I’m looking to explore a new feature of HostedQA, but I’m far from a networking expert. I just posted this message on the jetty-discuss mailing list, but perhaps someone reading this will know the answer. My message:
I have a weird requirement, but I need to be able to allow a web browser to access hosts behind a firewall. I think that the ProxyHandler can help here, but I wanted to get feedback from the list (and Greg!) before forging ahead.
Let me start with defining a few network-related items:
- Client: this is a java program that would be run from behind a corporate firewall.
- Server: this is a java program that would accept a connection from the Client and would sit on a public internet site (acme.com). It is important that the Client connect to the Server, because the Server cannot initiate any conversations to the Client due to the firewall restrictions.
- Browser: the browser will sit on a machine on the local network of the Server and will be configured to use some proxy.
Each browser needs to be able to connect to hosts behind a firewall (local to the Client), but each one needs to do so in a private, secure manner. I imagine that when the Client connects to the Server, it would provide a password (”securetoken”), and then the browser would be configured to use a proxy host of “securetoken.proxy.acme.com”. Because that host contains the secure token, it would be mapped to forward HTTP requests through to the Client that connected with that same token.
So - does something like this seem possible? I imagine I’d have to hack the ProxyHandler quite a bit, but my gut says it is possible. The main thing that gets me is how the hop from the Server to the Client will happen.
Any thoughts?
on May 31st, 2006 at 6:30 pm
Your email hasn’t arrived in my mailbox, or in any of the archives for jetty-discuss.
It could be help up in moderation (I think greg moderates non-subscriber postings) but you might want to check that it was sent successfully.
The short of it is that I think it will work. The “wacky” bit of the process is that the “client” initiates the TCP connection, but it wants to act as a “recipient” of HTTP requests.
I see no reason why you couldn’t have an inverted socket connector in jetty, but I’d have to sit down with the code to think it through thoroughly.