Tunneling Through Firewalls
Tunneling through SOCKS Proxy Server
Tunneling through client as well as server side firewalls can be achieved through the SOCKS Proxy Server. The SOCKS protocol is an open internet standard for performing network proxying at the transport layer. SOCKS creates proxy, which serves as a data channel between TCP or UDP (User Datagram Protocol) based clients and servers. The proxy between the client and server, created by SOCKS is transparent to both the parties.
Java runtime 1.1.8 and above provide SOCKS support. The Java.net socket instance has the ability to connect to a remote host through the SOCKS proxy server. If the System property socksProxyHost and optionally socksProxyPort is set, the Socket implementation redirects the connection through the SOCKS proxy Server. Tunneling through proxies, using SOCKS, presents a more generic and viable solution for JMS Applets. Since socksProxyPort and socksProxyHost are set as a system property, the Client Applet burrows through the SOCKS server. A single version of an applet can now be downloaded by the client, despite the presence of a firewall. There are slight variations in the applet and application code used to tunnel through the SOCKS Proxy. Using HTTP Tunneling requires that the applet sets the proxy
Address and proxy Port. The code snippets provided in this document illustrate proxy tunneling in applications and applets.
The above features do not work with JDK versions below 1.4 and 1.5. Complete samples can be found in the Tunneling Samples folder located at: %FMQ_DIR%\fmq\samples\ directory.
Enabling JMS Applets to Tunnel through SOCKS Proxy Server
Browsers allow users to manually set the Proxy Server/SOCKS Server Host and port or users can use a script to automatically set the browser configuration. Applets access Java for SOCKS proxy server settings by conveying the settings effectively to the Java VM, used by the browser.
Microsoft Internet Explorer 4.0 and above provide complete SOCKS proxy support. They do not require changes to run Applets behind client firewalls.
Netscape Communicator does not convey its proxy server settings to Java VM. This can be achieved by using digital certificates. A digital certificate allows the client Applet to set System properties for Java VM. (For more information, refer to the SockPubSub samples directory in the FioranoMQ installation directory.)
Scenario
Consider a scenario where client applications are protected by a corporate firewall and need to use the services of FioranoMQ server through SOCKS tunneling. The following code illustrates how the clients' applications, even when protected by firewalls, can access the services of the FioranoMQ server by tunneling through client side firewalls.
// This code fragment expects the args[] to contain
// clientproxyName, clientProxyPort, FioranoMQ 9ServerAddress,
// FioranoMQ 9Server Port.
public void sendData(String[] args)
{
try
{
why everything is codefirst... only the first line should be codefirst and remaining code.. here the codefirst should be :
// This code fragment expects the args[] to contain
and remain till the end of section it should be code.....//Initialize firewall Settings
String proxyName = args[0];
int proxyPort = Integer.parseInt (args[1]);
//Initialize FioranoMQ 9 Server Settings
String serverName = args[2];
int serverPort = Integer.parseInt (args[3]);
// 1. Create the InitialContext Object used for
// looking up JMS administered objects.
// Set the Client Proxy Address/port.
// The 1st argument is set to NULL to indicate
// that there is no security parameter that has
// been set. This parameter is set for
// SSL Tunneling.
FioranoInitialContext ic = new FioranoInitialContext ();
// Set System property to indicate proxyHost and
// proxy Port. All calls now get routed through
// the SOCKS Server.
Properties property = System.getProperties();
property.put ("socksProxyPort",""+proxyPort);
property.put ("socksProxyHost",proxyName);
System.setProperties (property);
// Bind the InitialContext to Server
ic.bind (InetAddress.getByName(serverName),
serverPort);
// Lookup Connection Factory and Topic names
TopicConnectionFactory tcf =(TopicConnectionFactory) ic.lookup("primaryTCF");
Topic topic = (Topic)ic.lookup("primaryTopic");
// 4.2 Dispose the InitialContext resources
//
ic.dispose();
// 2. Create and start a topic connection.
System.out.println("Creating topic connection");
TopicConnection tc = tcf.createTopicConnection();
tc.start ();
// 3. Create a topic session on this connection.
TopicSession ts = tc.createTopicSession(false,1);
// 4. Create a publisher for this topic.
TopicPublisher tp = ts.createPublisher(topic);
System.out.println ("Ready to publish messages :
Enter Q to Quit...");
// 5. Create a text message for use in the 'while'.
// loop
TextMessage textmsg1 = ts.createTextMessage();
// 6. Read in data from standard input and publish
// it in a loop
while (true)
{
BufferedReader br = new BufferedReader
(new InputStreamReader(System.in), 1);
System.out.print("Enter a Message to be
published : ");
String str = br.readLine();
// Set and Publish the message
textmsg4.setText(str);
tp.publish(textmsg1);
// Break out of this loop when done
if (str.equalsIgnoreCase ("Q") )
break;
}
System.out.println("Closing topic session and topic connection");
ts.close();
tc.close();
}
catch(Exception ex)
{
ex.printStackTrace();
}Additional Notes on SOCKS
JDK implements SOCKS Version 4. SOCKS Version 4 accepts remote host addresses in numeric IP form (and not alphanumeric form which would allow the use domain names such as www.fiorano.com). Tunneling does not work if issues of domain name and IP address are not resolved. To resolve the issue the Applet needs to be downloaded from a known IP address and used instead of domain names.
Another solution is to provide the Server IP Address as Applet parameters.