Package io.hawt.web.proxy

Class ProxyServlet

  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
    public class ProxyServlet
extends javax.servlet.http.HttpServlet
    An HTTP reverse proxy/gateway servlet. It is designed to be extended for customization if desired. Most of the work is handled by Apache HttpClient.

    There are alternatives to a servlet based proxy such as Apache mod_proxy if that is available to you. However this servlet is easily customizable by Java, secure-able by your web application's security (e.g. spring-security), portable across servlet engines, and is embeddable into another web application.

    Inspiration: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

    Original implementation at https://github.com/mitre/HTTP-Proxy-Servlet, released under ASL 2.0.

    Author:
    David Smiley dsmiley@mitre.org
    See Also:
    Serialized Form

    • Constructor Summary

      Constructors 
      Constructor Description
      ProxyServlet()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void copyRequestHeaders​(javax.servlet.http.HttpServletRequest servletRequest, org.apache.http.HttpRequest proxyRequest, java.net.URI targetUriObj)
      Copy request headers from the servlet client to the proxy request.
      protected void copyResponseEntity​(org.apache.http.HttpResponse proxyResponse, javax.servlet.http.HttpServletResponse servletResponse)
      Copy response body data (the entity) from the proxy to the servlet client.
      protected void copyResponseHeaders​(org.apache.http.HttpResponse proxyResponse, javax.servlet.http.HttpServletResponse servletResponse)
      Copy proxied response headers back to the servlet client.
      void destroy()  
      protected boolean doResponseRedirectOrNotModifiedLogic​(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse, org.apache.http.HttpResponse proxyResponse, int statusCode, java.net.URI targetUriObj)  
      protected static java.lang.CharSequence encodeUriQuery​(java.lang.CharSequence in)
      Encodes characters in the query or fragment part of the URI.
      java.lang.String getServletInfo()  
      void init​(javax.servlet.ServletConfig servletConfig)  
      protected ProxyAddress parseProxyAddress​(javax.servlet.http.HttpServletRequest servletRequest)  
      protected java.lang.String rewriteUrlFromResponse​(javax.servlet.http.HttpServletRequest servletRequest, java.lang.String theUrl, java.lang.String targetUri)
      For a redirect response from the target server, this translates theUrl to redirect to and translates it to one the original client can use.
      protected void service​(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)  

      • Methods inherited from class javax.servlet.http.HttpServlet

        doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service

      • Methods inherited from class javax.servlet.GenericServlet

        getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletName, init, log, log

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • P_FORWARDEDFOR

        public static final java.lang.String P_FORWARDEDFOR
        A boolean parameter name to enable forwarding of the client IP
        See Also:
        Constant Field Values

      • LOCAL_ADDRESS_PROBING

        public static final java.lang.String LOCAL_ADDRESS_PROBING
        See Also:
        Constant Field Values

      • HAWTIO_PROXY_ALLOWLIST

        public static final java.lang.String HAWTIO_PROXY_ALLOWLIST
        See Also:
        Constant Field Values

      • HAWTIO_LOCAL_ADDRESS_PROBING

        public static final java.lang.String HAWTIO_LOCAL_ADDRESS_PROBING
        See Also:
        Constant Field Values

      • HAWTIO_DISABLE_PROXY

        public static final java.lang.String HAWTIO_DISABLE_PROXY
        See Also:
        Constant Field Values

      • enabled

        protected boolean enabled

      • doForwardIP

        protected boolean doForwardIP

      • acceptSelfSignedCerts

        protected boolean acceptSelfSignedCerts

      • proxyClient

        protected org.apache.http.impl.client.CloseableHttpClient proxyClient

      • hopByHopHeaders

        protected static final org.apache.http.message.HeaderGroup hopByHopHeaders
        These are the "hop-by-hop" headers that should not be copied. http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html I use an HttpClient HeaderGroup class instead of Set because this approach does case-insensitive lookup faster.

      • asciiQueryChars

        protected static final java.util.BitSet asciiQueryChars

    • Constructor Detail

      • ProxyServlet

        public ProxyServlet()

    • Method Detail

      • getServletInfo

        public java.lang.String getServletInfo()
        Specified by:
        getServletInfo in interface javax.servlet.Servlet
        Overrides:
        getServletInfo in class javax.servlet.GenericServlet

      • init

        public void init​(javax.servlet.ServletConfig servletConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Servlet
        Overrides:
        init in class javax.servlet.GenericServlet
        Throws:
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Servlet
        Overrides:
        destroy in class javax.servlet.GenericServlet

      • service

        protected void service​(javax.servlet.http.HttpServletRequest servletRequest,
                       javax.servlet.http.HttpServletResponse servletResponse)
                throws java.io.IOException
        Overrides:
        service in class javax.servlet.http.HttpServlet
        Throws:
        java.io.IOException

      • parseProxyAddress

        protected ProxyAddress parseProxyAddress​(javax.servlet.http.HttpServletRequest servletRequest)

      • doResponseRedirectOrNotModifiedLogic

        protected boolean doResponseRedirectOrNotModifiedLogic​(javax.servlet.http.HttpServletRequest servletRequest,
                                                       javax.servlet.http.HttpServletResponse servletResponse,
                                                       org.apache.http.HttpResponse proxyResponse,
                                                       int statusCode,
                                                       java.net.URI targetUriObj)
                                                throws javax.servlet.ServletException,
                                                       java.io.IOException
        Throws:
        javax.servlet.ServletException
        java.io.IOException

      • copyRequestHeaders

        protected void copyRequestHeaders​(javax.servlet.http.HttpServletRequest servletRequest,
                                  org.apache.http.HttpRequest proxyRequest,
                                  java.net.URI targetUriObj)
        Copy request headers from the servlet client to the proxy request.

      • copyResponseHeaders

        protected void copyResponseHeaders​(org.apache.http.HttpResponse proxyResponse,
                                   javax.servlet.http.HttpServletResponse servletResponse)
        Copy proxied response headers back to the servlet client.

      • copyResponseEntity

        protected void copyResponseEntity​(org.apache.http.HttpResponse proxyResponse,
                                  javax.servlet.http.HttpServletResponse servletResponse)
                           throws java.io.IOException
        Copy response body data (the entity) from the proxy to the servlet client.
        Throws:
        java.io.IOException

      • rewriteUrlFromResponse

        protected java.lang.String rewriteUrlFromResponse​(javax.servlet.http.HttpServletRequest servletRequest,
                                                  java.lang.String theUrl,
                                                  java.lang.String targetUri)
        For a redirect response from the target server, this translates theUrl to redirect to and translates it to one the original client can use.

      • encodeUriQuery

        protected static java.lang.CharSequence encodeUriQuery​(java.lang.CharSequence in)
        Encodes characters in the query or fragment part of the URI.

        Unfortunately, an incoming URI sometimes has characters disallowed by the spec. HttpClient insists that the outgoing proxied request has a valid URI because it uses Java's URI. To be more forgiving, we must escape the problematic characters. See the URI class for the spec.

        Parameters:
        in - example: name=value&foo=bar#fragment