1

How to make all Java connections to use proxy provided via JAVA_TOOL_OPTIONS environment variable?

The simple app I'm using as a test is taken from GitHub:

package to.noc.sslping;

import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.OutputStream;
public class SSLPing {

    public static void main(String[] args) {
        if (args.length != 2) {
            System.out.println("Usage: java -jar SSLPing.jar <host> <port>");
            System.exit(1);
        }
        try {

            String hostname = args[0];
            int port = Integer.parseInt(args[1]);

            System.out.println("About to connect to '" + hostname + "' on port " + port);

            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(hostname, port);

            // Hostname verification is not done by default in Java with raw SSL connections.
            // The next 3 lines enable it.
            SSLParameters sslParams = new SSLParameters();
            sslParams.setEndpointIdentificationAlgorithm("HTTPS");
            sslsocket.setSSLParameters(sslParams);

            // we only send 1 byte, so don't buffer
            sslsocket.setTcpNoDelay(true);

            // Write a test byte to trigger the SSL handshake
            OutputStream out = sslsocket.getOutputStream();
            out.write(1);

            // If no exception happened, we connected successfully
            System.out.println("Successfully connected");

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

What I want is to be able to provide the PROXY settings via environment variables without having to configure it in the Java code. I found that it is possible to provide some settings via the JAVA_TOOL_OPTIONS env.

JAVA_TOOL_OPTIONS="-Dhttp.proxyHost=161.xxx.xxx.xxx
                   -Dhttp.proxyPort=8080
                   -Dhttp.proxySet=true
                   -Dhttps.proxyHost=161.xxx.xxx.xxx
                   -Dhttps.proxyPort=8080
                   -Dhttps.proxySet=true"

It is correctly seen by the command

java -jar SSLPing.jar google.com 443
Picked up JAVA_TOOL_OPTIONS: -Dhttp.proxyHost=161.xxx.xxx.xxx
                   -Dhttp.proxyPort=8080
                   -Dhttp.proxySet=true
                   -Dhttps.proxyHost=161.xxx.xxx.xxx
                   -Dhttps.proxyPort=8080
                   -Dhttps.proxySet=true
About to connect to 'google.com' on port 443
Successfully connected

However when I need to reach a particular URL that requires the proxy, it fails to connect.

How do I make any socket to use the proxy from JAVA_TOOL_OPTIONS env? How to check if the sockets are using the proxy?

1Z10
  • 2,801
  • 7
  • 33
  • 82
  • Why do you use `JAVA_TOOL_OPTIONS`? (concluding from your program(main) and your command (cli, java).., you could just "pass 'em"!?) ... [like shown here](https://stackoverflow.com/a/120802/592355) ...[see also!](https://stackoverflow.com/q/28327620/592355) – xerx593 Oct 20 '21 at 11:01
  • I have different Java apps that needs to use the proxy, and it seems to me as a good solution. I did see the links in the beginning of my googling. Is there some counter indication? – 1Z10 Oct 20 '21 at 11:06
  • ok, sorry, then [more focus! :-)](https://docs.oracle.com/javase/6/docs/technotes/guides/net/proxies.html) have you tried `http://...`, `https://` (in your command)? ..setting `socksProxyHost/Port`? ... (2.4:)"Here, during the execution of the code, **every outgoing TCP socket** will go through the SOCKS proxy server at..." ... – xerx593 Oct 20 '21 at 11:16
  • 1
    ...(quote on): "Now, what happens when both a SOCKS proxy and a HTTP proxy are defined? Well the rule is that settings for higher level protocols, like HTTP or FTP, take precedence over SOCKS settings. So, in that particular case, when establishing a HTTP connection, the SOCKS proxy settings will be ignored and the HTTP proxy will be contacted. Let's look at an example.." – xerx593 Oct 20 '21 at 11:16
  • It seems that http{s}ProxyHost{Port} are only used by HttpURLConnection, not by Socket. See https://stackoverflow.com/a/28035322/8737144 – 1Z10 Oct 20 '21 at 13:03

0 Answers0