Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Save proxy user identity in Channel Context after Proxy Authentication #296

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

savas127
Copy link

After user authenticated to proxy, proxy-authorization header is removed from original message. This change can be useful to let creating different filters based on user in filter source.

@jekh
Copy link
Collaborator

jekh commented May 13, 2016

Is there any way to achieve this without baking it into LP? I can envision certain use cases where this would be useful, but I'm not convinced that the use case is general enough to warrant setting an attribute on the context.

@savas127
Copy link
Author

savas127 commented May 16, 2016

Well, I got the point but other solutions may have bigger impacts.

I think the best solution is changing ProxyAuthenticator interface. Then, other types of authentication methods (digest, NTLM) can be implemented in concrete ProxyAuthenticator classes and proxy can benefit session tokens.

boolean authenticate(HttpRequest request, ChannelHandlerContext ctx);

The solution that has minimal impact is disabling auth service and hendling authentication on HttpFilters. Unfortunately, auth headers get removed because of they are in SHOULD_NOT_PROXY_HOP_BY_HOP_HEADERS list.

@jekh
Copy link
Collaborator

jekh commented Dec 19, 2016

Instead of using HttpFilters, could you use the ChainedProxy interface's filterRequest() method? That's how BMP adds authentication for chained proxies (example here).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants