On Wed, 18 Aug 2004 15:30:12 -0500, David Durham
<[EMAIL PROTECTED]> wrote:
> Craig McClanahan wrote:
>
> > ...
> > URI seen by the application properly reflects the one that the client
> > sent, not the one that was internally passed from the proxy.
>
>
> What about a scenario where the proxy ends up mangling such details as
> the protocol. Specifically, Oracle 9ias' proxy has a nasty habit of
> changing a client's https request into an http request. Is this type of
> thing also counter to the specifications?
>
I should be more clear, to avoid confusion.
It's perfectly legal for the proxy to mangle things like this as part
of its internal processing, AS LONG AS the values returned by the
following HttpServletRequest calls reflect what the original requestor
actually sent:
* getProtocol()
* getScheme()
* getServerName()
* getServerPort()
* getRequestURI()
* getContextPath()
* getServletPath()
* getPathInfo()
In other words, there needs to be some mechanism by which the proxy
and the servlet container communicate so that the original information
from the request is preserved, for use by the application. One way to
implement that, for example, would be to have the proxy add some
additional private HTTP headers to the forwarded message, so that the
servlet container could use those values to make its
HttpServletRequest object give the correct answers.
So, in your scenario above about converting https to http requests
internally, that is perfectly legal as long as the getScheme() method
still returns "https" to the web application responding to the request
-- since that is the way the request originally entered the server.
If you get an argument on this point, just go to the javadocs for the
getScheme() method:
Returns the name of the scheme used to make this request.
You'll see similar language on the other relevant methods.
There are circumstances where a proxied application wants to know both
what original request asked for, and where the proxy server sent the
request. Thus, in Servlet 2.4, the following methods were added to
identify the internal processing characteristics:
* getLocalAddr()
* getLocalName()
* getLocalPort()
> - Dave
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
