Java tutorial
package org.ocpsoft.rewrite.servlet.config.proxy; /** * Copyright MITRE * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import java.io.Closeable; import java.io.IOException; import java.io.OutputStream; import java.net.URI; import java.util.BitSet; import java.util.Enumeration; import java.util.Formatter; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpEntityEnclosingRequest; import org.apache.http.HttpHeaders; import org.apache.http.HttpHost; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.AbortableHttpRequest; import org.apache.http.client.params.ClientPNames; import org.apache.http.client.utils.URIUtils; import org.apache.http.entity.InputStreamEntity; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHttpEntityEnclosingRequest; import org.apache.http.message.BasicHttpRequest; import org.apache.http.message.HeaderGroup; import org.apache.http.params.BasicHttpParams; import org.apache.http.params.HttpParams; import org.apache.http.util.EntityUtils; import org.ocpsoft.logging.Logger; /** * An HTTP reverse proxy/gateway servlet. It is designed to be extended for customization if desired. Most of the work * is handled by <a href="http://hc.apache.org/httpcomponents-client-ga/">Apache HttpClient</a>. * <p> * There are alternatives to a servlet based proxy such as Apache mod_proxy if that is available to you. However this * servlet is easily customizable by Java, secure-able by your web application's security (e.g. spring-security), * portable across servlet engines, and is embeddable into another web application. * </p> * <p> * Inspiration: http://httpd.apache.org/docs/2.0/mod/mod_proxy.html * </p> * * @author David Smiley dsmiley@mitre.org */ public class ProxyServlet { /* INIT PARAMETER NAME CONSTANTS */ private static final long serialVersionUID = -362164247914670579L; /** * A boolean parameter name to enable logging of input and target URLs to the servlet log. */ public static final String P_LOG = "log"; /** * The parameter name for the target (destination) URI to proxy to. */ private static final String P_TARGET_URI = "targetUri"; /* MISC */ protected boolean doLog = false; protected URI targetUriObj; protected String targetUri; protected HttpClient proxyClient; private ServletConfig servletConfig; private static final Logger logger = Logger.getLogger(ProxyServlet.class); public ServletConfig getServletConfig() { return servletConfig; } public void init(ServletConfig servletConfig) throws ServletException { this.servletConfig = servletConfig; String doLogStr = servletConfig.getInitParameter(P_LOG); if (doLogStr != null) { this.doLog = Boolean.parseBoolean(doLogStr); } try { targetUriObj = new URI(servletConfig.getInitParameter(P_TARGET_URI)); } catch (Exception e) { throw new RuntimeException("Trying to process targetUri init parameter: " + e, e); } targetUri = targetUriObj.toString(); HttpParams hcParams = new BasicHttpParams(); readConfigParam(hcParams, ClientPNames.HANDLE_REDIRECTS, Boolean.class); proxyClient = createHttpClient(hcParams); } /** * Called from {@link #init(javax.servlet.ServletConfig)}. HttpClient offers many opportunities for customization. */ protected HttpClient createHttpClient(HttpParams hcParams) { return new DefaultHttpClient(new ThreadSafeClientConnManager(), hcParams); } protected void readConfigParam(HttpParams hcParams, String hcParamName, Class type) { String val_str = getServletConfig().getInitParameter(hcParamName); if (val_str == null) return; Object val_obj; if (type == String.class) { val_obj = val_str; } else { try { /* * noinspection unchecked */ val_obj = type.getMethod("valueOf", String.class).invoke(type, val_str); } catch (Exception e) { throw new RuntimeException(e); } } hcParams.setParameter(hcParamName, val_obj); } public void destroy() { /* * shutdown() must be called according to documentation. */ if (proxyClient != null) proxyClient.getConnectionManager().shutdown(); } protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ServletException, IOException { /* * Note: we won't transfer the protocol version because I'm not sure it would truly be compatible */ String method = servletRequest.getMethod(); HttpRequest proxyRequest; /* * Spec: RFC 2616, sec 4.3: either of these two headers signal that there is a message body. */ if (servletRequest.getHeader(HttpHeaders.CONTENT_LENGTH) != null || servletRequest.getHeader(HttpHeaders.TRANSFER_ENCODING) != null) { HttpEntityEnclosingRequest eProxyRequest = new BasicHttpEntityEnclosingRequest(method, targetUri); /* * Add the input entity (streamed) note: we don't bother ensuring we close the servletInputStream since the * container handles it */ eProxyRequest.setEntity( new InputStreamEntity(servletRequest.getInputStream(), servletRequest.getContentLength())); proxyRequest = eProxyRequest; } else proxyRequest = new BasicHttpRequest(method, targetUri); copyRequestHeaders(servletRequest, proxyRequest); try { /* * Execute the request */ if (doLog) { logger.debug("proxy " + method + " uri: " + servletRequest.getRequestURI() + " -- " + proxyRequest.getRequestLine().getUri()); } HttpResponse proxyResponse = proxyClient.execute(URIUtils.extractHost(targetUriObj), proxyRequest); /* * Process the response */ int statusCode = proxyResponse.getStatusLine().getStatusCode(); if (doResponseRedirectOrNotModifiedLogic(servletRequest, servletResponse, proxyResponse, statusCode)) { /* * just to be sure, but is probably a no-op */ EntityUtils.consume(proxyResponse.getEntity()); return; } /* * Pass the response code. This method with the "reason phrase" is deprecated but it's the only way to pass the * reason along too. noinspection deprecation */ servletResponse.setStatus(statusCode, proxyResponse.getStatusLine().getReasonPhrase()); copyResponseHeaders(proxyResponse, servletResponse); /* * Send the content to the client */ copyResponseEntity(proxyResponse, servletResponse); } catch (Exception e) { /* * abort request, according to best practice with HttpClient */ if (proxyRequest instanceof AbortableHttpRequest) { AbortableHttpRequest abortableHttpRequest = (AbortableHttpRequest) proxyRequest; abortableHttpRequest.abort(); } if (e instanceof RuntimeException) throw (RuntimeException) e; if (e instanceof ServletException) throw (ServletException) e; // noinspection ConstantConditions if (e instanceof IOException) throw (IOException) e; throw new RuntimeException(e); } } protected boolean doResponseRedirectOrNotModifiedLogic(HttpServletRequest servletRequest, HttpServletResponse servletResponse, HttpResponse proxyResponse, int statusCode) throws ServletException, IOException { /* * Check if the proxy response is a redirect. The following code is adapted from * org.tigris.noodle.filters.CheckForRedirect */ if (statusCode >= HttpServletResponse.SC_MULTIPLE_CHOICES /* 300 */ && statusCode < HttpServletResponse.SC_NOT_MODIFIED /* 304 */) { Header locationHeader = proxyResponse.getLastHeader(HttpHeaders.LOCATION); if (locationHeader == null) { throw new ServletException("Received status code: " + statusCode + " but no " + HttpHeaders.LOCATION + " header was found in the response"); } /* * Modify the redirect to go to this proxy servlet rather that the proxied host */ String locStr = rewriteUrlFromResponse(servletRequest, locationHeader.getValue()); servletResponse.sendRedirect(locStr); return true; } /* * 304 needs special handling. See: http://www.ics.uci.edu/pub/ietf/http/rfc1945.html#Code304 . We get a 304 * whenever passed an 'If-Modified-Since' header and the data on disk has not changed; server responds w/ a 304 * saying I'm not going to send the body because the file has not changed. */ if (statusCode == HttpServletResponse.SC_NOT_MODIFIED) { servletResponse.setIntHeader(HttpHeaders.CONTENT_LENGTH, 0); servletResponse.setStatus(HttpServletResponse.SC_NOT_MODIFIED); return true; } return false; } protected void closeQuietly(Closeable closeable) { try { closeable.close(); } catch (IOException e) { logger.warn(e.getMessage(), e); } } /** * These are the "hop-by-hop" headers that should not be copied. * http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html I use an HttpClient HeaderGroup class instead of * Set<String> because this approach does case insensitive lookup faster. */ protected static final HeaderGroup hopByHopHeaders; static { hopByHopHeaders = new HeaderGroup(); String[] headers = new String[] { "Connection", "Keep-Alive", "Proxy-Authenticate", "Proxy-Authorization", "TE", "Trailers", "Transfer-Encoding", "Upgrade" }; for (String header : headers) { hopByHopHeaders.addHeader(new BasicHeader(header, null)); } } /** Copy request headers from the servlet client to the proxy request. */ protected void copyRequestHeaders(HttpServletRequest servletRequest, HttpRequest proxyRequest) { /* * Get an Enumeration of all of the header names sent by the client */ Enumeration<String> enumerationOfHeaderNames = servletRequest.getHeaderNames(); while (enumerationOfHeaderNames.hasMoreElements()) { String headerName = enumerationOfHeaderNames.nextElement(); // Instead the content-length is effectively set via InputStreamEntity if (headerName.equalsIgnoreCase(HttpHeaders.CONTENT_LENGTH)) continue; if (hopByHopHeaders.containsHeader(headerName)) continue; Enumeration<String> headers = servletRequest.getHeaders(headerName); while (headers.hasMoreElements()) { /* * sometimes more than one value */ String headerValue = headers.nextElement(); /* * In case the proxy host is running multiple virtual servers, rewrite the Host header to ensure that we get * content from the correct virtual server */ if (headerName.equalsIgnoreCase(HttpHeaders.HOST)) { HttpHost host = URIUtils.extractHost(this.targetUriObj); headerValue = host.getHostName(); if (host.getPort() != -1) headerValue += ":" + host.getPort(); } proxyRequest.addHeader(headerName, headerValue); } } } /** * Copy proxied response headers back to the servlet client. */ protected void copyResponseHeaders(HttpResponse proxyResponse, HttpServletResponse servletResponse) { for (Header header : proxyResponse.getAllHeaders()) { if (hopByHopHeaders.containsHeader(header.getName())) continue; servletResponse.addHeader(header.getName(), header.getValue()); } } /** * Copy response body data (the entity) from the proxy to the servlet client. */ protected void copyResponseEntity(HttpResponse proxyResponse, HttpServletResponse servletResponse) throws IOException { HttpEntity entity = proxyResponse.getEntity(); if (entity != null) { OutputStream servletOutputStream = servletResponse.getOutputStream(); try { entity.writeTo(servletOutputStream); } finally { closeQuietly(servletOutputStream); } } } /** * For a redirect response from the target server, this translates {@code theUrl} to redirect to and translates it to * one the original client can use. */ protected String rewriteUrlFromResponse(HttpServletRequest servletRequest, String theUrl) { /* * TODO document example paths */ if (theUrl.startsWith(targetUri)) { String curUrl = servletRequest.getRequestURL().toString();// no query String pathInfo = servletRequest.getPathInfo(); if (pathInfo != null) { assert curUrl.endsWith(pathInfo); curUrl = curUrl.substring(0, curUrl.length() - pathInfo.length());// take pathInfo off } theUrl = curUrl + theUrl.substring(targetUri.length()); } return theUrl; } /** * Encodes characters in the query or fragment part of the URI. * * <p> * Unfortunately, an incoming URI sometimes has characters disallowed by the spec. HttpClient insists that the * outgoing proxied request has a valid URI because it uses Java's {@link URI}. To be more forgiving, we must escape * the problematic characters. See the URI class for the spec. * * @param in example: name=value&foo=bar#fragment */ protected static CharSequence encodeUriQuery(CharSequence in) { /* * Note that I can't simply use URI.java to encode because it will escape pre-existing escaped things. TODO: * replace/compare to with Rewrite Encoding */ StringBuilder outBuf = null; Formatter formatter = null; for (int i = 0; i < in.length(); i++) { char c = in.charAt(i); boolean escape = true; if (c < 128) { if (asciiQueryChars.get(c)) { escape = false; } } else if (!Character.isISOControl(c) && !Character.isSpaceChar(c)) { /* * not-ascii */ escape = false; } if (!escape) { if (outBuf != null) outBuf.append(c); } else { /* * escape */ if (outBuf == null) { outBuf = new StringBuilder(in.length() + 5 * 3); outBuf.append(in, 0, i); formatter = new Formatter(outBuf); } /* * leading %, 0 padded, width 2, capital hex */ formatter.format("%%%02X", (int) c);// TODO } } return outBuf != null ? outBuf : in; } protected static final BitSet asciiQueryChars; static { char[] c_unreserved = "_-!.~'()*".toCharArray();// plus alphanum char[] c_punct = ",;:$&+=".toCharArray(); char[] c_reserved = "?/[]@".toCharArray();// plus punct asciiQueryChars = new BitSet(128); for (char c = 'a'; c <= 'z'; c++) asciiQueryChars.set(c); for (char c = 'A'; c <= 'Z'; c++) asciiQueryChars.set(c); for (char c = '0'; c <= '9'; c++) asciiQueryChars.set(c); for (char c : c_unreserved) asciiQueryChars.set(c); for (char c : c_punct) asciiQueryChars.set(c); for (char c : c_reserved) asciiQueryChars.set(c); asciiQueryChars.set('%'); /* * leave existing percent escapes in place */ } }