Jump to: navigation, search

Difference between revisions of "ECF Filetransfer Support for NTLMv2 Proxies"

 
(5 intermediate revisions by 3 users not shown)
Line 6: Line 6:
  
 
#Disable the ECF httpclient provider.
 
#Disable the ECF httpclient provider.
#Provide the NTLMv2 proxy authentication info (domain, username, and password)  
+
#Provide the NTLMv2 proxy authentication info (proxyhost, domain, username, and password)  
  
In ECF 3.0 both 1 and two can be done via system properties provided to Eclipse on startup.  Here is an example using 'myproxy', 'mydomain', 'myusername', and 'mypassword':
+
In ECF 3.0/Galileo both can be done via system properties provided to Eclipse on startup.  Here is an example using 'myproxy', 'mydomain', 'myusername', and 'mypassword':
  
 
<pre>
 
<pre>
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient\
+
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient
 
-Dhttp.proxyPort=8080
 
-Dhttp.proxyPort=8080
 
-Dhttp.proxyHost=myproxy
 
-Dhttp.proxyHost=myproxy
Line 22: Line 22:
  
 
In the future, it is likely that with other providers (e.g. the [https://bugs.eclipse.org/bugs/show_bug.cgi?id=251740  Apache httpcore client...i.e. bug 251740 ] or [http://docs.codehaus.org/display/JETTY/Jetty+HTTP+Client Jetty's asynch filetransfer implementation] we will be able to [https://bugs.eclipse.org/bugs/show_bug.cgi?id=252002  support NTLMv2 proxies...i.e. bug 252002] more directly.  Further, in future versions the Eclipse platform [https://bugs.eclipse.org/bugs/show_bug.cgi?id=269832 proxy API should support NTLMv2 as well...i.e. bug 269832].
 
In the future, it is likely that with other providers (e.g. the [https://bugs.eclipse.org/bugs/show_bug.cgi?id=251740  Apache httpcore client...i.e. bug 251740 ] or [http://docs.codehaus.org/display/JETTY/Jetty+HTTP+Client Jetty's asynch filetransfer implementation] we will be able to [https://bugs.eclipse.org/bugs/show_bug.cgi?id=252002  support NTLMv2 proxies...i.e. bug 252002] more directly.  Further, in future versions the Eclipse platform [https://bugs.eclipse.org/bugs/show_bug.cgi?id=269832 proxy API should support NTLMv2 as well...i.e. bug 269832].
 +
 +
Actually, it is unlikely that the Apache HTTP Client or [http://hc.apache.org/httpcomponents-client/ntlm.html HTTP Components] will ever support NTLMv2.  They have never supported it even though the [http://davenport.sourceforge.net/ntlm.html technical information] has been available for years.  They are currently concerned with the legal issues.
 +
 +
{{ECF}}
 +
[[Category:Eclipse Communication Framework]]
 +
[[Category:EclipseRT]]
 +
[[Category:Draft Documentation]]
 +
[[Category:Equinox p2]]

Latest revision as of 14:21, 8 April 2010

Like other parts of ECF, the filetransfer API has a provider architecture, allowing multiple implementations to be used for filetransfer (i.e. via http, ftp, and others). In ECF 3.0/Eclipse 3.5 the primary provider is based upon Apache httpclient 3.1. This was introduced in the ECF 3.0/Eclipse 3.5 cycle because the previous provider that was based upon the JRE URLConnection implementation proved insufficiently reliable (i.e. see bug 166179).

Unfortunately, the Apache httpclient implementation, although more robust than the URLConnection-based provider, does not support NTLMv2 proxies directly (for an explanation of why, see here).

For NTLMv2 Proxies, that require username and password for access the workaround is to

  1. Disable the ECF httpclient provider.
  2. Provide the NTLMv2 proxy authentication info (proxyhost, domain, username, and password)

In ECF 3.0/Galileo both can be done via system properties provided to Eclipse on startup. Here is an example using 'myproxy', 'mydomain', 'myusername', and 'mypassword':

-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclient
-Dhttp.proxyPort=8080
-Dhttp.proxyHost=myproxy
-Dhttp.proxyUser=mydomain\myusername
-Dhttp.proxyPassword=mypassword
-Dhttp.nonProxyHosts=localhost|127.0.0.1

The first property disables the httpclient provider (and so uses the URLConnection-based provider, which does have support for NTLMv2 proxies), and the next 5 properties are as specified by Sun for the URLConnection-based provider.

In the future, it is likely that with other providers (e.g. the Apache httpcore client...i.e. bug 251740 or Jetty's asynch filetransfer implementation we will be able to support NTLMv2 proxies...i.e. bug 252002 more directly. Further, in future versions the Eclipse platform proxy API should support NTLMv2 as well...i.e. bug 269832.

Actually, it is unlikely that the Apache HTTP Client or HTTP Components will ever support NTLMv2. They have never supported it even though the technical information has been available for years. They are currently concerned with the legal issues.

Eclipse Communication Framework
API
API DocumentationJavadocProvidersECF/Bot Framework
Development
Development GuidelinesIntegrators Guide