Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-21421

Connections to Alfresco repository from the APS side should be routed through the proxy if jvm proxy arguments were set

    Details

      Description

      Summary
      While having a proxy configured in the APS JVM arguments and trying to connect to an Alfresco repository that requires going through the configured proxy, the connection cannot be established as the set proxy is not used at all.

      Steps to reproduce
      NOTE: To make things easier and not having to setup a real proxy server, the reproduction is testing the other way round:
      1. Have a supported ACS instance up and running
      2. Configure a fake proxy for APS by setting the following JAVA_OPTS:

      -Dhttp.useProxy=true -Dhttp.proxyHost=proxy.com -Dhttp.proxyPort=80 -Dhttps.useProxy=true -Dhttps.proxyHost=proxy.com -Dhttps.proxyPort=443 -Dhttp.nonProxyHosts=127.0.0.1
      

      3. Startup APS and make sure that the fake proxy is used by checking the logs during startup for the following entries:

      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttp.useProxy=true
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttp.proxyHost=proxy.com
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttp.proxyPort=80
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttps.useProxy=true
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttps.proxyHost=proxy.com
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttps.proxyPort=443
      04-Mar-2020 15:54:38.204 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dhttp.nonProxyHosts=127.0.0.1
      

      3. In activiti-app logged in as admin via Identity Management -> Tenants -> Alfresco Repositories added the direct URL for the repository prepared in first step
      4. In activiti-app logged in as admin via Identity Management -> Personal provide invalid and valid credentials to login to the Alfresco repository prepared in first step
      5. Inspect the behaviour trying to store credentials

      Expected behaviour
      As a proxy is configured, APS should not reach the Alfresco repository through the direct URL at all and it would not be possible at all to verify entered credentials and logs would contain a timeout error while trying to reach Alfresco for credentials verification.

      Current behaviour
      Although a proxy is configured, credentials are verified fine, i.e. in case of invalid credentials we display "invalid credentials" and in case of correct credentials the credneitals are accepted and the dialog is closed, proofing that the connection to ACS is not going through the configured proxy.

      Supporting evidence

      • Reproduced in current latest APS 1.10 release
      • Customer is not able to reach the ACS repository through configured proxy and getting
        2020-03-02 | 14:56:52.270 | http-nio-8082-exec-5 | ERROR | i.a.AlfrescoOnPremService | Exception: UNEXPECTED java.net.ConnectException: Connection timed out (Connection timed out)
      • While we address the issue here we then need to keep in mind to address and verify every other possible connection to an Alfresco repository, i.e. while designing processes and selecting destinations to publish to or selecting sources to attach from, as well as during process runtime and activities like "Publish to Alfresco", "Call Alfresco Action", "Retrieve Alfresco properties" and "Update Alfresco properties".
      • Possible workaround: Rather than configuring the proxy in the JVM arguments, configure the proxy as the Alfresco endpoint in APS and let the proxy route properly to the Alfresco repository.

        Attachments

          Structure

            Activity

              People

              • Assignee:
                custeng Customer Engineering
                Reporter:
                dkoch Dennis Koch
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel