My Oracle Support Banner

WLS 7.0 SP2 - WebLogic is not directing connection through proxy server on new InitialContext using https tunneling (Doc ID 773442.1)

Last updated on MAY 19, 2021

Applies to:

Oracle WebLogic Server - Version 7.0 to 7.0
Information in this document applies to any platform.

Goal

The sequence of events is as follows:

  1. Browser makes a request for https://iPlanetHostName/HelloWorldSSL.html
  2. This request is passed to the BlueCoat proxy server, which resolves the iPlanetHostName to the Bastion Host (firewall) and passes the request on.
  3. The bastion host passes the request through an IP plug proxy from the intranet to the (QA) DMZ Web Server.
  4. The request arrives at the DMZ iPlanet instance, and is passed to the WebLogic instance hosting the application.
  5. A response is sent to the browser containing an applet.
  6. The applet starts, and begins downloading its classes. This process successfully negotiates all of the infrastructure/plumbing, and a substantial number of classes can be seen to be downloaded. This works, because javaplugin.proxy.settings (and associated values) are being set correctly because the plugin is correctly determining the proxy characteristics from the browser (as described at http://java.sun.com/products/plugin/1.3/docs/proxies.html).
  7. When the applet enters its init method an attempt is made to set an initial context for an RMI connection. It appears at this stage that the WebLogic RMI client attempts to make a direct connection to the application server rather than via the proxies. The result is an UnkownHostException because iPlanetHostName doesn't appear in internal DNS.
  8. Even if the weblogic.jndi.RJVMFinder was able to resolve the host name correctly, it would still fail to make the right connection, as it wouldn't pass the request through the proxy etc. so that it could make it to the intended destination.

Although it may not be possible to set System properties programmatically from an applet without tripping over security issues, it is possible to do this from the Plug-in Control Panel (e.g., javaplugin.jre.params = -Dhttp.proxyHost=<PROXY_HOSTNAME> -Dhttp.proxyPort=<PROXY_PORT> -Dhttps.proxyHost=<PROXY_HOSTNAME> -Dhttps.proxyPort=<PROXY_PORT> -Djava.protocol.handler.pkgs=com.certicom.net.ssl). As can be seen from the attached plugin.txt file this does correctly set the http(s).proxyHost and associated parameters.

The issue appears to be then that the weblogic.rjvm.RJVMFinder class does not respect the proxy settings (for the plugin, or the system as a whole) when making a connection.

CONFIGURATION:
Solaris 8
WLS 7.0 SP2
JDK1.3.1_07
Java Plugin 1.3.1_07

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.