https://bz.apache.org/bugzilla/show_bug.cgi?id=66592
radhika.j...@veritas.com <radhika.j...@veritas.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |---
--- Comment #2 from radhika.j...@veritas.com <radhika.j...@veritas.com> ---
so how should websocket connections be established through a secure proxy:
When a client comes across an https:// URL, it can do one of three things:
a) open an TLS connection directly to the origin server, or
b) open a tunnel through a proxy to the origin server using the CONNECT
request method
c) open an TLS connection to a secure proxy.
For HTTPS Rest API calls i am able to use Apache HTTP Client connect through
secure proxy(HTTPS). For this i am using
public class MyRoutePlanner implements HttpRoutePlanner {
@Override
public HttpRoute determineRoute(HttpHost target, HttpRequest request,
HttpContext context)
throws HttpException {
return new HttpRoute(target, null, new HttpHost("<secureproxy
host>", 8443, "https"), true,
TunnelType.PLAIN, LayerType.PLAIN); // Note: true
}
}
and plugging this RoutePlanner
HttpClientBuilder clientBuilder = HttpClientBuilder.create();
clientBuilder.setDefaultRequestConfig(config).setConnectionManager(connectionManager)
.setRoutePlanner(new MyRoutePlanner());
The HTTPS Rest API calls are then routed via the Secure Proxy host. However, i
need to set up the Certificate of the secure Proxy server host in the
truststore that i use to establish the secure connection to the server. Both
target server certificate and secure proxy server certificate are there in the
TrustStore.
===================
Similarly, Through the Tomcat websocket client library, the connection to
secure proxy is throwing DeploymentException in the function HttpResponse
httpResponse = processResponse(response, channel, timeout);
===============
if (proxyConnect != null) {
fConnect.get(timeout, TimeUnit.MILLISECONDS);
// Proxy CONNECT is clear text
channel = new AsyncChannelWrapperNonSecure(socketChannel);
writeRequest(channel, proxyConnect, timeout);
HttpResponse httpResponse = processResponse(response, channel,
timeout);
if (httpResponse.status ==
Constants.PROXY_AUTHENTICATION_REQUIRED) {
return processAuthenticationChallenge(clientEndpointHolder,
clientEndpointConfiguration, path,
redirectSet, userProperties, request, httpResponse,
AuthenticationType.PROXY);
} else if (httpResponse.getStatus() != 200) {
throw new
DeploymentException(sm.getString("wsWebSocketContainer.proxyConnectFail",
selectedProxy,
Integer.toString(httpResponse.getStatus())));
}
}
===============
Tomcat's WebSocket implementation correctly implements proxying for both ws
(clear text / HTTP) and wss (TLS / HTTPS) connections.
-- This is functioning well for me for HTTP proxy.
The ask is to support wss connections through the Secure Proxy.
FYI, i am setting up a squid proxy server in secure mode through the https_port
configuration. check this page from squid:
https://wiki.squid-cache.org/Features/HTTPS
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
