Command Line JVM Settings

The proxy settings are given to the JVM via command line arguments:

 java -Dhttp.proxyHost=proxyhostURL
-Dhttp.proxyPort=proxyPortNumber
-Dhttp.proxyUser=someUserName
-Dhttp.proxyPassword=somePassword HelloWorldClass

Setting System Properties in Code

Add the following lines in your Java code so that JVM uses the proxy to make HTTP calls. This would, of course, require you to recompile your Java source. (The other methods do not require any recompilation):

System.getProperties().put("http.proxyPort", "someProxyPort");
System.getProperties().put("http.proxyUser", "someUserName");
System.getProperties().put("http.proxyPassword", "somePassword");
System.getProperties().put("http.proxyHost", "someProxyURL");

One more configuraiton for Microsoft ISA NTLM Authentication

You need add below in addition is the proxy using NTLM authentication.
-Dhttp.auth.ntlm.domain=DOMAIN

Configuring Authentication Order

There are three authentication mechanisms provided - ntlmdigest & basic in that order by default. It is possible to change the order and also not exclude one or more methods altogether. This can be done with the following property.

-Dhttp.proxyAuth=basic,ntlm

In this example the authentication order will be basic and then ntlm only - digest will not be used.

Since Java 1.5 you can also pass a java.net.Proxy instance to the openConnection() method

//Proxy instance, proxy ip = 123.0.0.1 with port 8080
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("123.0.0.1", 8080));
URL url = new URL("http://www.yahoo.com");
HttpURLConnection uc = (HttpURLConnection)url.openConnection(proxy);
uc.connect(); String page;
StringBuffer tmp = new StringBuffer();
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
while ((line = in.readLine()) != null){
page.append(line + "\n");
}
System.out.println(page);

so you don't need to set system properties. You can use the default PROXY as defined by your networking settings.

System.setProperty("java.net.useSystemProxies", "true");
List l = null;
try {
l = ProxySelector.getDefault().select(new URI("http://www.yahoo.com"));
}
catch (URISyntaxException e) {
e.printStackTrace();
} if (l != null) {
for (Iterator iter = l.iterator(); iter.hasNext() {
java.net.Proxy proxy = (java.net.Proxy) iter.next();
System.out.println("proxy hostname : " + proxy.type());
InetSocketAddress addr = (InetSocketAddress) proxy.address();
if (addr == null) {
System.out.println("No Proxy");
}
else {
System.out.println("proxy hostname : " + addr.getHostName());
System.out.println("proxy port : " + addr.getPort());
}
}
}

To bypass the PROXY,

URL url = new URL("http://internal.server.local/");
URLConnection conn = url.openConnection(Proxy.NO_PROXY);

Proxy and Username/Password

You might need to identify yourself to the proxy server.

One way is to use the HTTP property "Proxy-Authorization" with a username:password base64 encoded.

System.setProperty("http.proxyHost", "myProxyServer.com");
System.setProperty("http.proxyPort", "80");
URL url=new URL("http://someserver/somepage");
URLConnection uc = url.openConnection ();
String encoded = new String
(Base64.base64Encode(new String("username:password").getBytes()));
uc.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
uc.connect();
The following example dumps the content of a URL but before we identify ourself to the proxy.
import java.net.*;
import java.io.*; public class URLUtils {
public static void main(String s[]) {
URLUtils.dump("http://www.yahoo.com");
System.out.println("**************");
URLUtils.dump("https://www.paypal.com");
System.out.println("**************");
} public static void dump(String URLName){
try {
DataInputStream di = null;
FileOutputStream fo = null;
byte [] b = new byte[1]; // PROXY
System.setProperty("http.proxyHost","proxy.mydomain.local") ;
System.setProperty("http.proxyPort", "80") ; URL u = new URL(URLName);
HttpURLConnection con = (HttpURLConnection) u.openConnection();
//
// it's not the greatest idea to use a sun.misc.* class
// Sun strongly advises not to use them since they can
// change or go away in a future release so beware.
//
sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
String encodedUserPwd =
encoder.encode("mydomain\\MYUSER:MYPASSWORD".getBytes());
con.setRequestProperty
("Proxy-Authorization", "Basic " + encodedUserPwd);
// PROXY ---------- di = new DataInputStream(con.getInputStream());
while(-1 != di.read(b,0,1)) {
System.out.print(new String(b));
}
}
catch (Exception e) {
e.printStackTrace();
}
}
}
With JDK1.2, the java.net.Authenticator can be used to send the credentials when needed.
public static void dump(String URLName){
try {
DataInputStream di = null;
FileOutputStream fo = null;
byte [] b = new byte[1]; // PROXY
System.setProperty("http.proxyHost","proxy.mydomain.local") ;
System.setProperty("http.proxyPort", "80") ; Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new
PasswordAuthentication("mydomain\\username","password".toCharArray());
}}); URL u = new URL(URLName);
HttpURLConnection con = (HttpURLConnection) u.openConnection();
di = new DataInputStream(con.getInputStream());
while(-1 != di.read(b,0,1)) {
System.out.print(new String(b));
}
}
catch (Exception e) {
e.printStackTrace();
}
}

Bypass a Proxy

In intranet environment, you may need to bypass the proxy server and go directly to the http server.

The http.nonProxyHosts property indicates the hosts which should be connected too directly and not through the proxy server. The value can be a list of hosts, each seperated by a |, and in addition a wildcard character (*) can be used for matching.

java.exe  -Dhttp.nonProxyHosts="*.mycompany.com|*.mycompany.local|localhost" MyClass

Below are  the Networking Properties from http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html

There are a few standard system properties used to alter the mechanisms and behavior of the various classes of the java.net package.
Some are checked only once at startup of the VM, and therefore are best set using the -D option of the java command,
while others have a more dynamic nature and can also be changed using the System.setProperty() API.
The purpose of this document is to list and detail all of these properties.
If there is no special note, a property value is checked every time it is used.

  • IPv4 / IPv6

java.net.preferIPv4Stack (default: false)
If IPv6 is available on the operating system the underlying native socket will be, by default,
an IPv6 socket which lets applications connect to, and accept connections from, both IPv4 and IPv6 hosts.
However, in the case an application would rather use IPv4 only sockets, then this property can be set to true.
The implication is that it will not be possible for the application to communicate with IPv6 only hosts.

java.net.preferIPv6Addresses (default: false)
When dealing with a host which has both IPv4 and IPv6 addresses, and if IPv6 is available on the operating system,
the default behavior is to prefer using IPv4 addresses over IPv6 ones. This is to ensure backward compatibility,
for example applications that depend on the representation of an IPv4 address (e.g. 192.168.1.1).
This property can be set to true to change that preference and use IPv6 addresses over IPv4 ones where possible.

Both of these properties are checked only once, at startup.

  • Proxies

A proxy server allows indirect connection to network services and is used mainly for security (to get through firewalls)
and performance reasons (proxies often do provide caching mechanisms).
The following properties allow for configuration of the various type of proxies.

  • HTTP

The following proxy settings are used by the HTTP protocol handler.

http.proxyHost (default: <none>) The hostname, or address, of the proxy server

http.proxyPort (default: 80) The port number of the proxy server.

http.nonProxyHosts (default: localhost|127.*|[::1])

Indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts.
The value of this property is a list of hosts, separated by the '|' character.
In addition the wildcard character '*' can be used for pattern matching.

For example -Dhttp.nonProxyHosts=”*.foo.com|localhost” will indicate that every hosts in the foo.com domain
and the localhost should be accessed directly even if a proxy server is specified.

The default value excludes all common variations of the loopback address.

  • HTTPS

This is HTTP over SSL, a secure version of HTTP mainly used when confidentiality (like on payment sites) is needed.

The following proxy settings are used by the HTTPS protocol handler.

https.proxyHost(default: <none>)
The hostname, or address, of the proxy server

https.proxyPort (default: 443)
The port number of the proxy server.

The HTTPS protocol handler will use the same nonProxyHosts property as the HTTP protocol.

  • FTP

The following proxy settings are used by the FTP protocol handler.

ftp.proxyHost(default: <none>)
The hostname, or address, of the proxy server

ftp.proxyPort (default: 80)
The port number of the proxy server.

ftp.nonProxyHosts (default: localhost|127.*|[::1])
Indicates the hosts that should be accessed without going through the proxy. Typically this defines internal hosts.
The value of this property is a list of hosts, separated by the '|' character. In addition the wildcard character '*' can be
used for pattern matching.

For example -Dftp.nonProxyHosts=”*.foo.com|localhost” will indicate that every hosts in the foo.com
domain and the localhost should be accessed directly even if a proxy server is specified.

The default value excludes all common variations of the loopback address.

  • SOCKS

This is another type of proxy. It allows for lower level type of tunneling since it works at the TCP level.
In effect, in the Java(tm) platform setting a SOCKS proxy server will result in all TCP connections to go through that proxy,
unless other proxies are specified. If SOCKS is supported by a Java SE implementation, the following properties will be used:

socksProxyHost (default: <none>)
The hostname, or address, of the proxy server.

socksProxyPort (default: 1080)
The port number of the proxy server.

socksProxyVersion (default: 5)
The version of the SOCKS protocol supported by the server. The default is 5 indicating SOCKS V5, alternatively 4 can be specified for SOCKS V4.
Setting the property to values other than these leads to unspecified behavior.

java.net.socks.username (default: <none>)
Username to use if the SOCKSv5 server asks for authentication and no java.net.Authenticator instance was found.

java.net.socks.password (default: <none>)
Password to use if the SOCKSv5 server asks for authentication and no java.net.Authenticator instance was found.

Note that if no authentication is provided with either the above properties or an Authenticator, and the proxy requires one,
then the user.name property will be used with no password.

java.net.useSystemProxies (default: false)
On recent Windows systems and on Gnome 2.x systems it is possible to tell the java.net stack, setting this property to true,
to use the system proxy settings (both these systems let you set proxies globally through their user interface).
Note that this property is checked only once at startup.

  • Misc HTTP properties

http.agent (default: “Java/<version>”)
Defines the string sent in the User-Agent request header in http requests. Note that the string “Java/<version>” will be appended
to the one provided in the property (e.g. if -Dhttp.agent=”foobar” is used, the User-Agent header will contain “foobar Java/1.5.0”
if the version of the VM is 1.5.0). This property is checked only once at startup.

http.keepalive (default: true)
Indicates if persistent connections should be supported. They improve performance by allowing the underlying socket
connection to be reused for multiple http requests. If this is set to true then persistent connections will be requested with HTTP 1.1 servers.

http.maxConnections (default: 5)
If HTTP keepalive is enabled (see above) this value determines the maximum number of idle connections that will be simultaneously kept alive,
per destination.

http.maxRedirects (default: 20)
This integer value determines the maximum number, for a given request, of HTTP redirects that will be automatically followed by the protocol handler.

http.auth.digest.validateServer (default: false)

http.auth.digest.validateProxy (default: false)

http.auth.digest.cnonceRepeat (default: 5)

These 3 properties modify the behavior of the HTTP digest authentication mechanism. Digest authentication
provides a limited ability for the server to authenticate itself to the client (i.e. By proving it knows the user's password).

However not all HTTP servers support this capability and by default it is turned off.
The first two properties can be set to true to enforce this check for authentication with either an origin or proxy server, respectively.

It is usually not necessary to change the third property. It determines how many times a cnonce value is re-used.
This can be useful when the MD5-sess algorithm is being used. Increasing this value reduces the computational overhead
on both client and server by reducing the amount of material that has to be hashed for each HTTP request.

http.auth.ntlm.domain (default: <none>)
NTLM is another authentication scheme. It uses the java.net.Authenticator class to acquire usernames and passwords
when they are needed. However NTLM also needs the NT domain name. There are 3 options for specifying that domain:

Do not specify it. In some environments the domain is actually not required and the application does not have to specify it.

The domain name can be encoded within the username by prefixing the domain name, followed by a back-slash '\' before the username.
With this method existing applications that use the authenticator class do not need to be modified,
as long as users are made aware that this notation must be used.

If a domain name is not specified as in method 2) and these property is defined, then its value will be used a the domain name.
All these properties are checked only once at startup.

  • Address Cache

The java.net package, when doing name resolution, uses an address cache for both security and performance reasons.
Any address resolution attempt, be it forward (name to IP address) or reverse (IP address to name),
will have its result cached, whether it was successful or not, so that subsequent identical requests will not have to access the naming service.
These properties allow for some tuning on how the cache is operating.

networkaddress.cache.ttl (default: see below)

Value is an integer corresponding to the number of seconds successful name lookups will be kept in the cache. A value of -1,
or any other negative value for that matter, indicates a “cache forever” policy, while a value of 0 (zero) means no caching.
The default value is -1 (forever) if a security manager is installed, and implementation specific when no security manager is installed.

networkaddress.cache.negative.ttl (default: 10)

Value is an integer corresponding to the number of seconds an unsuccessful name lookup will be kept in the cache. A value of -1,
or any negative value, means “cache forever”, while a value of 0 (zero) means no caching.

Since these 2 properties are part of the security policy, they are not set by either the -D option or the System.setProperty() API,
instead they are set in the JRE security policy file lib/security/java.security.

http://docs.oracle.com/javase/6/docs/technotes/guides/net/properties.html

Set Java Proxy for Http/Https的更多相关文章

  1. 动态代理:JDK原生动态代理(Java Proxy)和CGLIB动态代理原理+附静态态代理

    本文只是对原文的梳理总结,以及自行理解.自己总结的比较简单,而且不深入,不如直接看原文.不过自己梳理一遍更有助于理解. 详细可参考原文:http://www.cnblogs.com/Carpenter ...

  2. 《手把手教你》系列技巧篇(四十四)-java+ selenium自动化测试-处理https 安全问题或者非信任站点-下篇(详解教程)

    1.简介   这一篇宏哥主要介绍webdriver在IE.Chrome和Firefox三个浏览器上处理不信任证书的情况,我们知道,有些网站打开是弹窗,SSL证书不可信任,但是你可以点击高级选项,继续打 ...

  3. 深入理解Java Proxy

    深入理解Java Proxy: http://blog.csdn.net/rokii/article/details/4046098 整理之后的代码: package com.stono.reftes ...

  4. Java Proxy和CGLIB动态代理原理

    动态代理在Java中有着广泛的应用,比如Spring AOP,Hibernate数据查询.测试框架的后端mock.RPC,Java注解对象获取等.静态代理的代理关系在编译时就确定了,而动态代理的代理关 ...

  5. Java中用HttpsURLConnection访问Https链接

    在web应用交互过程中,有很多场景需要保证通信数据的安全:在前面也有好多篇文章介绍了在Web Service调用过程中用WS-Security来保证接口交互过程的安全性,值得注意的是,该种方式基于的传 ...

  6. java 通过httpclient调用https 的webapi

    java如何通过httpclient 调用采用https方式的webapi?如何验证证书.示例:https://devdata.osisoft.com/p...需要通过httpclient调用该接口, ...

  7. java Proxy InvocationHandler 动态代理实现详解

    spring 两大思想,其一是IOC,其二就是AOP..而AOP的原理就是java 的动态代理机制.这里主要记录java 动态代理的实现及相关类的说明. java  动态代理机制依赖于Invocati ...

  8. java使用代理请求https

    我本来在我本机写的代码,本机电脑是可以连外网没限制,对于https和http都可以.但是放在linux服务器上后,因为VM限制了不能访问外网,而且有ssl验证所以就一直报错,要么是连不上线上请求,要么 ...

  9. java Proxy(代理机制)

    我们知道Spring主要有两大思想,一个是IoC,另一个就是AOP,对于IoC,依赖注入就不用多说了,而对于Spring的核心AOP来说,我们不但要知道怎么通过AOP来满足的我们的功能,我们更需要学习 ...

随机推荐

  1. 泛型,动态创建List<T> (转摘)

    第一种: static void Main()        {            object intList = MakeList(typeof(int), 1, 2, 3);         ...

  2. 深度解析开发项目之 05 - 解决textField编辑之后点击其他内容改变的问题

    深度解析开发项目之 05 - 解决textField编辑之后点击其他内容改变的问题 问题的解决:  只需要给HeadeVIew加上这句代码

  3. Sublime之旅

    安装 http://www.sublimetext.com/3          常用操作  window版本 CTRL + P 打开文件搜索 Ctrl+K+B 打开目录树 Ctrl+Shift+[ ...

  4. in_array 的第三个参数strict设置为 true

    var_dump(in_array(0, array('s' )); 这句话的结果是bool(true). 因为in_array会将0 和's' 进行比较,0是number类型,'s'是string类 ...

  5. 一些开发遇到的"小问题",你能答对多少?

    我会把问题先写在前面,答案用白色字体写在后面.所以用鼠标选择文本就可以看到答案啦. 调用await后因为切换了线程环境(这种说法可能不严谨,但我只能想到这种说法),httpcontext会为null. ...

  6. [转]超详细图解:自己架设NuGet服务器

    本文转自:http://diaosbook.com/Post/2012/12/15/setup-private-nuget-server 超详细图解:自己架设NuGet服务器 汪宇杰          ...

  7. MSBuild学习记录

    参考资料 官方文档 MSBuild入门 MSBuild的简单介绍与使用

  8. mysql 导入导出.sql文件

    备份数据库(包含全部表和全部存储过程):C:\Documents and Settings\Administrator>mysqldump -h localhost -u root -p -R ...

  9. UITableview 多行删除

    //  RootViewController.m #import "RootViewController.h"#import "NextViewController.h& ...

  10. PHP 随机显示

    <?php  print_r(    array_rand(      array(        "新春快乐"=>"",        " ...