Chapter 10 Deploying Applications Around Proxies and Firewalls

Using Web proxies

Web proxies typically act as a gateway for outgoing connections from a group of workstations. Web proxies can be used to enhance network security, for example, a proxy may constrain which servers clients can connect to and which protocols may be used, and log outgoing connections. Web proxies may also be used to improve network performance, by caching the results of frequently executed Web requests. Web proxies are also referred to as HTTP-connect-based proxies. Figure 10-1 illustrates how clients connect to servers through a Web proxy:

Figure 10-1: Connecting through a Web proxy

Clients connect to EAServer through a Web proxy as follows:

  1. Using the HTTP protocol, the client connects to the Web proxy, embedding the destination server address inside a specially formatted HTTP connect request.
  2. The Web proxy connects over the Internet to the host and port indicated in the initial HTTP connect request.
  3. Subsequent traffic is forwarded unchanged between the client and server until the connection is closed.

Java applets can use the built-in proxy configuration provided by Web browsers such as Netscape Navigator. See your Web browser's documentation for information on configuring proxy addresses. For applets running in a Web browser, HTTP and HTTPS-tunnelled IIOP connections automatically use the browser's proxy connection settings. HTTP-tunnelled IIOP connections go through the browser's configured HTTP proxy. HTTPS-tunnelled IIOP connections go through the browser's configured secure proxy.

Java applications must specify the Web proxy address by setting the com.sybase.CORBA.WebProxyPort and com.sybase.CORBA.WebProxyHost properties described below.

Properties that affect Web proxy use

Table 10-1 describes the Java client properties that apply to Java applets or applications that connect through a Web proxy. You must set these properties in addition to any properties that you would set to connect directly to EAServer.

Table 10-1: Properties that affect Web proxy use
CORBA property EJB property Specifies
com.sybase.CORBA.
WebProxyHost 		com.sybase.ejb.
WebProxyHost 		Specifies the host name or IP address of the Web proxy server. Applies to Java applications only. Java applets running in a Web browser use the proxy address specified by the browser's proxy configuration. In Java applications, there is no default for this property, and you must specify both the host name and port number properties.
com.sybase.CORBA.
WebProxyPort 		com.sybase.ejb.
WebProxyPort 		Specifies the port number at which the Web proxy server accepts connections. Applies to Java applications only. Java applets running in a Web browser use the proxy address specified by the browser's proxy configuration. In Java applications, there is no default for this property, and you must specify both the host name and port properties.
com.sybase.CORBA.
http 		com.sybase.ejb.
http 		By default, the client ORB attempts to open IIOP connections, then attempts an HTTP-tunnelled connection if plain IIOP fails. Since Web proxy connections require HTTP tunnelling, set this to true to eliminate the performance overhead of trying plain IIOP connections before trying HTTP-tunnelled IIOP.
com.sybase.CORBA.
HttpExtraHeader 		com.sybase.ejb.
HttpExtraHeader 		An optional setting to specify what extra information is appended to the header of each HTTP packet sent to the Web proxy server. There is no need to set this property unless your HTTP proxy server has special protocol requirements. By default, the following line is appended to each packet: 
User-agent: Jaguar/major.minor
where major and minor are the major and minor version numbers of your EAServer client software, respectively.

You can set this property to specify text to be included at the end of each HTTP header. If multiple lines are included in the setting, they must be separated by carriage return and line feed characters. If the setting does not include a "User-agent: " line, then the default setting above is included in the HTTP header.
com.sybase.CORBA.
useJSSE 		com.sybase.ejb.
useJSSE 		Use the Java Secure Sockets Extension (JSSE) classes for secure HTTP tunnelled (HTTPS protocol) connections. JSSE provides an alternative to the built-in SSL implementations when secure connections are needed from an applet running in a Web browser. Additional configuration may be required to use this option. See "Using Java Secure Socket Extension classes" for more information.

 

Copyright © 2002 Sybase, Inc. All rights reserved.