synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijayaratha Vijayasingam (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SYNAPSE-858) Synapse doesn't forward requests via proxyserver for a 'https' endpoint
Date Mon, 19 Mar 2012 15:18:38 GMT

     [ https://issues.apache.org/jira/browse/SYNAPSE-858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Vijayaratha Vijayasingam updated SYNAPSE-858:
---------------------------------------------

    Attachment: nhttpSSLProxy.patch

Attaching the patch based on above comment..Please double check and commit
                
> Synapse doesn't forward requests via proxyserver for a 'https' endpoint
> -----------------------------------------------------------------------
>
>                 Key: SYNAPSE-858
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-858
>             Project: Synapse
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: NIGHTLY
>            Reporter: Vijayaratha Vijayasingam
>            Priority: Critical
>             Fix For: FUTURE
>
>         Attachments: nhttpSSLProxy.patch
>
>
> Synapse doesn't work when we configure 'http' proxy to talk to 'https' endpoint via a
proxyserver.
> At axis2.xml transport sender configuration,when we add following two parameters[1],
which are not picked by backend
> [1] <parameter locked="false" name="http.proxyHost">10.100.1.162</parameter>
> <parameter locked="false" name="http.proxyPort">443</parameter>         
  //https port number
>  <parameter name="HostnameVerifier">AllowAll</parameter>
> This is because, @  HttpCoreNIOSender class,  the condition is like,
> if (sslContext == null) {
>  proxyHost =
>  proxyPort =
> }
> if we remove (sslContext==null) condition then both scenarios(http/https sender) work
fine..(But not sure how this will affect the system's security)
> Configurations
> --------------------
> Proxy;
>  <proxy name="TestProxy" transports="http" startOnLoad="true" trace="disable">
>         <target>
>             <inSequence>
>                 <send>
>                     <endpoint>
>                         <address uri="https://localhost:9444/services/SimpleStockQuoteService"/>
>                     </endpoint>
>                 </send>
>             </inSequence>
>             <outSequence>
>                 <send/>
>             </outSequence>
>         </target>
>     </proxy>
> TransportSender
> -----------------------
>  <transportSender name="http" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSender">
>         <parameter name="non-blocking" locked="false">true</parameter>
>             <parameter locked="false" name="http.proxyHost">10.100.1.162</parameter>
>     <parameter locked="false" name="http.proxyPort">80</parameter>
>     </transportSender>
>     <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
>         <parameter name="non-blocking" locked="false">true</parameter>
>         <parameter name="keystore" locked="false">
>             <KeyStore>
>                 <Location>repository/resources/security/wso2carbon.jks</Location>
>                 <Type>JKS</Type>
>                 <Password>wso2carbon</Password>
>                 <KeyPassword>wso2carbon</KeyPassword>
>             </KeyStore>
>         </parameter>
>         <parameter name="truststore" locked="false">
>             <TrustStore>
>                 <Location>repository/resources/security/client-truststore.jks</Location>
>                 <Type>JKS</Type>
>                 <Password>wso2carbon</Password>
>             </TrustStore>
>         </parameter>
>     <parameter locked="false" name="http.proxyHost">10.100.1.162</parameter>
>     <parameter locked="false" name="http.proxyPort">443</parameter>
>     <parameter name="HostnameVerifier">AllowAll</parameter>
>      </transportSender>
> f we remove (sslContext==null) condition then both scenarios(http/https sender) work
fine..But I'm not sure how this will affect other scenarios..

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@synapse.apache.org
For additional commands, e-mail: dev-help@synapse.apache.org


Mime
View raw message