1

I'm trying to write a proxy server using embedded jetty (9.4.9.v20180320). Ideally, we want to use the AsyncMiddlemanServlet so that we can intercept the content and augment/replace it before its returned to the client. As is often the case, it works fine with HTTP but I can't seem to make any real headway with HTTPS.

This is a proxy server to use internally to add some capability to an old server product that is accessing internal HTTPS-hosted content. I need to have the server-side element of the conversation perform the necessary HTTPS conversation to get the content (which I can do in a simple 'ordinary' servlet using the apache HttpClient) and I need to have the proxy side also manage the CONNECT request as that is what we receive when the old server product requests HTTPS content. There are of course two different SSL connections in this case - old server product to our proxy server, and our proxy server to the content.

It seems from a lot of reading that the issue is that the servlets don't implement the ability to respond to the CONNECT request. I've tried a lot different examples including overriding newHttpClient like this:

@Override
protected HttpClient newHttpClient() {        
    return new HttpClient(new SslContextFactory());
}

and also implementing createHttpClient as per "Jetty ProxyServlet with SSL support" but to no avail.

closest thing I've found is to add a connectHandler like this (using the simple proxyServlet):

    public static void main( String[] args )
    {
        Server server = new Server();
        ServerConnector connector = new ServerConnector(server);
        connector.setPort(10106);
        server.addConnector(connector);

        // Setup  handler to handle CONNECT methods
        ConnectHandler proxy = new ConnectHandler();
        server.setHandler(proxy);

        // Setup proxy servlet
        ServletContextHandler context = new ServletContextHandler(proxy,      
         "/",ServletContextHandler.SESSIONS);

        myProxyServlet mps = new myProxyServlet();
        context.addServlet(new ServletHolder(mps), "/*");

        try{
            server.start();
        }   catch(Exception e){
            System.out.println("oh dear ;-) " + e.getMessage());
        }
    }

This kinda works in that using curl to invoke a proxied request for https content does return the content, but it doesn't go anywhere near my proxyServlet (or my plain ordinary servlet when I use that instead).

we are testing with curl like this:

curl --insecure -x localhost:10106  https://stackoverflow.com/questions/9852056/jetty-proxyservlet-with-ssl-support?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa

Is there any way I can use the ConnectHandler with my servlet? Either a plain simple servlet or best of all, the AsyncMiddlemanServlet? Or is there a better way to achieve what i'm trying to do?

Chris Bartlett
  • 199
  • 11
  • `HTTP CONNECT` is handled outside of the `ServletContext` within the `ConnectHandler`. Not sure you'll be able to be a middleman for CONNECT. – Joakim Erdfelt May 01 '18 at 18:04
  • actually - i've got a bit carried away in my description - overriding createHttpClient or newHttpClient is about SSL on the proxy side in the proxyServlets. I think that bit seems to work ok (although its hard to test without the server side bit working). Its the CONNECT from the server (the curl proxy setting) that is the issue. – Chris Bartlett May 01 '18 at 18:09

0 Answers0