Description
Use of Java Web Start Environment
The page being requested through a FortiWeb unit is simple HTML. When accessing an application page created with the Java Web Start Environment the requests are made by the FortiWeb, nothing appears in the browser.
FortiWeb is deployed as a reverse proxy, inline mode.
The problem requires application side changes to enable the Network Address Translation used between the virtual and physical servers to be supported by Java Web Start (JWS).
How Java Web Start Works
1. The web browser submits an HTTP GET to a jnlp/jws file from web server.
2. The jnlp/jws response is:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Mon, 10 Nov 2008 10:00:06 GMT
Content-Type: application/x-java-jnlp-file
Content-length: 2512
Date: Tue, 21 Jul 2009 03:40:04 GMT
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" codebase="http://172.22.14.202:8080/webpad/app/">
<information>
<title>WebPad 1.0</title>
<vendor>Sun Microsystems, Inc.</vendor>
</information>
<resources>
<property name="jnlp.publish-url" value="http://172.22.14.202:8080/webpad/publish"/>
<j2se version="1.3+" href="http://java.sun.com/products/autodl/j2se"/>
<jar href="webpad.jar" version="1.0"/>
<jar href="jlfgr.jar" version="1.0"/>
<extension name="Help System" href="javahelp.jnlp">
<ext-download ext-part="javahelp" download="lazy" part="help"/>
</extension>
<jar href="holidays.jar" version="1.0" download="lazy" part="help"/>
</resources>
<application-desc main-class="WebPad"/>
</jnlp>
3. javaws application on client PC will try to fetch required jar files from "codebase" location. When there is a proxy/firewall in between client and server, that problem comes. Because the "codebase" points to the real web server IP instead of the NATed IP (virtual IP), the client will fail to connect to the real web server IP directly which is behind a proxy/firewall.
Scope
FortiWeb Release 3.2
Solution
According to Java Web Start Developers Guide, there are two solutions:
1. Java Web Start software must be configured with the correct proxy settings to launch applications from outside your firewall. Java Web Start software will automatically try to detect the proxy settings from the default browser on your system (Internet Explorer or Netscape browsers on Microsoft Windows, and Netscape browsers on the Solaris Operating Environment and Linux).
Java Web Start technology supports most web proxy auto-configuration scripts. It can detect proxy settings in almost all environments.
2. You can also use the Java Web Start Control Panel to view or edit the proxy configuration. Run javaws -viewer in Windows by going to Start Menu > Run and configure the proxy settings.
