Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Tracking Ajax requests/responses with Jetty ProxyServlet

Just discovered something by making a mistake.

My code to start is very simple:

Server server = new Server();

        ServerConnector connector = new ServerConnector(server);

        connector.setPort(8888);

        server.addConnector(connector);

        // Setup proxy handler to handle CONNECT methods

        ConnectHandler proxy = new ConnectHandler();

        server.setHandler(proxy);

        // Setup proxy servlet

        ServletContextHandler context = new ServletContextHandler(proxy, "/", ServletContextHandler.SESSIONS);

        ServletHolder proxyServlet = new ServletHolder(MyProxy.class);


        context.addServlet(proxyServlet, "/*");

        System.out.println("Starting the proxy server");

        server.start();


By mistake I have commented out the context.addServlet() command, like this


Server server = new Server();

        ServerConnector connector = new ServerConnector(server);

        connector.setPort(8888);

        server.addConnector(connector);

        // Setup proxy handler to handle CONNECT methods

        ConnectHandler proxy = new ConnectHandler();

        server.setHandler(proxy);

        // Setup proxy servlet

        ServletContextHandler context = new ServletContextHandler(proxy, "/", ServletContextHandler.SESSIONS);

        ServletHolder proxyServlet = new ServletHolder(MyProxy.class);


        //context.addServlet(proxyServlet, "/*");

        System.out.println("Starting the proxy server");

        server.start();


The result was:

- access to any website was not possible


- access to this particular web site I want to trace was possible. It kept working and I coud use it.


What does this means?


I have used Burp to intercept the requests, they are all post and get requests, http 1.1


So what is the Jetty component doing the job in this case? Has it a default servlet handler?


Any idea


Gilles



2014-08-26 23:03 GMT+02:00 Joakim Erdfelt <joakim@xxxxxxxxxxx>:
Your description sounds more like a Servlet Filter than a proxy.

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Tue, Aug 26, 2014 at 1:47 PM, Gilles Ducret <gilles.ducret@xxxxxxxxx> wrote:
Some comments, in order to help.

I am not using the proxy as described in most of the cases on the Internet.
This is not a application for which I want to redirect an application url (e.g. search) to another site (e.g. google).

I am in the situation where the users are going to use their normal application, and I will put a proxy servlet betwenn them and the server (like a man in the middle).

This is a 3rd party application we have acquired and for which I need to track and modify some ajax responses in order to meet our security standards (and mask some of the information returned).

As a consequence I do not need to define properties like ProxyTo or modify the uri.

The users are going to use the direct url address. I will modify their configuration so that the calls go through my proxy.

That is why I have set the servlet path to /*. And I expected this to track any query.
What I see instead is that the service method of the servlet is never called when the ajax queries are executed, meaning that either /* does not work, or is not the proper way to define it.

I know that the requests are going through the proxy because if I shut the proxy down the ajax query fails and the briwser displays an error message.

But in this case, if it is not the servlet, what is the component routing the Ajax queries?

I have changed the servlet mapping to /ajax/* (I have seen that all ajax calls are mapped to this uri), but this did not change anything.

Any idea?

Many thanks in advance

Gilles


2014-08-21 23:45 GMT+02:00 Gilles Ducret <gilles.ducret@xxxxxxxxx>:

I did that to start the server (see code below).
Do I have to setup the uri somewhere? I thought the addServlet method would do the job.

public static void main(String[] args) throws Exception {

        

Server server = new Server();

        ServerConnector connector = new ServerConnector(server);

        connector.setPort(8888);

        server.addConnector(connector);

        // Setup proxy handler to handle CONNECT methods

        ConnectHandler proxy = new ConnectHandler();

        server.setHandler(proxy);

        // Setup proxy servlet

        ServletContextHandler context = new ServletContextHandler(proxy, "/", ServletContextHandler.SESSIONS);

        ServletHolder proxyServlet = new ServletHolder(MyProxy.class);


        context.addServlet(proxyServlet, "/*");

        System.out.println("Starting the proxy server");

        server.start();

        

}


Regards


Gilles



2014-08-21 14:08 GMT+02:00 Simone Bordet <sbordet@xxxxxxxxxxx>:

Hi,

On Wed, Aug 20, 2014 at 10:07 PM, Gilles Ducret <gilles.ducret@xxxxxxxxx> wrote:
> Hi,
>
> I have created a ProxyServlet to intercept the Ajax JSON request of a third
> party tool we have acquired in the company.
> My objective is to modify some of the response on the fly.
>
> I hav a first issue, that is I can't intercept the json calls, can't track
> them. They go through the proxy (when the proxy is done the browser displays
> an error message), but I see no traces of them (neither in service, nor in
> onresponsecontent, nor in onresponsesuccess).

Then you servlet mapping does not match the URI of the ajax call ?

--
Simone Bordet
----
http://cometd.org
http://webtide.com
http://intalio.com
Developer advice, training, services and support
from the Jetty & CometD experts.
Intalio, the modern way to build business applications.
_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev



_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


Back to the top