how do i add SOCKS support to my application? and where can i get the libs?
From http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html
The SOCKS protocol, as defined in RFC 1928, provides a framework for client server applications to safely traverse a firewall both at the TCP and UDP level. In that sense it is a lot more generic than higher level proxies (like HTTP or FTP specific proxies). J2SE 5.0 provides SOCKS support for client TCP sockets.
There are 2 system properties related to SOCKS:
socksProxyHost for the host name of the SOCKS proxy server
socksProxyPort for the port number, the default value being 1080
Note that there is no dot ('.') after the prefix this time. This is for historical reasons and to ensure backward compatibility. Once a SOCKS proxy is specified in this manner, all TCP connections will be attempted through the proxy.
Example:
$ java -DsocksProxyHost=socks.mydomain.com GetURL
Here, during the execution of the code, every outgoing TCP socket will go through the SOCKS proxy server at socks.mydomain.com:1080.
Now, what happens when both a SOCKS proxy and a HTTP proxy are defined? Well the rule is that settings for higher level protocols, like HTTP or FTP, take precedence over SOCKS settings. So, in that particular case, when establishing a HTTP connection, the SOCKS proxy settings will be ignored and the HTTP proxy will be contacted. Let's look at an example:
$ java -Dhttp.proxyHost=webcache.mydomain.com -Dhttp.proxyPort=8080 -DsocksProxyHost=socks.mydomain.com GetURL
Here, an http URL will go through webcache.mydomain.com:8080 because the http settings take precedence. But what about an ftp URL? Since no specific proxy settings were assigned for FTP, and since FTP is on top of TCP, then FTP connections will be attempted through the SOCKS proxy server at socks.mydomsain.com:1080. If an FTP proxy had been specified, then that proxy would have been used instead.
Since jkd 1.5, you can also configure proxies by Socket programmatically :
For instance :
SocketAddress sa = InetSocketAddress.createUnresolved("mysocksproxy.com", 1080);
Proxy proxy = new Proxy(Proxy.Type.SOCKS, sa);
Socket s = new Socket(proxy);
You might also want to put this code in a SocketFactory.
Related
I am working with Camunda's ExternalTaskClient Java client. I am able to subscribe to a topic successfully, but this uses a random port on the host machine to communicate with Camunda.
How can I tell the ExternalTaskClient to use a custom outgoing port? Here is my client so far:
ExternalTaskClient client = ExternalTaskClient.create().baseUrl("http://1.2.3.4:8080/engine-rest").build();
client.subscribe("my-topic").handler(new MyHandler()).open();
Thanks!
If it really is necessary to specify a specific source (client) port then these are the steps:
Implement a custom socket factory that implements ConnectionSocketFactory and returns a socket with your preferred local port - Camunda uses Apache HttpClient internally
Register that factory with a scheme through the connection manager and schema registry - httpClient.getConnectionManager().getSchemeRegistry().register(new Scheme(<scheme>, <outgoing port>, <your factory>));
Hope that Camunda uses the HttpClient library as intended and no unpleasant side-effects pop up
In addition to the above you also need to think about handling an SSL context (in the custom factory) if the connection needs to be HTTPS. Also remember that using any port below 1024 means the user running the client needs special permissions.
Why is it a random port? Under the hood the ExternalTaskClient uses the REST-API. The baseURL you are providing in its configuration is the URL of the engine REST-API. It runs on one specific port. In your case on the default port 8080. You can change the server.port if you want the API to run on a different port.
I use JavaMail to receive mails and JavaMail is only support Socks5. Receiving mail is just a feature that will be integrated into a big system. If I use socks5 proxy for JavaMail, I do not want other functions to use socks. Is there a way to limit the socks proxy only on POP3/IMAP protocol or let others can bypass the socks5 proxy?
Set (e.g.) the mail.imap.socks.host property.
I'm experiencing a strange problem that I'm not able to figure out. The proxy when used in my Java code to make non-SSL requests always gives error informing me that I cannot send SSL requests to the specified port (whereas I'm not even trying to send any SSL request), however the same proxy when configured in my Firefox browser works like a charm and I can browse all web sites normally. Note that using the same Java code, I can send requests to 443 port alone. But that's because the proxy detects that the requests are SSL, and that's why it only allows them to pass through 443 port.
I don't have the option to use -Dhttp.proxyHost and -Dhttps.proxyHost options with me because they simply won't work on the Socket objects, I would need a Socks proxy which I don't have access to. So I opted to go with commons-httpclient-3.1.jar, and used ProxyClient object to obtain the socket.
This is the code I'm using to obtain a socket:
// Proxy Client
ProxyClient client = new ProxyClient();
client.getHostConfiguration().setHost("google.com", 80);
client.getHostConfiguration().setProxy("corporate-proxy", 80);
ConnectResponse response = client.connect();
Socket socket = response.getSocket();
if (socket == null) {
System.err.println(response.getConnectMethod().getStatusLine());
}
and this is the exact error message that is printed by my System.err.println() statement:
HTTP/1.1 502 Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. )
Please don't suggest me to use URLConnection because I don't need the proxy for HTTP requests alone.
I have also tried to explicitly specify the protocol to be http without any luck:
client.getHostConfiguration().setHost("google.com", 80, Protocol.getProtocol("http"));
Any suggestions on how to configure this ProxyClient object, so that the proxy server doesn't see requests to be coming as SSL requests?
Thanks.
UPDATE
I seem to have figured out the reason why the ISA server thought I'm using SSL. Actually the statement client.connect(); creates a socket that is connected, via the HTTP CONNECT method, to a proxy. The Java doc says that, even though HTTP CONNECT proxying is generally used for HTTPS tunneling, the returned socket will not have been wrapped in an SSL socket.
But for ISA, it would still think about this kind of HTTP request as an SSL request. And when it sees that this SSL request is not on 443, instead it is on some other port, it straight away rejects it.
So now the problem instead is that how do I make the client.connect() call to send an HTTP GET or HTTP HEAD instead of HTTP CONNECT..
Sorry, but I think this is a limitation os ISA Server and not a problem of ProxyClient. See the article here to configure ISA Server to allow to connect to other port, beside 443. I think ISA Server donĀ“t recognize you request because it isnt in a HTTP 1.x request.
Assuming you're using the Apache HttpClient, your code is different from a similar sample on the Apache web site. It makes use of some other techniques to make the request, perhaps that's where the difference is. See the samples here, and particularly this one.
It may be that I'm not understanding the UDP protocol...
I'm trying to receive data from a server using the UDP protocol, but I'm sitting behind a firewall. The URLConnection constructor can take an instance of Proxy (as well as a way to set up user name and password of such a proxy server).
How do I connect through a proxy server using the UDP protocol (DatagramSocket)?
Best regards,
TX
Most Proxy servers support the HTTP protocol which is TCP based, so you don't have to do anything with the proxy server to do this.
To pass UDP over a proxy server, you need a proxy which supports UDP. I don't know of any proxy server which supports this so you may have to write one yourself. It is worth noting that UDP is a connectionless protocol which means you have have to authenticate every packet.
SOCKS5, which is an extension of SOCKS4, includes support for UDP in addition to authentication. One implementation of a SOCKS5 Server written in Java is JSOCKS. You can check this project out at http://jsocks.sourceforge.net/.
Refer to RFC 1928 (https://www.rfc-editor.org/rfc/rfc1928) for more information on SOCKS5.
I want to set up an FTP connection using a proxy server with Apache's commons-net.
But looking at this Does FTPClient support FTP connections through an FTP proxy server? has me worried.
I have to meddle with the system properties and the Sun docs state that "If socksProxyHost is specified then all TCP sockets will use the SOCKS proxy server to establish a connection or accept one."
WTH? All TCP sockets? What about my database connections? Or other FTP connections i might want to open at the same time not using a proxy? Will they all be affected?
Is there some other way to do it that doesn't mess with the rest of my application?
You have several ways of using proxies in Java, especially from version 1.5.
Using System Properties: quick & powerfull but limited flexibility
You can use use a SOCKS proxy for all TCP connections.
You can also set a proxy per protocol, doable for HTTP, FTP and HTTPS
For both methods, you can specify a list of hosts that will not use proxy
Using the java.net.Proxy class (Java 1.5+) to set (or not) a Proxy per Connection
Impleting a java.net.ProxySelector (idem) which will determine a Proxy for each Connection according to your criteria
See the detailled Sun technote on networking & proxies.