RE: Re: Transparent reverse proxying using org.restlet.routing.Redirector
Hi Ramesh, Please take a look at the example I've attached. After running it (mvn clean install exec:java) server will be started on port 8080 and reverse proxy on port . You will be able to access the server on 8080 but you will have to provide credentials (test/test) when accessing trough reverse proxy. Hope this is what you're looking for. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3080062 RestletReverseProxyAuth.rar Description: Binary data
RE: Re: Re: Transparent reverse proxying using org.restlet.routing.Redirector
Hi again, My next try was to remove all original headers (like default implementation do) and then preserver only Authentication header. So I replaced this line: https://github.com/restlet/restlet-framework-java/blob/2.2/modules/org.restlet/src/org/restlet/routing/Redirector.java#L407 with call to this method: private void preserveHeaders(Request request) { SeriesHeader headers = (SeriesHeader) request.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS); SeriesHeader newHeaders = new SeriesHeader(Header.class); for (String headerName : headersToPreserve) { Header headerToPreserve = headers.getFirst(headerName); if (headerToPreserve != null) { newHeaders.add(headerToPreserve); } } request.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS, newHeaders); } where headersToPreserve = Arrays.asList(HeaderConstants.HEADER_AUTHORIZATION) After this change, the response from proxy is always: HTTP/1.1 1002 Internal Connector Error Date: Fri, 18 Apr 2014 08:01:10 GMT Accept-Ranges: bytes Server: Restlet-Framework/2.1.4 Content-Length: 484 Content-Type: text/html; charset=UTF-8 I am somehow abandoning the idea of using Restlet as a transparent reverse proxy, but anyway, I've attached a small example of test implementation if someone will have time and willpower to look at it. Tim, thank you for your support! Any advices on how could I achieve Digest/Basic authentication to work on backend server when in front of it is a proxy are still welcome. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076691 RestletReverseProxyTest.rar Description: Binary data
Re: Re: Re: Transparent reverse proxying using org.restlet.routing.Redirector
I don't have time to look at this, unfortunately. I have Basic auth working with outbound redirection. I *don't *change the way the headers are removed, but I do remove the challenge response. // From my Redirector subclass: @Override protected void outboundServerRedirect( Reference targetRef, Request request, Response response) { // Unset challenge response that authentication puts in. request.setChallengeResponse(null); super.outboundServerRedirect(targetRef, request, response); } Before I did this, I believe I had internal connector errors similar to what you describe. --tim On Fri, Apr 18, 2014 at 4:14 AM, Primož Kokol primoz.ko...@gmail.comwrote: Hi again, My next try was to remove all original headers (like default implementation do) and then preserver only Authentication header. So I replaced this line: https://github.com/restlet/restlet-framework-java/blob/2.2/modules/org.restlet/src/org/restlet/routing/Redirector.java#L407 with call to this method: private void preserveHeaders(Request request) { SeriesHeader headers = (SeriesHeader) request.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS); SeriesHeader newHeaders = new SeriesHeader(Header.class); for (String headerName : headersToPreserve) { Header headerToPreserve = headers.getFirst(headerName); if (headerToPreserve != null) { newHeaders.add(headerToPreserve); } } request.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS, newHeaders); } where headersToPreserve = Arrays.asList(HeaderConstants.HEADER_AUTHORIZATION) After this change, the response from proxy is always: HTTP/1.1 1002 Internal Connector Error Date: Fri, 18 Apr 2014 08:01:10 GMT Accept-Ranges: bytes Server: Restlet-Framework/2.1.4 Content-Length: 484 Content-Type: text/html; charset=UTF-8 I am somehow abandoning the idea of using Restlet as a transparent reverse proxy, but anyway, I've attached a small example of test implementation if someone will have time and willpower to look at it. Tim, thank you for your support! Any advices on how could I achieve Digest/Basic authentication to work on backend server when in front of it is a proxy are still welcome. -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076691 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076698
RE: Re: Transparent reverse proxying using org.restlet.routing.Redirector
Tim, thanks for advice. That is actually one of the first things I've tried. After extending Redirector and overriding serverRedirect method so that line which clears the headers was removed 1002 Internal Connector Error was always returned as response (from proxy) so I thought this was not the right approach. Any idea what could be cause of 1002 Internal Connector Error in this case? -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076674
Re: Re: Transparent reverse proxying using org.restlet.routing.Redirector
I'm guessing you have to very selective about which headers you allow to remain. On Thu, Apr 17, 2014 at 3:08 PM, Primož Kokol primoz.ko...@gmail.comwrote: Tim, thanks for advice. That is actually one of the first things I've tried. After extending Redirector and overriding serverRedirect method so that line which clears the headers was removed 1002 Internal Connector Error was always returned as response (from proxy) so I thought this was not the right approach. Any idea what could be cause of 1002 Internal Connector Error in this case? -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076674 -- http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447dsMessageId=3076675