Proxy servers within computer subnetworks

What is claimed is: 1. A method of processing messages transmitted between computer networks, the method comprising: receiving a first message from a client device at a proxy server within a subnetwork of an internal computer network, the proxy server exposing a set of web applications or services executing on one or more back-end computer servers of the internal computer network to an external computer network, wherein the proxy server is implemented on one or more computer servers separate from the external computer network and separate from back-end computer servers of the internal computer network executing the set of web applications or services of the internal computer network; determining that the first message is an individual message within an application processing flow that comprises a plurality of bi-directional messages between the client device and one or more computer servers; determining whether the client device from which the first message was received is (a) an internal client device operating within the internal computer network, or (b) an external client device operating within the external computer network; analyzing the first message from the client device to determine whether or not the first message is a response to a previous request; determining whether the application processing flow containing the first message is (a) for a proxy application or (b) for a virtual application, based on whether the first message was received from an internal client device or an external client device, and based on whether or not the first message is a response to a previous request; configuring the proxy server to operate either as (a) a forward proxy server, or (b) a reverse proxy server, based on the determination that the client device of the processing flow is either for an virtual application or for a proxy application, wherein said configuring comprises: (i) in response to determining that (a) the application processing flow is for a proxy application, configuring the proxy server to operate in forward proxy mode; or (ii) in response to determining that (b) the application processing flow is for a virtual application, configuring the proxy server to operate in reverse proxy mode; wherein the proxy server is configured to implement a first set of security protocols for processing messages in when operating in forward proxy mode, and a second different set of security protocols for processing messages in when operating in reverse proxy mode; determining a current point for the first message within the application processing flow; selecting a policy for processing the first message from a plurality of policies for processing messages within the proxy server, wherein the selection is based on both (a) whether the proxy server is configured to operate in forward proxy mode or reverse proxy mode, and (b) the current point in the application processing flow; processing the first message in accordance with the selected policy; and after processing the first message, transmitting the first message to a destination. 2. The method of claim 1 , wherein the proxy server includes a security proxy, and wherein the selected policy comprises machine-executable code that invokes one or more web services security policies. 3. The method of claim 1 , wherein the one or more computer servers on which the proxy server is implemented operate within a physical subnetwork of the internal computer network. 4. The method of claim 1 , wherein the one or more computer servers on which the proxy server is implemented are configured to executed a proxy server application within a logical subnetwork of the internal computer network. 5. The method of claim 1 , wherein determining the current point for the first message within the processing flow comprises: determining that an error has occurred during the application processing flow for the first message; and wherein selecting the policy for processing the first message is based on the determination that the error has occurred. 6. The method of claim 1 , further comprising: receiving one or more user credentials associated with the first message, wherein the first message corresponds to a request from the client device to access a first web service; and authenticating, using the user credentials, a first user associated with the request. 7. The method of claim 6 , further comprising: determining that an authentication token of a first token type is required to access the first web service; retrieving a first authentication token from a web service of the internal computer network, wherein the first authentication token is of the first token type and is associated with the first user; and using the first authentication token to access the first web service in accordance with the request. 8. The method of claim 1 , further comprising: executing an OnRequest( ) an Onlnvoke( ) an OnResponse( ) or an onError( ) method based on the determined current point in the application processing flow. 9. The method of claim 1 , wherein the first message is sent from an external client device to a back-end computer server of the internal computer network, wherein determining that the client device of the application processing flow is either an internal client device or an external client device comprises determining that an original message of the application processing flow was a request from an internal client device to a back-end computer server of the external computer network, and wherein configuring the proxy server to operate in either forward proxy mode or in reverse proxy mode comprises configuring the proxy server to operate in forward proxy mode in response to determining that the original message of the application processing flow was a request from an internal client device to a back-end computer server of the external computer network. 10. The method of claim 1 , wherein the first message is sent from an internal client device to a back-end computer server of the external computer network, wherein determining that the client device of the application processing flow is either an internal client device or an external client device comprises determining that an original request of the application processing flow was a request from an external client device to a back-end computer server of the internal computer network, and wherein configuring the proxy server to operate either in forward proxy mode or in reverse proxy mode comprises configuring the proxy server to operate in reverse proxy mode in response to determining that the original message of the application processing flow was a request from an external client device to a back-end computer server of the internal computer network. 11. The method of claim 1 , further comprising: determining that the first message corresponds to a request for a first resource exposed by a first Representational State Transfer (REST) web service within the proxy server; in response to determining that the first resource is exposed by the first REST web service, invoking the first REST web service within the proxy server; and during execution of the first REST web service within the proxy server, invoking a second REST web service within a computer server in the internal computer network, wherein the first REST web service within the proxy server exposes a plurality of resources, including at least one resource configured to invoke the second REST web service, and including at least one resource configured to invoke a third REST web service exposed by a different computer server in the internal computer network. 12. The method of claim 1 , further comprising: determining that th