Cuba Studio behind an Enterprise firewall proxy server

I am having trouble using Cuba Studio behind an Enterprise firewall proxy server .

Creating a new Cuba Project fails to download gradle for me with the below Error message .

Server returned HTTP response code: 503 for URL: https://downloads.gradle-dn.com/distributions/gradle-5.6.4-bin.zip

This error is generated regardless which repository is used (http://dl.binary or http://repo.Cuba-platform )

I need to know what is the best practices to use cuba Studio behind firewall ?
And is there a specific lists of websites or IP address I need InfoSec need to whitelist for me in order to overcome these Issues

Thanks

Hi,
Configuring your workspace when using proxy server is described here:
https://doc.cuba-platform.com/studio/#install_proxy_setup

Yes already did this setup (CUBA Studio) proxy settings & Gradle proxy settings and restarted , But still no look .
Is there any other checks I can do ?

Well, they should work if you specified necessary properties.

Is there any instruction for a given software product, how to configure applications that require external http access (especially java applications)?

the firewall was disabling access to dl.binary and repo.cuba-platform
So after whitelisting these URLs now I am getting a different error :

FAILURE: Build failed with an exception.

  • What went wrong:
    A problem occurred configuring root project ‘untitled11’.

Could not resolve all artifacts for configuration ‘:classpath’.
Could not resolve com.haulmont.gradle:cuba-plugin:7.2.6.
Required by:
project :
Could not resolve com.haulmont.gradle:cuba-plugin:7.2.6.
Could not get resource ‘https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.6/cuba-plugin-7.2.6.pom’.
Could not HEAD ‘https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.6/cuba-plugin-7.2.6.pom’.
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  • Try:
    Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

  • Get more help at https://help.gradle.org

CONFIGURE FAILED in 619ms

Also tring to access the below link:
https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.6/cuba-plugin-7.2.6.pom

gives me this error :

{
  "errors" : [ {
    "status" : 404,
    "message" : "Could not find resource"
  } ]
}

I tried a different repository but still the same Error ,
Any Ideas???

Could not resolve all artifacts for configuration ‘:classpath’.
Could not resolve com.haulmont.gradle:cuba-plugin:7.2.7.
Required by:
project :
Could not resolve com.haulmont.gradle:cuba-plugin:7.2.7.
Could not get resource ‘https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.7/cuba-plugin-7.2.7.pom’.
Could not GET ‘https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.7/cuba-plugin-7.2.7.pom’.
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is this a certificate Issue ?
I noticed that when accessing the pom file from Internet explorer (which downloads from IE BTW), I can see that the issuer for the certificate is our firewall SW .

Do I need to import our company CA certificate for this to work, or Cuba studio do this automatically ?

Hi,

If you open https://repo.cuba-platform.com/content/groups/work/com/haulmont/gradle/cuba-plugin/7.2.7/cuba-plugin-7.2.7.pom address in your browser - then the correct answer should be “http 401 unauthorized”, because this repository needs http authentication (user: cuba, password: cuba123).

E.g. see these declarations with password in build.gradle:

        maven {
            url 'https://repo.cuba-platform.com/content/groups/work'
            credentials {
                username(rootProject.hasProperty('repoUser') ? rootProject['repoUser'] : 'cuba')
                password(rootProject.hasProperty('repoPass') ? rootProject['repoPass'] : 'cuba123')
            }
        }

If you get certificate exceptions - this means that something in your network (either a controlling software used by your company, or a malware) is trying to be “the man in the middle” in the SSL negotiation process.
You need to download the certificate, e.g. with web browser, review it and if it’s trusted - then add to the certificate store of your computer and probably, to certificate stores of JDK you use for developing the code and JRE used by the IntelliJ IDEA / CUBA Studio.

The certificate for the proxy server is already added to my certificate store and the JDK , However I noticed there are 2 Java keystores
C:\Users\XXX.CubaStudio2019.2\system\tasks\cacerts
C:\Program Files\Haulmont\CUBA Studio 2019.2\jbr\lib\security\cacerts

It is already added on the first path , but How do I make sure that cuba studio does not look for the certificate in the second path ?

Is there any way to diagnose certificate errors from cuba studio ?

According to this topic:


You are doing it right.

Check the idea.log file (Help -> Show Log in Explorer) for errors.

Note that when Gradle builds the project and downloads dependencies - it uses another JRE, the one which is specified as Project SDK. So you might need to add root certificate there too.