top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration
Print Preview

Webapp HTTP proxy authentication

+1 vote
56 views

We're developing webapp running on Tomcat 7. The apps use third-party components that we can't modify and those components connect to external sites using HTTP.

We have a policy of routing all outbound traffic through an authenticating HTTP proxy. This is a bit of problem for us since the Oracle Java 7 JVM doesn't support configuring proxy authentication on the JVM level (using e.g. system properties).

One possible workaround I could think of is to create a custom javaagent that would set a default java.net.Authenticator in premain() method. This approach appears to work in a command line program that uses HttpURLConnection, but are there any potential caveats to this method when used with webapps running in Tomcat? One shortcoming is that the same Authenticator would be used for all webapps in the JVM, but this is something we can live with.

posted Aug 16, 2013 by Luv Kumar

Share this question
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button

1 Answer

+1 vote

How about a ServletContextListener?

http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContextListener.html

or a LifecycleListener?

https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html

Either one should allow you to configure your proxy settings before your applications start.

answer Aug 17, 2013 by Dewang Chaudhary
Similar Questions
+2 votes

I have task to validate or parse following http header

Accept
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Datetime
Content-Length
Content-MD5
Content-Type

lets take Accept-Language as an example , if header language comes other than en-us I should reject the request with customized code response.

let me know ways to achieve the task? can we do with any configuration files?
We are using tomcat 6.0.18

+1 vote

1) I'd have a question on how to set up a reverse proxy to a http 1.0 in the cleanest most standard conforming way.

AFAIU, strict HTTP 1.0 has neither persistent connections / keep-alives
- a connection ends after a single request has been responded. Neither does it have Host: headers.

a) Do I need to tell the reverse-proxy about this? Do I have to set:
- ProxyPass' disablereuse=on and/or
- force-proxy-request-1.0 and/or
- proxy-nokeepalive and/or
- proxy-sendcl

Or is one of them enough? E.g. when I set force-proxy-request-1.0... all the others are implicitly set?

b) Do I need to set proxy-initial-not-pooled?
Cause I get the error mentioned there,... interestingly that seems to be independent of the backend/origin server... and dependent on the client.

c) So, strictly speaking, I could not use name-based vhosting, right?

2) Further, when a client talks to the reverse proxy in HTTP 1.0 it should get the reply in 1.0 either. And when it talk to it in 1.1, it should get it in 1.1.

Would Apache do this automatically, or would it answer a 1.0 request with a 1.1 response?
So do I have to set: force-response-1.0 ?

3) The origin server to which I connect is single threaded, i.e. it will only process one request at a time. So Apache shouldn't connect more than once concurrently, as it would simply block. How do I get this? The keep-alive options above probably don't help here... Is the solution to set ProxyPass' max=1 ?

0 votes

Is that possible create a http tunnel to remote http tunnel server via a middle http proxy?

Here is my situation :
My Company only allow http protocol and they created a http proxy server. So when we want to access internet we have to set the http proxy settings for the browser or application.

Now I want to access outside without restrictions of http protocol and also not limited to 80 port. As they blocked the ssh, so the SSH reverse binding is not possible. So is that possible to create a http tunnel via the http proxy of my company and aim to my own server outside?

+2 votes

Im trying to configure the proxy_balancer, but still having problems. Here is my configuration:

BalancerMember http://172.16.14.81:80 
retry=120 
timeout=10 

BalancerMember http://172.16.14.82:80 
retry=1 
timeout=10 
status=+H

But when The first worker fails, request are not redirected to the failover worker. For this I have to wait for more than 7 minutes. Is this behavior normal?


Useful Links with Similar Problem
Contact Us
+91 9880187415
sales@queryhome.net
support@queryhome.net
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Bangalore-560102
Karnataka INDIA.
QUERY HOME
...