Hello, We need to write a simple proxy server in order to provide user authentication for a Web application. Can anyone point me to some code/discussion/book where the basic algorithm is discussed? Along with the pitfalls and gotchas? The authentication part is all handled, I'm just concerned with the basics of getting the user's request, passing it along to the Web app using (I presume) HttpURLConnection, getting response, passing it back to user, etc... Thanks much.
I am not real clear on what your requirements are.
Does this "proxy" have to run in a separate JVM/servlet container? If not maybe all you need is some implementation of Filter that intercepts all calls to this particular web application.
Joined: Oct 06, 2000
Thanks for your reply, Bill. It has to run as a separate instance of Tomcat, listening on a different port. Reason is - the app that I have to provide user authentication for is on a different version of Tomcat. So my plan is to run the app and the "proxy" on separate installations of TOmcat, on the same server. I believe I can use URLConnection or one of its descendants to connect to the app server from the "proxy" server. I need to see an example of using URLConnection, in order to pass the request object on to the app server, and get the reply, passing it back to the user.
Joined: Oct 06, 2000
One further note: the app runs on Tomcat 4, and as it is a commercial app, cannot be changed to Tomcat 5 (yet--we have requested that). The user authentication software runs on Tomcat 5, and has no implementation for Tomcat 4.
Author and all-around good cowpoke
Joined: Mar 22, 2000
I dont have a complete example handy but it looks to me like you will have to do these steps.
1. Grab headers and body of an incoming request - just read the body to a byte (may be empty). 2. Use that information to authenticate the request 3. Create a HttpUrlConnection to the real application, setting the request method and request headers from the incoming request information. Remember to set doInput and doOutput true. 4. Get the output stream and write the body to the application. 5. Capture the returned response headers and body. 6. (logging stuff would probably fit in here somewhere) 7. Set the response headers accordingly (error codes, etc) 8. Write the response and close. 9. Clean up the debris.