ProxySupport

From Eclipsepedia

Jump to: navigation, search

This page is being used to capture the requirements for Platform level proxy support (bug 154100)

Contents

CVS Requirements

The CVS/Core and CVS/SSH2 use the proxies provided by the Jsch plug-in to make proxy connections. Currently, there is support for two types of proxies: HTTP and SOCKS5. We would require API that allowed us to do something like this:

ProxyInfo[] infos = ProxyInfo.getProxiesFor(String hostName);
ProxyInfo info = getSupportProxy(infos); // method would look for the HTTP or SOCKS5 proxy
if (info == null) {
    // Attempt a direct connection.
    // If the connection failed and there were proxies specified, let the user know that
    // we only support HTTP and SOCKS4
} else if (info.getType() == ProxyInfo.HTTP) {
   // Use host, port, username and password to create an HTTP proxy using Jsch
} else if (info.getType() == Proxy.SOCKS5) {
   // Use host, port, username and password to create a SOCKS5 proxy using Jsch
}

The API we would require is that ability to retrieve the set of proxies that are available for a particular host. This doesn't imply that we need to support the specification of different proxies for each hist but I think it is good to leave room in the API to support this later.

Update Requirements

Update allows the user to enable an HTTP proxy and specify an address and port that is to be used as the proxy. When set, this information is places in the 'http.proxySet', 'http.proxyHost' and 'http.proxyPort' system properties. Update also sets the default authenticator (Athenticator.setDefault(...)) in order to support interactive authentication (i.e the user is prompted if the update server or proxy require authentication).

WTP Requirements

The WTP proxy preference page currently only sets JVM system properties for http, https, and socks. It does not provide any api to access this information. It assumes that clients will use Java IO( which uses these properties) to create connections. Since, a number of components in WTP use Java IO to open connections, these JVM system properties need to set when the Eclipse UI starts up. This preference page also sets the default authenticator at UI startup time so that the user is prompted for userid and password information. The authenticator also caches user id and password information so that if the same host is accessed again the user does not need to enter this information again.

Discussion

Here are discussions on various aspects of this feature

Access to Proxy info

For CVS to use this feature, the Core plug-in needs to provide access to the defined proxy settings. It also needs the authentication information, if there is any, to be provided with the proxy information since the Jsch proxy does not appear to support an authentication callback. From a CVS standpoint, we need API that looks something like this:

  1. a proxy info (or data) object that contains the type, hist, port, username (if required) and password (if required).
  2. a method to retrieve the proxy info (or infos) for a particular target host. Clients will need to pick an appropriate proxy to use.

To support this, we would need a preference page that allows the specification of multiple proxy types along with the authentication for each type, if there is any.

Setting System Properties

Both Update and WTP set the Java proxy system properties. For Update, this is done when the core bundle starts. However, WTP does this using the startup hook to ensure that the properties are set when any URL or TCP (in Java 1.5) connections are attempted. In the current implementation, it seems that WTP and Update could easily interfer with each other.

One approach to this is to have the new plug-ins just set these properties for everyone. The advantage of this is that clients of URL and 1.4 and URL and TCP in 1.5 would get the proxy support automatically. The issues are:

  1. The settings would need to be put in the properties before any connections were attempted. This would most likely be the case if the startup hook was used but would not be guaranteed since connections could be attempted before the workbench was started. Also, the stratup hook is not something that has ever been used in the Platform and I don't think we could get approval to do it in this case.

The reasoning for this is that any client that uses Java I/O to make a connection could potentially want to go through a proxy server. It seems a bit wierd to force every client the uses Java I/O to have to also make call to our Eclipse api to enable JVM properties. I'm not sure what the harm with setting variables would be. However, if this is a major concern I can go with the option that you suggest which is to enable the System properties when WTP starts up.

[MV] I have a concern with setting the system properties without any explicit indication from clients that they need to be set. The problem is that, once we do it in the Platform as part of an API, we can never stop doing it. If you feel this needs to be done on startup for WTP, one option would be for WTP to keep their early startup hook and invoke the explicit request o set the System properties.

some means of indicating that the client requires the Java system properties and authenticator to be set. I think it is dangerous to have clients do this themselves (since multiple clients may do it). On the other hand, I would like to avoid doing it if possible. Initially, we will need to for update but hopefully this will not be necessary in future releases.

Authenticator

[MV]Could you describe how the authenticator handles the situation where the remote credentials have changed on the server (i.e. a password has been changed on the server)? I didn't see anything in the Authenticator API that would allow the implementor to distinguish between a first-try and a retry. Also, in the patch, the cache table is written to but never read from.
[PM]In the situation where the credentials have changed or the user enter incorrect credential information Eclipse would need to be restarted to flush this cached data. You are correct that the patch does not read from the cache. This is a bug. The code should have have prefilled the authentication dialog with the cached hostname and password.

</blockquote>