[jetty-dev] Modifying the client request after the TLS handshake is comp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-dev] Modifying the client request after the TLS handshake is complete

From: Abel Luck <abel@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 7 Mar 2024 12:06:25 +0100
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-dev/>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla Thunderbird

Hello jetty devs!

I am a developer working on implementing proof-of-concepts of anupcoming IETF standard, a new HTTP authentication scheme calledSignature auth [0], or sometimes referred to as "Unprompted Auth"(because the client sends the authentication request unprompted by theserver).

To be clear, I'm not working on a patch-set that would be directlysubmitted to Jetty. This is an earlier stage where we are just workingon getting a working implementation of the draft. Polishing it up into aproduction ready patch would come later, and will likely look differentthan my proof of concept.

I chose to implement my proof on concept with Jetty since it is one ofthe most widely used web server in the java ecosystem, but I don't needto sing the praises of Jetty to you.

There is now a semi-working server implementation of this draft withJetty, and now I am trying to implement it on the client using Jetty'sclient library.


My problem:

* I need to be able to modify the request headers *after* the TLShandshake is complete

* The `onBegin` listener is the last chance to modify the request
* ..but the `onBegin` listener fires before the TLS handshake is complete

You can see this in my small demo [1].

I've been banging my head against Jetty internals for a few days now andwould appreciate some ideas from you all.


Things I've tired:

* set connect blocking on the connector. Result: doesn't have an effect

* setting a single-threaded thread pool executor. Result: hangs jettywhen it starts.* I'm trying to find the right layer of abstraction to hook in with acustom implementation of HttpConnectionOverHTTP, etc, to delay therequest, but without success so far.

I am *ok* with a reflection-based solution or something else equally ashacky, once again this is just a proof-of-concept.


Cheers,

~abel

[0]:https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-06.html

[1]: https://gist.github.com/abeluck/2cde182eecced0f1a61ee77085124a22

Follow-Ups:
- Re: [jetty-dev] Modifying the client request after the TLS handshake is complete
  - From: Simone Bordet
- Re: [jetty-dev] Modifying the client request after the TLS handshake is complete
  - From: Ludovic Orban

Prev by Date: [jetty-dev] Announcing Eclipse Jetty 12.0.7
Next by Date: Re: [jetty-dev] Modifying the client request after the TLS handshake is complete
Previous by thread: [jetty-dev] Announcing Eclipse Jetty 12.0.7
Next by thread: Re: [jetty-dev] Modifying the client request after the TLS handshake is complete
Index(es):
- Date
- Thread

Breadcrumbs