Step 5: Use the Stored Proxy Password in Your Tomcat Configuration

After storing the proxy password in the password vault, you must configure the proxy connection for Code Insight in the catalina. properties file. This configuration will point to the secured password by its alias name so that proxy server can be accessed.

note

When you have configured Tomcat Vault to store the encrypted password, you must set up the connection with the proxy server in catalina.properties. This differs from the setup of a proxy connection with an unencrypted password, which is configured in the catalina.sh/.bat file, as described in Configuring the Proxy Server Connection Using an Unencrypted Password.

To set up the proxy connection using the encrypted password, do the following:

Navigate to the <CODE_INSIGHT_ROOT_DIR>/tomcat/conf folder, where <CODE_INSIGHT_INSTALL_DIR> is the directory in which Code Insight is installed.
Open the file catalina.properties file for editing.
Add the following properties to the file content:
- https.proxyHost=<proxyHost>
- https.proxyPort=<proxyPort>
- https.proxyUser=<proxyUser>
- https.proxyPassword=$\{VAULT::<block_name>::<attribute_name>::\}
- proxyProtocol=<proxyTransferProtocol>
- jdk.http.auth.tunneling.disabledSchemes=
- where these values are provided:
- proxyHost—The IP address or Hostname of the proxy server.
- proxyPort—The port used for the proxy connection.
- proxyUser—The user name used to authenticate the proxy connection.
- proxyPassword—The identifier for the encrypted password used to authenticate the proxy connection, where:
  - block_name is a user-defined location for the password in the password vault
  - attribute_name is the alias for the password
- Both of these parameters were defined when the proxy password was stored in the password vault. Using the example in Step 4: Store the Proxy Password in the Vault, you would enter the following property:
- https.proxyPassword=$\{VAULT::my_block::proxy_pwd::\}
- Note that, on an Ubuntu machine, you must use parentheses instead of brackets:
- https.proxyPassword=$(VAULT::my_block::proxy_pwd::)
- proxyTransferProtocol—Either http or https.
Save catalina.properties.
Navigate to the <CODE_INSIGHT_ROOT_DIR>``config/core folder, and open the jets3t.properties file.
Edit the file as follows and then save it. (This configuration ensures that the Analysis Workbench dual-pane feature, enabling users to download and compare remote files, directs its calls properly through the proxy.)
- Set httpclient.proxy-autodetect parameter to false to ensure that the correct proxy is used (that is, the one defined for Code Insight here and in the catalina file).
- Set the same proxy host, port, and user ID used in step 3.
- For the password, enter the plain-text version of the password that you stored in the vault in Step 4: Store the Proxy Password in the Vault. This is the value you entered for sec_attr (in silent mode) or Please enter secured attribute value (in interactive mode).
- Provide the proxy domain name for httpclient.proxy-domain, if one is used.
Restart the Tomcat server so the proxy server configuration takes effect. For information about stopping and restarting Tomcat, see Starting and Stopping Tomcat.
Check the logs. The first item listed should be the following:
```
org.apache.tomcat.vault.security.vault.PicketBoxSecurityVault.init Default Security Vault Implementation Initialized and Ready
```
- This message indicates that the password vault storing the encrypted password is ready for use by the proxy connection.