proxy authentication using jetty

风格不统一 提交于 2020-01-07 06:58:10

问题


I am trying to find out if it is possible to do proxy authentication in Java using jetty. I have been able to do basic and digest authentication schemes using jetty and there are easy ways in Jetty to set up these authentication schemes using pseudo code as this:

constraint = org.mortbay.jetty.security.Constraint();
constraint.setName(constraint.('__BASIC_AUTH'))
constraint.setRoles({'admin'});
constraint.setAuthenticate(true);
constraintMapping = ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec('/*');
securityHandler = SecurityHandler();
securityHandler.setUserRealm(myrealm);
securityHandler.setConstraintMappings(constraintMapping );

Similarly for DIGEST authentication __BASIC_AUTH can be replaced with __DIGEST_AUTH. I am using HttpServlets to handle requests/responses. However if I want to achieve proxy based authentication, how do I do this?

Do I need to use the httpservlet's doGet() and attempt authentication and explicit forwarding to another address or is there a way using jetty itself to setup a proxy based authentication(or a proxy localhost server) as shown in the pseudo above?

Can I get some help for code to do proxy based authentication that authenticates and forwards HttpServlet requests to another servlet/server?


回答1:


As for the current version of Jetty (9.3.3.v20150827), the Proxy-Authenticate header is not related in any way to the WWW-Authenticate header that the Servlet constraint system.

There is nothing built into the the Servlet spec, or the Jetty implementation to support the Proxy-Authenticate client header from a Constraint point of view.

However, using Jetty 9.3.x you can use the the AsyncProxyServlet, AsyncProxyServlet.Transparent, AsyncMiddleManServlet, or AsyncMiddleManServlet.Transparent to have a means to handle this Proxy-Authenticate header in your own terms.

To accomplish this, you'll start by extending from one of those, and then overriding the sendProxyRequest(HttpServletRequest clientRequest, HttpServletResponse proxyResponse, Request proxyRequest).

In your version of sendProxyRequest(), look at the clientRequest headers for Proxy-Authenticate and Proxy-Authorize, and perform the Proxy based authentication that best suits your needs.

If the authentication passes, then call super.sendProxyRequest(clientRequest, proxyResponse, proxyRequest);.

Otherwise use the proxyResponse to send back the challenge response.



来源:https://stackoverflow.com/questions/32513530/proxy-authentication-using-jetty

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!