/** * ***************************************************************************** * * <p>Copyright 2017 Walmart, Inc. * * <p>Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of the License at * * <p>http://www.apache.org/licenses/LICENSE-2.0 * * <p>Unless required by applicable law or agreed to in writing, software distributed under the * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing permissions and * limitations under the License. * * <p>***************************************************************************** */ package com.oneops.proxy.gateway; import java.util.Collections; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.api.Request; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.slf4j.*; /** * A transparent proxy servlet, which just forward http requests to the configured <b>proxyTo</b> * server after stripping down the {@link #X_AUTH_HEADER} token header. If you want to implement * more sophisticated proxy routing logic, can do the same in {@link * #rewriteTarget(HttpServletRequest)} method. * * @author Suresh G * @see <a href="https://en.wikipedia.org/wiki/Proxy_server#Transparent_proxy">Transparent Proxy</a> */ public class ProxyServlet extends org.eclipse.jetty.proxy.ProxyServlet.Transparent { private final Logger log = LoggerFactory.getLogger(getClass()); /** * Client request authorization header. This needs to be removed from the proxy request before * forwarding to target <b>proxyTo</b> server. */ private String X_AUTH_HEADER; /** Trust all proxyTo connections?. */ private boolean trustAllCerts; @Override public void init(ServletConfig config) throws ServletException { super.init(config); X_AUTH_HEADER = getInitParameter(InitParams.xAuthHeader.name()); trustAllCerts = Boolean.parseBoolean(getInitParameter(InitParams.trustAll.name())); log.info( "Initializing the Http Proxy with params: " + Collections.list(config.getInitParameterNames())); } /** * Async http client used to connect to <b>proxyTo</b> server. TLS config is usually done here. * * @return {@link HttpClient} */ @Override protected HttpClient newHttpClient() { SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setTrustAll(trustAllCerts); return new HttpClient(sslFactory); } /** * Customize the headers of forwarding proxy requests. Make sure to remove all the token headers * from the proxy request. */ @Override protected void addProxyHeaders(HttpServletRequest clientRequest, Request proxyRequest) { super.addProxyHeaders(clientRequest, proxyRequest); proxyRequest.getHeaders().remove(X_AUTH_HEADER); } @Override protected String rewriteTarget(HttpServletRequest request) { return super.rewriteTarget(request); } /** Default servlet init params. */ public enum InitParams { proxyTo, prefix, viaHost, trustAll, xAuthHeader } }