This document shows how to configure Grouper to use a forward proxy to make HTTP/FTP calls. This document is written for Grouper version v2.6.5+
Different parts of Grouper use HTTP different ways, so this assumes that the part of Grouper you are using is coded with the GrouperHttpClient class. As of v2.6.5+ all the HTTP traffic implemented in the grouper.jar (main java API) uses GrouperHttpClient.
There are three ways to configure proxies in Grouper
GrouperHttpClient uses Apache commons HTTP client and it is intended to accept JVM variables to configure the proxy globally. https://docs.oracle.com/javase/6/docs/technotes/guides/net/proxies.html
Note: if you are setting a global proxy then you shouldn't set a grouper.properties proxy or a configuration specific proxy-Dhttps.proxyHost=proxy.example.com -Dhttps.proxyPort=1234 -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=1234 -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.school.edu and if you need authentication, you can also set these: -Dhttps.nonProxyHosts -Dhttps.proxyUser -Dhttps.proxyPassword -Dhttp.nonProxyHosts -Dhttp.proxyUser -Dhttp.proxyPassword you can set this via container env var (e.g. for a simple config): GROUPER_EXTRA_CATALINA_OPTS='-Dhttps.proxyHost=1.2.3.4 -Dhttps.proxyPort=1234 -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.school.edu'
grouper.properties has proxy configuration for regexes of URLs
################################## ## Proxy config ################################## # proxy requests here, e.g. https://server:1234 # {valueType: "string"} grouper.http.proxy.url = # socks or http # {valueType: "string", formElement: "dropdown", optionValues: ["PROXY_HTTP", "PROXY_SOCKS5"]} grouper.http.proxy.type = # if this is blank then all urls are included by default. If there is a regex here, then only include urls that match, e.g. ^abc$ # {valueType: "string"} grouper.http.proxy.includeUrlRegexPattern = # if this is blank then excludes are not considered by default. If there is a regex here, then only exclude urls that match, e.g. ^abc$ # {valueType: "string"} grouper.http.proxy.excludeUrlRegexPattern =
- The specific function you are working with has configuration also (e.g. each external system)
Setting up a test proxy
docker run --name squid -d --restart=always --publish 3128:3128 sameersbn/squid:3.5.27-2 docker exec -it squid bash sudo apt-get update apt-get install vim vim /etc/squid/squid.conf // open up access for a workstation (assume firewalled off) acl all src 0.0.0.0/0 http_access allow all docker restart squid tail -f /var/log/squid/access.log
This will then work
GrouperHttpClient grouperHttpClient = new GrouperHttpClient(); grouperHttpClient.assignGrouperHttpMethod(GrouperHttpMethod.get); grouperHttpClient.assignUrl("https://grouperdemo.internet2.edu"); grouperHttpClient.assignProxyType(GrouperProxyType.PROXY_HTTP); grouperHttpClient.assignProxyUrl("http://1.2.3.4:3128"); // IP address of docker grouperHttpClient.executeRequest(); System.out.println(grouperHttpClient.getResponseCode() + ", " + grouperHttpClient.getResponseBody());