Proxy Configuration

This section covers the following topics:

Introduction
How Java Plug-in Obtains Proxy Information
Direct Connection
Manual Proxy Configuration
Automatic Proxy Configuration

Introduction

It is important for enterprise customers to be able to set up secure computing environments within their companies. Proxy configuration is an essential part of a secure computing environment.

Proxy configuration acts as a security barrier. It ensures that the proxy server monitors all incoming and outgoing information between the Internet and the intranet. This is normally an integral part of security enforcement in corporate firewalls within intranets. Enterprise customers who want to use Java Plug-in to deploy applets on their intranet web pages may also set up proxy supports. These supports are required for Java Plug-in to work in an intranet environment.

Java Plug-in has full proxy support. This document specifies how proxy support works in intranet environments.

How Java Plug-in Obtains Proxy Information

Because browsers on different platforms store proxy information differently, there is no generic mechanism to obtain proxy information.

Here's how Java Plug-in obtains proxy information for three different browser-platform combinations:

Internet Explorer on Win32: IE stores proxy information in the same set of keys in the windows registry. Java Plug-in obtains this information directly.

Netscape Navigator on Win32: Navigator 4 stores proxy information in the user preference file on the local machine. Java Plug-in reads and parses the user preference file to obtain the Navigator 4 proxy information. Netscape 6 has an API for obtaining proxy information. findProxyForURL(URL) returns proxy configuration information for the URL passed to it.

Netscape Navigator on Solaris and Linux: Navigator stores proxy information in a file in the local machine. Java Plug-in reads and parses this file to obtain the proxy information. For Netscape 6 the process is the same as described above.

Java Plug-in obtains proxy information at startup time. If you change the proxy setting after Java Plug-in has started, you may force Java Plug-in to reload the proxy information from the browser through the option in the Control Panel.

Java Plug-in provides proxy configuration support for the following: direct connection, manual configuration, and automatic configuration.

Direct Connection

For certain situations, such as when mobile users connect to the company through a modem, direct connection to the intranet environment is required. Proxies should not be used in these cases.

Manual Proxy Configuration

Both Internet Explorer and Netscape Navigator support manual proxy configuration. Users can specify the proxy server and port for each protocol. Users can also specify one proxy server and port for all protocols. To minimize the workload of the proxy server, some sites might bypass the proxy server completely when a machine is connecting to another machine inside the intranet environment. To do this, network administrators and users can specify the proxy server bypass list in the browser's setting.

Internet Explorer: Java Plug-in recognizes and supports the proxy server and port setting associated with the protocol. IE supports various syntaxes in the proxy server bypass list, as follows:

IP address/hostname only
IP address/hostname with wildcard
IP address/hostname with protocol

For example, if you specify "121.141.23.5;*.eng;http://*.com" in the proxy server bypass list, then the browser bypasses the proxy whenever one of the following occurs:

"121.141.23.5" is requested
the URL hostname ends with ".eng"
the URL protocol is http and the URL hostname ends with ".com"

Currently, Java Plug-in supports the first two syntaxes in the proxy server bypass list in IE. IE also supports bypassing the proxy server for local (intranet) addresses without using the proxy server bypass list. Java Plug-in supports this option by bypassing the proxy server if the URL hostname is plain; i.e., the hostname contains no dot (.).

Netscape Navigator: Java Plug-in recognizes and supports the proxy server and port setting associated with the protocol. For example, if you specify ".eng,.sun.com" in the proxy server bypass list in Navigator, it bypasses the proxy whenever the URL hostname ends with ".eng" or ".sun.com". Java Plug-in fully supports this syntax in the proxy server bypass list in Navigator.

For more information about manual proxy configuration in your browser, please consult the user guide for your browser.

Automatic Proxy Configuration

Automatic proxy configuration is supported in the browser by setting a particular URL that contains a JavaScript file with .pac or .js extension. This file contains a function called FindProxyForURL that contains the logic to determine which proxy server to use when the browser receives a connection request. This function is written by the system administrator for the particular intranet environment. When the browser starts up, it recognizes the URL of the JavaScript file and downloads the file to the local machine using direct connection. Then whenever it needs to make a new connection, the browser executes the JavaScript function FindProxyForURL in the file to obtain the proxy information to set up the connection.

Internet Explorer: During startup, Java Plug-in downloads the JavaScript file to the local machine using direct connection. Then whenever it needs to make a new connection, it executes the FindProxyForURL function to obtain the proxy information using the JavaScript engine in IE.

Netscape Navigator: During startup, Java Plug-in downloads the JavaScript file to the local machine using direct connection. Then whenever it needs to make a new connection, it executes the FindProxyForURL function to obtain the proxy information by using the JavaScript engine in Navigator.

There are a number of predefined JavaScript functions which can be called from the JavaScript function FindProxyForURL. Java Plug-in provides its own implementation of these functions to completely emulate the automatic proxy configuration. Here are a few notes regarding this implementation:

Function dnsResolve always returns an empty string if the host is not an IP address
Function isResolvable always returns false if the host is not an IP address.
Function isInNet always returns false if the host is not an IP address.

Note that executing the function FindProxyForURL always returns proxy information as a string. Java Plug-in extracts the setting in the following way :

If "DIRECT" is in the string, Java Plug-in assumes direct connection.
If "PROXY" is in the string, it uses the first proxy setting for the connection.
If "SOCKS" is in the string, it uses the SOCKS v4 for the connection.
Otherwise, the proxy information in the string is incorrect. In this cases, Java Plug-in assumes direct connection.

For more information about automatic proxy configuration in your browser, consult the user guide for your browser.