Max prepared a demo for presales. He wanted to show that his company offered the recent technology trend, Internet of Things (IoT). Hence, he focused on the promise of enabling many applications to communicate with others over the internet. After spending a whole night, finally he finished the project. Then he went to sleep and hoped tomorrow the prospective client will be impressed.
Just a few minutes before the scheduled release, his project couldn't completely run. Errors about the internet connection. The connection request was rejected by the Firewall. He was frustrated, because everything was OK last night when he tested at home.
Max’s story might have happened to you in real life, and it happened to my team. Most developers do not realize how they connect to the internet, whether direct connection or through a firewall. It might be caused by the network infrastructure already prepared by IT support, or the development environment set by a senior or previous employee. Consequently, when facing this kind of issue, they will try to debug, review, and retest the project code. Obviously, it will not solve the issue.
This experience usually occurs in a company using a firewall. In particular, a company with an ISA firewall which requires NTLM authentication, a Microsoft security protocol that handles the user authentication service. Along with this, some applications written in Java (e.g., Anypoint Studio on the top of Eclipse, and Maven) do not support NTLM authentication natively.
To solve this issue, we need a mediator as an authentication proxy. It stands between the application and the corporate proxy, adding NTLM authentication on-the-fly1. This mediator is CNTLM, an NTLM authenticating HTTP proxy. Since all network connectivity issues will be handled by this mediator, the application, through Eclipse or Maven, only needs to be configured to connect via CNTLM.
How to Install CNTLM?2
- Install the latest version of CNTLM from http://cntlm.sourceforge.net.
- Edit the cntlm.ini
- This file is located in [installation folder].
- Add/replace the following lines:
- The method above exposes our company password in the file cntlm.ini. If this makes you uncomfortable, then we can do this instead: Instead of adding 3 lines including the password, just enter 2 lines such as:
- Save it.
- Since we did not enter the password, then we need to create hashed password. To do this, open Command Prompt and open the [installation folder].
- Execute the following command: cntlm –H
- Type the password and press enter.
- Copy and paste the 3 lines into cntlm.ini
- Then add the proxy URL.
- Please contact IT support for the URL.
- Or open Forefront TMG Client >> Settings. Then copy the value from: Forefront TMG Selection.
- We can put more than one proxy URL.
- Finally, restart CNTLM by typing the following command in the Command Prompt.
Or we can choose another alternative (and preferably if we are using Win7) to start and stop CNTLM service from Service Admin panel:
C:\Program Files (x86)\Cntlm> net stop cntlm C:\Program Files (x86)\Cntlm> net start cntlm
Username company_username Domain company Password company_password
Username company_username Domain company
PassLM 0995AB853CB1FA544AE7935149206237 PassNT 0DC7087DD2312E5C97C8A83DA3FE88F3 PassNTLMv2 A675EECD6EA3712844495A04472CF948 # Only for user 'company_username', domain 'company'
Configure Anypoint Studio
Once CNTLM is running, then we need to configure Anypoint Studio and Maven. These applications will connect to the network via CNTLM. Hence, open Anypoint Studio and then:
- Select Window menu >> Preferences.
- Type network, in the search field.
- Select Network Connections from the tree on the left side, then a new section will be displayed on the right side.
- Select Active Provider = Manual.
- Double click on of Proxy Entries, e.g.: HTTP, and complete the following configurations:
- Host = localhost
- Port = 3128 (CNTLM listens this port by default)
- User = [company domain]\[username]
- Password = [password]
- Click OK to save the configuration.
For development in different network, then just change the Active Provider option in Anypoint Studio as required:
- Direct: connect to the network without the use of proxy server
- Manual: connect using the settings defined in Anypoint Studio
- Native: connect using the settings defined in the OS.
Assuming we have installed Maven by extracting the binary zip file from http://maven.apache.org/download.cgi to a certain [installation folder]. And also have set the following configurations:
- Add M2_HOME environment variable
- To modify the PATH environment variable, append the following:
- Then we have to add another configuration to connect to the network via CNTLM. Add the following in settings.xml inside the <proxies> … </proxies> segment. The settings.xml file is located in Maven [installation folder]/conf folder.
<proxy> <active>true</active> <protocol>http</protocol> <host>localhost</host> <port>3128</port> </proxy>
- After finishing those configurations, we can start/continue developing Mule Projects from behind the Firewall. Because the Microsoft’s related authentication which is not supported by Java-based applications, now already handled by CNTLM. So, welcome to the IoT world!