Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.1, 3.1 RC1
    • Fix Version/s: 4.0 Alpha 2
    • Component/s: HttpConn
    • Labels:
      None
    • Environment:
      win/linux/unix

      Description

      HttpClient supports one proxy currently.
      Our requirement is to suppport more than one proxy. We may need to connect more than one proxies before connects to target resource.
      I found that HttpMethodDirector creates tunnelled socket and there is no easy way to plugin our custom HttpMethodDirector class with HttpClient other than extending HttpClient to override "public int executeMethod(HostConfiguration hostconfig, final HttpMethod method, final HttpState state" method.

        Issue Links

          Activity

          Hide
          Oleg Kalnichevski added a comment -

          Murty,

          I am not sure I understand what exactly you want to say by "we may need to connect more than one proxies before connects to target resource". Please clarify.

          Oleg

          Show
          Oleg Kalnichevski added a comment - Murty, I am not sure I understand what exactly you want to say by "we may need to connect more than one proxies before connects to target resource". Please clarify. Oleg
          Hide
          Murty Akundi added a comment -

          Oleg
          Thank you for response.
          I am using HttpClient code to access http(s) resources. For example http(s)://www.verisign.com.
          My code is deployed under an application server which is located below three firewalls and that needs to connect through 3 proxies to reach the final target.
          For example I have following 3 proxies and target
          proxy1:9999
          proxy2:7777
          proxy3:5555
          http(s)://www.verisign.com
          First I need to open a socket and connect to proxy1:9999 and then connect proxy2:7777 and then connect to proxy3:5555 to reach the target resource.
          Currently HttpClient supports one proxy and i need to goes through more than one proxies. So i had to modify HttpMethodDirector class to tunnel the socket through the proxies.
          regards

          Show
          Murty Akundi added a comment - Oleg Thank you for response. I am using HttpClient code to access http(s) resources. For example http(s)://www.verisign.com. My code is deployed under an application server which is located below three firewalls and that needs to connect through 3 proxies to reach the final target. For example I have following 3 proxies and target proxy1:9999 proxy2:7777 proxy3:5555 http(s)://www.verisign.com First I need to open a socket and connect to proxy1:9999 and then connect proxy2:7777 and then connect to proxy3:5555 to reach the target resource. Currently HttpClient supports one proxy and i need to goes through more than one proxies. So i had to modify HttpMethodDirector class to tunnel the socket through the proxies. regards
          Hide
          Oleg Kalnichevski added a comment -

          Murty,

          I think this kind of functionality is usually referred to as proxy chaining. Presently HttpClient does not support it and see no easy and elegant way of adding it to the HttpClient 3.x code line. HttpClient is currently undergoing a complete redesign and we certainly could add support for proxy chaining to HttpClient 4.0.

          Oleg

          Show
          Oleg Kalnichevski added a comment - Murty, I think this kind of functionality is usually referred to as proxy chaining. Presently HttpClient does not support it and see no easy and elegant way of adding it to the HttpClient 3.x code line. HttpClient is currently undergoing a complete redesign and we certainly could add support for proxy chaining to HttpClient 4.0. Oleg
          Hide
          Roland Weber added a comment -

          And here I thought this was a far-out use case we would not have to consider. HttpRoute is designed for a single proxy.
          Re-thinking the approach will take time. I believe that alpha1 is a rather optimistic target for this requirement.

          cheers,
          Roland

          Show
          Roland Weber added a comment - And here I thought this was a far-out use case we would not have to consider. HttpRoute is designed for a single proxy. Re-thinking the approach will take time. I believe that alpha1 is a rather optimistic target for this requirement. cheers, Roland
          Hide
          Murty Akundi added a comment -

          Ronald
          Thanks for reply. I think this use case is real use case. Most of the comanies and people are using java on middle tier that locates behind firewalls.
          We can plugging through more than one proxies but that is really not secured.
          Other solution is to write custom protocol handler to support multiple proxiesc but HttpClient does not support it since it does not use URLStreamHandler internally.
          I think there is no other solution with HttpClient to support multiple proxies at this time.
          I have customized HttpClient and HttpMethodDirector classes to tunnel through configured number of proxies and working fine.
          Please consider it for next major release.
          regards
          Murty

          Show
          Murty Akundi added a comment - Ronald Thanks for reply. I think this use case is real use case. Most of the comanies and people are using java on middle tier that locates behind firewalls. We can plugging through more than one proxies but that is really not secured. Other solution is to write custom protocol handler to support multiple proxiesc but HttpClient does not support it since it does not use URLStreamHandler internally. I think there is no other solution with HttpClient to support multiple proxies at this time. I have customized HttpClient and HttpMethodDirector classes to tunnel through configured number of proxies and working fine. Please consider it for next major release. regards Murty
          Hide
          Roland Weber added a comment -

          Hello Murty,

          I made a note on the Wiki page for HttpConn design, http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign
          This has tought me a lesson: the one time I try to avoid overdesigning, it comes back to bite me within 4 months. Now I wait for someone with the requirement to layer tunnels, and my happiness will be complete.
          It's going to be a tough nut to crack, since each proxy in a chain may also need a different proxy authentication. I'll keep pondering it (with low priority though).

          cheers,
          Roland

          Show
          Roland Weber added a comment - Hello Murty, I made a note on the Wiki page for HttpConn design, http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign This has tought me a lesson: the one time I try to avoid overdesigning, it comes back to bite me within 4 months. Now I wait for someone with the requirement to layer tunnels, and my happiness will be complete. It's going to be a tough nut to crack, since each proxy in a chain may also need a different proxy authentication. I'll keep pondering it (with low priority though). cheers, Roland
          Hide
          Oleg Kalnichevski added a comment -

          Roland,
          We do not necessarily have to provide this feature in the stock version of HttpClient if this will increase the complexity of connection management code dramatically. As long as the users are able to plug in their own custom connection operator this should be sufficient.

          Oleg

          Show
          Oleg Kalnichevski added a comment - Roland, We do not necessarily have to provide this feature in the stock version of HttpClient if this will increase the complexity of connection management code dramatically. As long as the users are able to plug in their own custom connection operator this should be sufficient. Oleg
          Hide
          Roland Weber added a comment -

          The pieces are in place: HttpRoute represents proxy chains, ThreadSafeClientConnManager uses HttpRoute.
          The last step is to add the missing ManagedClientConnection.tunnelProxy(...).

          Show
          Roland Weber added a comment - The pieces are in place: HttpRoute represents proxy chains, ThreadSafeClientConnManager uses HttpRoute. The last step is to add the missing ManagedClientConnection.tunnelProxy(...).
          Hide
          Murty Akundi added a comment -

          Thank you very much for all you for adding new feature.

          Show
          Murty Akundi added a comment - Thank you very much for all you for adding new feature.
          Hide
          Ortwin Glück added a comment -

          The feature has been requested in the past:

          http://issues.apache.org/jira/browse/HTTPCLIENT-136
          http://issues.apache.org/jira/browse/HTTPCLIENT-35

          especially for 4.0 here:

          http://marc.info/?l=httpclient-commons-dev&m=110552030923369&w=2

          but somehow the discussion ended up revolving around cookie storage.

          Show
          Ortwin Glück added a comment - The feature has been requested in the past: http://issues.apache.org/jira/browse/HTTPCLIENT-136 http://issues.apache.org/jira/browse/HTTPCLIENT-35 especially for 4.0 here: http://marc.info/?l=httpclient-commons-dev&m=110552030923369&w=2 but somehow the discussion ended up revolving around cookie storage.
          Hide
          Roland Weber added a comment -

          I've added proxy chain support to HttpConn::ManagedClientConnection and a plugin point to HttpClient, see DefaultClientRequestDirector.createTunnelToProxy(...).

          Due to the complexity of proxy authentication, we cannot provide full support for proxy chains in HttpClient at this time. I just don't have the cycles available to refactor the proxy authentication logic. Everybody is invited to submit patches towards that goal.

          cheers,
          Roland

          Show
          Roland Weber added a comment - I've added proxy chain support to HttpConn::ManagedClientConnection and a plugin point to HttpClient, see DefaultClientRequestDirector.createTunnelToProxy(...). Due to the complexity of proxy authentication, we cannot provide full support for proxy chains in HttpClient at this time. I just don't have the cycles available to refactor the proxy authentication logic. Everybody is invited to submit patches towards that goal. cheers, Roland

            People

            • Assignee:
              Roland Weber
              Reporter:
              Murty Akundi
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development