying the underlying Java process. Perform the next steps:
- Edit the env.config file, by adding one of the following Java options (see the code snippets below).
- Restart nevisAuth.
-Dhttp.proxyHost=exampleproxy.com -Dhttp.proxyPort=8080
-Dhttps.proxyHost=exampleproxy.com -Dhttps.proxyPort=8080
SOCKS proxy
If the AuthState uses a protocol other than HTTP to establish a connection with a remote server, consider using a SOCKS proxy configuration (if a proxy is needed at all). In general, if a connection is not responsive to HTTP proxies, it probably is to SOCKS proxies. SMTP and UDP are examples of common protocols that cannot work with HTTP proxies, but do work with SOCKS proxies. Proceed as follows to use a SOCKS proxy.
Edit the env.config file by adding the following Java option:
-DsocksProxyHost=socks.example.com -DsocksProxyPort=1080
Note that this sets the proxy for all TCP- and UDP-based connections (including the HTTP ones). So before implementing this option in production, make sure that is does not ruin other connections of nevisAuth.
Do not forget to restart nevisAuth afterwards.