Jetty 6: proxy

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Jetty 6: proxy

Alex Cohn
Jetty 6: proxy

Greg,

I wonder now if I placed my message in the right place. Anyway, you can see it at http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=7322&atid=307322 (under patches category).

The message goes as follows:
-----------------------
change for JettyExperimental

in an attempt to enable a proxy handler for JettyExperimental, I found that
org.mortbay.jetty.HttpGenerator needs a patch:

after line 310:
 boolean server_missing = true;

after line 406:
 case HttpHeaders.SERVER_ORDINAL:
 server_missing=false;

and, finally, before line 492, which reads
 _header.put(SERVER);

we added
 if (server_missing)

Reason: avoid duplicate Server: header in Proxy response.
----------------------

I'm not sure whether this change is in line with the spirit of your development, or whether and when you expect to have the ProxyHandler supported with Jetty 6.

Cheers,

Alex



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Greg Wilkins-5

Alex,

you placed your patch in exactly the right place.

My apologies for slow response and I will be on it in the next day or
two.

Thanks for the first patch to Jetty 6.  Other than this, how are you
finding Jetty 6? usable?

cheers


Alex Cohn wrote:

> Greg,
>
> I wonder now if I placed my message in the right place. Anyway, you can
> see it at
> http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=7322&atid=307322
> <http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=7322&atid=307322>
> (under patches category).
>
> The message goes as follows:
> -----------------------
> change for JettyExperimental
>
> in an attempt to enable a proxy handler for JettyExperimental, I found that
> org.mortbay.jetty.HttpGenerator needs a patch:
>
> after line 310:
>  boolean server_missing = true;
>
> after line 406:
>  case HttpHeaders.SERVER_ORDINAL:
>  server_missing=false;
>
> and, finally, before line 492, which reads
>  _header.put(SERVER);
>
> we added
>  if (server_missing)
>
> Reason: avoid duplicate Server: header in Proxy response.
> ----------------------
>
> I'm not sure whether this change is in line with the spirit of your
> development, or whether and when you expect to have the ProxyHandler
> supported with Jetty 6.
>
> Cheers,
>
> Alex
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals &
> computer viruses.
> ************************************************************************************



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

RE: Re: Jetty 6: proxy

Alex Cohn
In reply to this post by Alex Cohn
RE: [jetty-discuss] Re: Jetty 6: proxy

Greg,

One feature missing for Jetty 6 to become a compliant proxy is connection tunneling. Luckily, SSL is completely out of scope of my current interests.

Concerning usability of Jetty 6, I found it pretty easy to enable it as a Web proxy, but in a "quick and dirty" manner. I was going to spend few more days before I post here a tested and optimized version of ProxyHandler.

Cheers,
Alex

> -----Original Message-----
> From: [hidden email] [[hidden email]
> [hidden email]] On Behalf Of Greg Wilkins
> Sent: Wednesday, August 31, 2005 1:18
> To: [hidden email]
> Subject: [jetty-discuss] Re: Jetty 6: proxy
>
>
> Alex,
>
> you placed your patch in exactly the right place.
>
> My apologies for slow response and I will be on it in the next day or
> two.
>
> Thanks for the first patch to Jetty 6.  Other than this, how are you
> finding Jetty 6? usable?
>
> cheers
>
>
> Alex Cohn wrote:
> > Greg,
> >
> > I wonder now if I placed my message in the right place. Anyway, you can
> > see it at
> >
> http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=
> 7322&atid=307322
> >
> <http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id
> =7322&atid=307322>
> > (under patches category).
> >
> > The message goes as follows:
> > -----------------------
> > change for JettyExperimental
> >
> > in an attempt to enable a proxy handler for JettyExperimental, I found
> that
> > org.mortbay.jetty.HttpGenerator needs a patch:
> >
> > after line 310:
> >  boolean server_missing = true;
> >
> > after line 406:
> >  case HttpHeaders.SERVER_ORDINAL:
> >  server_missing=false;
> >
> > and, finally, before line 492, which reads
> >  _header.put(SERVER);
> >
> > we added
> >  if (server_missing)
> >
> > Reason: avoid duplicate Server: header in Proxy response.
> > ----------------------
> >
> > I'm not sure whether this change is in line with the spirit of your
> > development, or whether and when you expect to have the ProxyHandler
> > supported with Jetty 6.
> >
> > Cheers,
> >
> > Alex
> >
> >
> >
> >
> **************************************************************************
> **********
> > This footnote confirms that this email message has been scanned by
> > PineApp Mail-SeCure for the presence of malicious code, vandals &
> > computer viruses.
> >
> **************************************************************************
> **********
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> jetty-discuss mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-discuss
> This mail scanned by Flashnetworks.com
>
> **************************************************************************
> **********
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer
> viruses.
> **************************************************************************
> **********



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: Re: Jetty 6: proxy

Russell Howe
Alex Cohn wrote:
> Greg,
>
> Concerning usability of Jetty 6, I found it pretty easy to enable it as
> a Web proxy, but in a "quick and dirty" manner. I was going to spend few
> more days before I post here a tested and optimized version of ProxyHandler.

Are you talking about Jetty as a proxy for user agents accessing other
websites, or proxy as in the Apache mod_proxy sense where you can use
Apache to transparently pass requests on to another web server?

The latter functionality is something I'd love to have.. I'd like to use
a JAAS LoginModule to authenticate access to a webapp on another
(non-Java) server. Is this possible, or would it require an extra chunk
of code to be written for Jetty?

--
Russell Howe
[hidden email]


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Alex Cohn
In reply to this post by Alex Cohn
Re: Jetty 6: proxy

Russel,

I am talking about enabling exactly the functionality provided by Jetty 5 with ProxyHandler (see etc/proxy.xml for configuration example). I don’t understand the difference between the two types of proxies you refer to, but I believe that it resembles Apache’s mod_proxy more or less. This is not a production-grade Web proxy because it will lack important features like caching, and I have never considered its authentication capabilities.

The two reasons for my current effort are - to understand Jetty 6 better through this, and to see how the result is capable of handling 10K "users" (open HTTP connections), of which number only few are "active". This is the case where, we hope, the NIO architecture of Jetty Experimental could bring an immediate gain.

Cheers,

Alex

> -----Original Message-----
>
> Alex Cohn wrote:
> > Greg,
> >
> > Concerning usability of Jetty 6, I found it pretty easy to enable it as
> > a Web proxy, but in a "quick and dirty" manner. I was going to spend few
> > more days before I post here a tested and optimized version of
> > ProxyHandler.
>
> Are you talking about Jetty as a proxy for user agents accessing other
> websites, or proxy as in the Apache mod_proxy sense where you can use
> Apache to transparently pass requests on to another web server?
>
> The latter functionality is something I'd love to have.. I'd like to use
> a JAAS LoginModule to authenticate access to a webapp on another
> (non-Java) server. Is this possible, or would it require an extra chunk
> of code to be written for Jetty?
>
> --
> Russell Howe
> [hidden email]



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Bugzilla from giacof@tiscali.it
In reply to this post by Russell Howe
Russell Howe <russell_howe <at> wreckage.org> writes:

>
> Alex Cohn wrote:
> > Greg,
>
> Are you talking about Jetty as a proxy for user agents accessing other
> websites, or proxy as in the Apache mod_proxy sense where you can use
> Apache to transparently pass requests on to another web server?
>
> The latter functionality is something I'd love to have.. I'd like to use
> a JAAS LoginModule to authenticate access to a webapp on another
> (non-Java) server. Is this possible, or would it require an extra chunk
> of code to be written for Jetty?
>

Hi!
I developed a subclass of ProxyHandler called ChainedProxyHandler, which
implements a transparent proxy you can chain to another outbound proxy: all you
have to do is to set Java properties "http.proxyHost", "http.proxyPort" and
"proxySet".
It supports CONNECT method too, which doesn't work with ProxyHandler if you set
those properties.
At the moment I'm testing the class ChainedProxyHandler with Jetty-5.1.5rc1.
I'm not sure it could be helpful to you, but in such case I could submit it as a
new feature.
cheers



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Re: Jetty 6: proxy

Russell Howe
Jack wrote:

> Hi!
> I developed a subclass of ProxyHandler called ChainedProxyHandler, which
> implements a transparent proxy you can chain to another outbound proxy: all you
> have to do is to set Java properties "http.proxyHost", "http.proxyPort" and
> "proxySet".
> It supports CONNECT method too, which doesn't work with ProxyHandler if you set
> those properties.
> At the moment I'm testing the class ChainedProxyHandler with Jetty-5.1.5rc1.
> I'm not sure it could be helpful to you, but in such case I could submit it as a
> new feature.

Hm, I'm talking about the ability for Jetty to proxy an incoming request
onto another web server without the user agent's knowledge. It sounds
like ProxyHandler and ChainedProxyHandler are proxies in the same vein
as Squid, or am I getting myself confused?

I'm after a way to for Jetty to pass an incoming HTTP request as-is onto
another web server and feed the response back to the user agent.

Let's say I have an IIS server somewhere, and I want to say "All
requests matching /iis-stuff/* should be proxied on to the IIS box".

I'd like to be able to do that, and should a request come which looks like

GET http://jettyserver/iis-stuff/foo HTTP/1.0

it would be passed on to the IIS server by Jetty and the response from
IIS proxied back to the client by Jetty.

I can do this with Apache (and am doing) but I'd like to be able to do
it from Jetty (hopefully also with the ability to have Jetty handle the
authentication and authorisation).

--
Russell Howe
[hidden email]


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

RE: Re: Jetty 6: proxy

Alex Cohn
In reply to this post by Alex Cohn
RE: [jetty-discuss] Re: Jetty 6: proxy

> Russell wrote:
>
> Hm, I'm talking about the ability for Jetty to proxy an incoming request
> onto another web server without the user agent's knowledge. It sounds
> like ProxyHandler and ChainedProxyHandler are proxies in the same vein
> as Squid, or am I getting myself confused?
>
> I'm after a way to for Jetty to pass an incoming HTTP request as-is onto
> another web server and feed the response back to the user agent.
>
> Let's say I have an IIS server somewhere, and I want to say "All
> requests matching /iis-stuff/* should be proxied on to the IIS box".
>
> I'd like to be able to do that, and should a request come which looks like
>
> GET http://jettyserver/iis-stuff/foo HTTP/1.0
>
> it would be passed on to the IIS server by Jetty and the response from
> IIS proxied back to the client by Jetty.
>
> I can do this with Apache (and am doing) but I'd like to be able to do
> it from Jetty (hopefully also with the ability to have Jetty handle the
> authentication and authorisation).

This is not the functionality I am taking care of at this time. It is available neither for Jetty 5 nor for Jetty 6.

Sorry,

Alex



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Bugzilla from giacof@tiscali.it
In reply to this post by Russell Howe
Russell Howe <russell_howe <at> wreckage.org> writes:

> Hm, I'm talking about the ability for Jetty to proxy an incoming request
> onto another web server without the user agent's knowledge. It sounds
> like ProxyHandler and ChainedProxyHandler are proxies in the same vein
> as Squid, or am I getting myself confused?
>
> I'm after a way to for Jetty to pass an incoming HTTP request as-is onto
> another web server and feed the response back to the user agent.
>

Sorry, I don't use Squid. Anyway, ChainedProxyHandler implements a (highly)
anonymous proxy, which takes *any* incoming HTTP/HTTPS request and passes
it to the host you set in the previously mentioned java properties (which
is expected to be a chained proxy server), without making any change to the
request header (ie. it adds no Via field); then it gets the host's reply and
feeds it as-is back to the client.


> Let's say I have an IIS server somewhere, and I want to say "All
> requests matching /iis-stuff/* should be proxied on to the IIS box".
>
> I'd like to be able to do that, and should a request come which looks like
>
> GET http://jettyserver/iis-stuff/foo HTTP/1.0
>
> it would be passed on to the IIS server by Jetty and the response from
> IIS proxied back to the client by Jetty.
>

hmmm, you could set the proxy properties as your IIS server host and port,
but I'm not that sure it would work like a *real* proxy. Anyway, shouldn't
it work, I think I could provide a slightly modified class to work around it.
If you want just the pattern-matching URI be forwarded, you should create a
subclass of ChainedProxyHandler and override method:

protected URL isProxied(URI uri)

which returns null when the pattern is not matched.
Of course you should also add a ResourceHandler to handle all non-matching
requests.

> I can do this with Apache (and am doing) but I'd like to be able to do
> it from Jetty (hopefully also with the ability to have Jetty handle the
> authentication and authorisation).
>

Again, all authentication and authorisation fields in both request and
response are passed transparently to the host and fed back




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Greg Wilkins-5
In reply to this post by Russell Howe
Russell,

the behaviour you want is supported with the badly named method on
ProxyHandler

 URL isProxied(URI uri)

If you extend the ProxyHandler and implement this method to
map incoming URIs to outgoing URLs, then you will get what you want.

The default implementation just assumes the URI is the URL (as in
a proxied request) and returns the URI as a URL.

cheers



Russell Howe wrote:

> Alex Cohn wrote:
>
>>Greg,
>>
>>Concerning usability of Jetty 6, I found it pretty easy to enable it as
>>a Web proxy, but in a "quick and dirty" manner. I was going to spend few
>>more days before I post here a tested and optimized version of ProxyHandler.
>
>
> Are you talking about Jetty as a proxy for user agents accessing other
> websites, or proxy as in the Apache mod_proxy sense where you can use
> Apache to transparently pass requests on to another web server?
>
> The latter functionality is something I'd love to have.. I'd like to use
> a JAAS LoginModule to authenticate access to a webapp on another
> (non-Java) server. Is this possible, or would it require an extra chunk
> of code to be written for Jetty?
>



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Greg Wilkins-5
In reply to this post by Alex Cohn

In CVS now with a rename.

thanks


Alex Cohn wrote:

> Greg,
>
> I wonder now if I placed my message in the right place. Anyway, you can
> see it at
> http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=7322&atid=307322
> <http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=7322&atid=307322>
> (under patches category).
>
> The message goes as follows:
> -----------------------
> change for JettyExperimental
>
> in an attempt to enable a proxy handler for JettyExperimental, I found that
> org.mortbay.jetty.HttpGenerator needs a patch:
>
> after line 310:
>  boolean server_missing = true;
>
> after line 406:
>  case HttpHeaders.SERVER_ORDINAL:
>  server_missing=false;
>
> and, finally, before line 492, which reads
>  _header.put(SERVER);
>
> we added
>  if (server_missing)
>
> Reason: avoid duplicate Server: header in Proxy response.
> ----------------------
>
> I'm not sure whether this change is in line with the spirit of your
> development, or whether and when you expect to have the ProxyHandler
> supported with Jetty 6.
>
> Cheers,
>
> Alex
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals &
> computer viruses.
> ************************************************************************************



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

RE: Re: Jetty 6: proxy

Alex Cohn
In reply to this post by Alex Cohn
RE: [jetty-discuss] Re: Jetty 6: proxy

Jack,

There is http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.34 Proxy-Authorization HTTP request header (and Proxy-Authenticate for response) to provide exactly this functionality.

Enjoy,
Alex

> -----Original Message-----
> > I can do this with Apache (and am doing) but I'd like to be able to do
> > it from Jetty (hopefully also with the ability to have Jetty handle the
> > authentication and authorisation).
> >
>
> Again, all authentication and authorisation fields in both request and
> response are passed transparently to the host and fed back



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

RE: Re: Jetty 6: proxy

Alex Cohn
In reply to this post by Alex Cohn
RE: [jetty-discuss] Re: Jetty 6: proxy

Thanks
Alex

> -----Original Message-----
> From: [hidden email] [[hidden email]
> [hidden email]] On Behalf Of Greg Wilkins
> Sent: Wednesday, August 31, 2005 20:44
> To: [hidden email]
> Subject: [jetty-discuss] Re: Jetty 6: proxy
>
>
> In CVS now with a rename.
>
> thanks
>
>
> Alex Cohn wrote:
> > Greg,
> >
> > I wonder now if I placed my message in the right place. Anyway, you can
> > see it at
> >
> http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id=
> 7322&atid=307322
> >
> <http://sourceforge.net/tracker/index.php?func=detail&aid=1275915&group_id
> =7322&atid=307322>
> > (under patches category).
> >
> > The message goes as follows:
> > -----------------------
> > change for JettyExperimental
> >
> > in an attempt to enable a proxy handler for JettyExperimental, I found
> that
> > org.mortbay.jetty.HttpGenerator needs a patch:
> >
> > after line 310:
> >  boolean server_missing = true;
> >
> > after line 406:
> >  case HttpHeaders.SERVER_ORDINAL:
> >  server_missing=false;
> >
> > and, finally, before line 492, which reads
> >  _header.put(SERVER);
> >
> > we added
> >  if (server_missing)
> >
> > Reason: avoid duplicate Server: header in Proxy response.
> > ----------------------
> >
> > I'm not sure whether this change is in line with the spirit of your
> > development, or whether and when you expect to have the ProxyHandler
> > supported with Jetty 6.
> >
> > Cheers,
> >
> > Alex
> >
> >
> >
> >
> **************************************************************************
> **********
> > This footnote confirms that this email message has been scanned by
> > PineApp Mail-SeCure for the presence of malicious code, vandals &
> > computer viruses.
> >
> **************************************************************************
> **********
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> jetty-discuss mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-discuss
> This mail scanned by Flashnetworks.com
>
> **************************************************************************
> **********
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer
> viruses.
> **************************************************************************
> **********



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Bugzilla from giacof@tiscali.it
In reply to this post by Greg Wilkins-5
Greg Wilkins <gregw <at> mortbay.com> writes:

>
> Russell,
>
> the behaviour you want is supported with the badly named method on
> ProxyHandler
>
>  URL isProxied(URI uri)
>
> If you extend the ProxyHandler and implement this method to
> map incoming URIs to outgoing URLs, then you will get what you want.
>
> The default implementation just assumes the URI is the URL (as in
> a proxied request) and returns the URI as a URL.
>
> cheers
>

Hi Greg, I think I misunderstood the original request: I should have noticed
there's no need of a second proxy to go through, in that case.
Sorry to mess it up...

Anyway, if I try to use ProxyHandler to implement a proxy which runs behind a
firewall, thus setting the java properties "http.proxyHost" and
"http.proxyPort", I will get an exception whenever a CONNECT request is
handled.
Looking at the code, from line 372:

            InetAddrPort addrPort=new InetAddrPort(uri.toString());

            if
(isForbidden(HttpMessage.__SSL_SCHEME,addrPort.getHost(),
             addrPort.getPort(),false))
            {
                sendForbid(request,response,uri);
            }
            else
            {
                Socket socket = new
Socket(addrPort.getInetAddress(),addrPort.getPort());

The new Socket() call fails, as you cannot directly access the requested
resource if you have to pass through a chained proxy/firewall.
Do you think there could be a smart way to get around it?



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Jetty 6: proxy

Bugzilla from giacof@tiscali.it
In reply to this post by Alex Cohn
Alex Cohn <AlexCohn <at> flashnetworks.com> writes:

>
>
> Jack,
>
> There is http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.34
Proxy-Authorization HTTP request header (and Proxy-Authenticate for response) to
provide exactly this functionality.
> Enjoy,
> Alex
>

yep,

> A proxy MAY relay the credentials from the client request to the next proxy
> if that is the mechanism by which the proxies cooperatively authenticate a
> given request.

in fact, my proxy is designed to work behind a firewall, and that's the only
node which demands authentication.

bye,
Jack



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss