This section discusses how JMS Clients operate in networks where firewalls are present. FioranoMQ allows enterprise clients to extend beyond corporate firewalls by providing both HTTP Tunneling and tunneling through SOCKS enabled Proxy servers. FioranoMQ provides Tunneling support for clients along with all JMS functionalities.

Tunneling through SOCKS Proxy Server

Tunneling through client as well as server side firewalls can be achieved through the SOCKS Proxy Server. The SOCKS protocol is an open internet standard for performing network proxying at the transport layer. SOCKS creates proxy, which serves as a data channel between TCP or UDP (User Datagram Protocol) based clients and servers. The proxy between the client and server, created by SOCKS is transparent to both the parties.

Java runtime 1.1.8 and above provide SOCKS support. The Java.net socket instance has the ability to connect to a remote host through the SOCKS proxy server. If the System property socksProxyHost and optionally socksProxyPort is set, the Socket implementation redirects the connection through the SOCKS proxy Server. Tunneling through proxies, using SOCKS, presents a more generic and viable solution for JMS Applets. Since socksProxyPort and socksProxyHost are set as a system property, the Client Applet burrows through the SOCKS server. A single version of an applet can now be downloaded by the client, despite the presence of a firewall. There are slight variations in the applet and application code used to tunnel through the SOCKS Proxy. Using HTTP Tunneling requires that the applet sets the proxy

Address and proxy Port. The code snippets provided in this document illustrate proxy tunneling in applications and applets.
The above features do not work with JDK versions below 1.4 and 1.5. Complete samples can be found in the Tunneling Samples folder located at: %FMQ_DIR%\fmq\samples\ directory.

Enabling JMS Applets to Tunnel through SOCKS Proxy Server

Browsers allow users to manually set the Proxy Server/SOCKS Server Host and port or users can use a script to automatically set the browser configuration. Applets access Java for SOCKS proxy server settings by conveying the settings effectively to the Java VM, used by the browser.

Microsoft Internet Explorer 4.0 and above provide complete SOCKS proxy support. They do not require changes to run Applets behind client firewalls.

Icon

 Netscape Communicator does not convey its proxy server settings to Java VM. This can be achieved by using digital certificates. A digital certificate allows the client Applet to set System properties for Java VM. (For more information, refer to the SockPubSub samples directory in the FioranoMQ installation directory.)

Additional Notes on SOCKS

JDK implements SOCKS Version 4. SOCKS Version 4 accepts remote host addresses in numeric IP form (and not alphanumeric form which would allow the use domain names such as www.fiorano.com). Tunneling does not work if issues of domain name and IP address are not resolved. To resolve the issue the Applet needs to be downloaded from a known IP address and used instead of domain names.

Another solution is to provide the Server IP Address as Applet parameters.

Adaptavist ThemeBuilder EngineAtlassian Confluence