mulesoft / mule-maven-plugin

Maven plugins for Mule Runtime
36 stars 45 forks source link

Connection timeout when running plugin behind an http proxy #177

Open geco82 opened 6 years ago

geco82 commented 6 years ago

I have a Jenkins machine in a network behind an http proxy. Maven is configured right with proxy in settings.xml but the plugin doesn't consider that and the calls to anypoint.mulesoft.com APIs throw a timeout exception. I wish I could configure an http proxy to reach Anypoint APIs.

orome656 commented 6 years ago

Hello,

I have the same kind of problem. Can proxy usage be implemented ?

Thank you

dwaller200 commented 6 years ago

You can implement proxy support into the 2.2.1 source branch by adding the following dependency to swap from HttpUrlConnection to Apache HttpClient 4:

        <dependency>
            <groupId>org.glassfish.jersey.connectors</groupId>
            <artifactId>jersey-apache-connector</artifactId>
            <version>${jersey.version}</version>
        </dependency>

CloudhubApi.java, change line 154 to:

Response response = post(uri, String.format(APPLICATIONS_FILES_PATH, appName), Entity.entity(multipart, MultiPartMediaTypes.createFormData()));

In AbstractApi.java, change the getTarget method to:

    protected WebTarget getTarget(String uri, String path)
    {
        ClientConfig clientConfig = new ClientConfig();
        String proxyUri = System.getProperty("deploy.proxy.uri");
        String proxyUser = System.getProperty("deploy.proxy.user");
        String proxyPassword = System.getProperty("deploy.proxy.password");
        if (!isEmpty(proxyUri)) {
            clientConfig.property(ClientProperties.PROXY_URI,proxyUri);
            if (!isEmpty(proxyUser)) {
                clientConfig.property(ClientProperties.PROXY_USERNAME,proxyUser);
                clientConfig.property(ClientProperties.PROXY_PASSWORD,proxyPassword);
            }
        }
        clientConfig.connectorProvider(new ApacheConnectorProvider());
        ClientBuilder builder = ClientBuilder.newBuilder().withConfig(clientConfig);
        configureSecurityContext(builder);
        Client client = builder.build().register(MultiPartFeature.class);
        if (log != null && log.isDebugEnabled() && !isLoginRequest(path))
        {
            client.register(new ApiLoggingFilter(log));
        }

        return client.target(uri).path(path);
    }

Rebuild and mvn install so it goes into your local repository. Use the 2.2.2-SNAPSHOT version of the plugin in your Mule pom.xml and on the mvn command line for mvn deploy, add the values for -Ddeploy.proxy.uri=, etc for the values you need. The deployment plugin will use those values and the Apache HttpClient proxy implementation to connect to Anypoint through a proxy (including authenticating proxies if you include the two other properties).

siddharthgrd commented 6 years ago

Hi Dwaller, Could you please advise if this issue is closed and which version of jar I have to use for proxy?Thanks, Siddharth

rscadrde commented 6 years ago

Deploying with jenkins maven goal deploy -Dmule.deployment.type=cloudhub -Dmaven.test.skip=true -DskipMunitTests -DmuleDeploy -Dhttps.proxyHost=proxy.intdus.retail-sc.com -Dhttps.proxyPort=3128 works fine here.

siddharthgrd commented 6 years ago

mvn clean release:prepare release:perform -X -Darguments="-DskipTests -Dhttps.proxyHost=proxy -Dhttps.proxyPort=80 -Dhttps.proxyUser= -Dhttps.proxyPassword="

Throughs 407 proxy authorization error though we pass proxy details as parameter.Looks like Maven Release can't fork the parameters to Mule maven plugin? Please help urgently. Thanks, Siddharth

dwaller200 commented 6 years ago

I'm not sure authenticating proxy support is in Java as standard: https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html

I used eclipse and built a new Mule maven plugin with Apache HttpClient which does support authenticating proxies. I only needed version 2.2.1 of the Mule maven plugin, so the change over was pretty simple. Not sure about the latest branch of the Mule maven plugin.

siddharthgrd commented 6 years ago

Maven Mule Snaphost Build/Deploy with proxy autherisation works fine as parmater hwoever with Maven Release perform it is behaving intermittent and fails with 407 proxy authentication.It uses the same java as maven snapshot build uses right then why this issue is coming where it seems proxy user is not getting passed to the proxy server which is being passed as argument below? mvn release:prepare release:perform -X -Darguments="-Dhttps.proxyHost=proxy -Dhttps.proxyUser=user -Dhttps.proxyPassword=password -Dhttps.proxyPort=80"

Thanks, Siddharth

rscadrde commented 6 years ago

https.proxyUser=user is not supported out of the box by java (=407). The authentication needs to be set from the application itself. (via java.net.Authenticator.setDefault(Authenticator))

Solution for us was to change our proxy config on the server to accept deployconnections (*.mulesoft.org) from our jenkins IP without proxy authentication.

Workaround for local users is to use https://github.com/quaddy-services/escape-from-intranet and then put your proxy settings in the GUI and use -Dhttps.proxyHost=localhost

The escape-from-intranet will enrich the Proxy-Authentication header if missing.

siddharthgrd commented 5 years ago

Hi Stefan, We can't allow our proxy to to accept *.mulesoft.org as proxy authentication. The workaround you mentioned, could you please advise how I can achieve in Linux server? Using Jenkins I'm just running the maven command for this.How to use your workaround for this case? Please help me with the steps. Thanks, Siddharth

siddharthgrd commented 5 years ago

Since it is linux there is no GUI

siddharthgrd commented 5 years ago

or there is any other solution for Maven Release Mule deploy with proxy authentication here?I have tried below but didn't work out still - mvn clean release:prepare release:perform -X -Darguments="-DskipTests -Dhttps.proxyHost=** -Dhttps.proxyPort=80 -Dhttps.proxyUser=* -Dhttps.proxyPassword=-Djdk.http.auth.tunneling.disabledSchemes="""

rscadrde commented 5 years ago

"https.proxyPassword" will not help until mule-maven-plugin correctly registers it to java.net.Authenticator.setDefault(Authenticator)

How to exclude single domains from your proxy server you need to "google". (I just ask our network department to open destination URL for internal IP servers) In case you are running a squid proxy digging into your squid.conf may help: https://serverfault.com/questions/307503/squid-proxy-authorize-some-site-without-authentication

siddharthgrd commented 5 years ago

Hi Stefen,

I'm checking this with Mulesoft team to change as you advised. But is there any option for Maven Release to work with Mule Maven plugin with proxy authentication ?

Thanks, Siddharth

rscadrde commented 5 years ago

Hi Siddharth, For release you may try:

mvn -Dresume=false -U -P no-tests clean release:prepare release:perform -DpreparationGoals=clean -Darguments="-DskipMunitTests=true -Dmaven.test.skip=true"

with

        <profile> 
            <id>no-tests</id> 
            <properties> 
                <maven.test.skip.exec>true</maven.test.skip.exec> 
                <maven.javadoc.skip>true</maven.javadoc.skip>
            </properties> 
        </profile> 

in your ~/.m2/settings.xml

siddharthgrd commented 5 years ago

Hi Stefen,

Apologies is the above is for 407 proxy issue? On the other note -I tried implementing the logic which Dwaller has suggested but it failed in NTLM authentication and we need Basic AuthScheme.

Do you know where to update in the mule maven plugin to use as stated below?

https://stackoverflow.com/questions/27442177/disable-ntlm-on-apache-httpclient-4-3-6

[INFO] WARN 2018-12-17 16:40:52,882 [main] org.apache.http.impl.auth.HttpAuthenticator: NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) [INFO] WARN 2018-12-17 16:40:52,887 [main] org.apache.http.impl.auth.HttpAuthenticator: NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials [INFO] [ERROR] Failed: 407 Proxy Authorization Required: Proxy Authorization Required Thanks, Siddharth