On Wed, 18 Aug 2004 15:30:12 -0500, David Durham <[EMAIL PROTECTED]> wrote: > Craig McClanahan wrote: > > > ... > > URI seen by the application properly reflects the one that the client > > sent, not the one that was internally passed from the proxy. > > > What about a scenario where the proxy ends up mangling such details as > the protocol. Specifically, Oracle 9ias' proxy has a nasty habit of > changing a client's https request into an http request. Is this type of > thing also counter to the specifications? >
I should be more clear, to avoid confusion. It's perfectly legal for the proxy to mangle things like this as part of its internal processing, AS LONG AS the values returned by the following HttpServletRequest calls reflect what the original requestor actually sent: * getProtocol() * getScheme() * getServerName() * getServerPort() * getRequestURI() * getContextPath() * getServletPath() * getPathInfo() In other words, there needs to be some mechanism by which the proxy and the servlet container communicate so that the original information from the request is preserved, for use by the application. One way to implement that, for example, would be to have the proxy add some additional private HTTP headers to the forwarded message, so that the servlet container could use those values to make its HttpServletRequest object give the correct answers. So, in your scenario above about converting https to http requests internally, that is perfectly legal as long as the getScheme() method still returns "https" to the web application responding to the request -- since that is the way the request originally entered the server. If you get an argument on this point, just go to the javadocs for the getScheme() method: Returns the name of the scheme used to make this request. You'll see similar language on the other relevant methods. There are circumstances where a proxied application wants to know both what original request asked for, and where the proxy server sent the request. Thus, in Servlet 2.4, the following methods were added to identify the internal processing characteristics: * getLocalAddr() * getLocalName() * getLocalPort() > - Dave Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]