Working on a http proxy servlet which is used to forward the request to another remote server.
NOTE: Cannot change the URL Pattern
Snippet of web.xml
<servlet>
<servlet-name>SomeServlet</servlet-name>
<servlet-class>SomeServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>SomeServlet</servlet-name>
<url-pattern>/pattern1/*</url-pattern>
</servlet-mapping>
SomeServlet.Java
Validates the requests to check for specific content in request body and if matches forward to remote server. (Working as expected)
but if the condition fails, request processing should continue as is.
what I have now,
public class proxyServlet extends HttpServlet {
/* it has all the init other configs*/
#Overrirde
protected void service(HttpServletRequest servletRequest, HttpServletResponse servletResponse)
throws ServletException, IOException {
/* If true, returns which endpoint for remote server else returns null */
String endPoint = checkForConditions(servletRequest);
if(endPoint == null) {
return; // this is not letting the app to continue with flow.
} else {
HttpRequest newR = new BasicHttpRequest(method, endPoint);
doExecute(servletRequest, newR)
}
}
}
I cannot create a new request and forward since server will again catch the pattern and do it in a infinite loop.
What is the best way to accomplish this? Any suggestions are greatly appreciated.
UPDATE-Solved: As per the comment from #balusc, Used servlet-filter and on condition use a HTTPClient to send POST request to remote server else chain.doFilter(...)
Related
tl;dr:
How do I get the ServletResponse during ServletRequestListener.requestDestroyed?
Short Version
In JavaEE, I want to know when:
when a request starts
and when a request ends
and be able to inspect the request and response objects.
Long Version
In the ASP.NET world, if you want to know when a request starts and ends, you write an IHttpModule:
public class ExampleModuleForThisQuestion : IHttpModule
{
}
And then register your "module" in the web XML configuration file:
web.config:
<system.webServer>
<modules>
<add name="DoesntMatter" type="ExampleModuleForThisQuestion "/>
</modules>
</system.webServer>
Inside your module, you can register callback handlers for:
BeginRequest event
EndRequest event
The web server infrastructure then calls you Init method. That is your opportunity to register that you want to receive notifications when a request starts, and when a request ends:
public class ExampleModuleForThisQuestion : IHttpModule
{
public void Init(HttpApplication application)
{
application.BeginRequest += new EventHandler(beginRequest); //register the "BeginRequet" event
application.EndRequest += new EventHandler(endRequest); //register the "EndRequest" event
}
}
And now we have our callbacks when a request starts:
private void beginRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
//Record the time the request started
application.Context.Items["RequestStartTime"] = DateTime.Now;
//We can even access the Request and Response objects
application.ContenxtLog(application.Context.Request.Headers["User-Agent"]);
}
And we have our callback when a request ends:
private void endRequest(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
//We can even access the Request and Response objects
//Get the response status code (e.g. 418 I'm a teapot)
int statusCode = application.Context.Response.StatusCode;
//Get the request method (e.g. GET, POST, BREW)
String method = application.context.Request.RequestType;
//Get the path from the request (e.g. /ViewCustomer)
String path = application.context.Request.AppRelativeCurrentExecutionFilePath'
//Get when the request started - that we recorded during "Begin Request"
DateTime requestStartTime = (DateTime)application.Context.Items["RequestStartTime"];
//And we can modify the response
if ((DateTime.Now - requestStartTime).TotalSeconds = 17)
application.Context.Response.StatusCode = 451;
}
The Java Almost-Equivalent is ServletRequestListener
In Java, apparently the corresponding technique is to create and object that implements the ServletRequestListener interface:
#WebListener
public class ExampleListenerForThisQuestion
implements javax.servlet.ServletRequestListener {
}
and register our listener with the application server by including it in our web XML configuration file:
web.xml
<listener>
<listener-class>ExampleListenerForThisQuestion</listener-class>
</listener>
Now we can implement the requestInitialized and requestDestroyed methods to get when a request starts and ends:
public class ExampleListenerForThisQuestion
implements javax.servlet.ServletRequestListener {
#Override
public void requestInitialized(ServletRequestEvent sre) {
ServletRequest sr = sre.getServletRequest();
sr.setAttribute("requestStartTicks", getCurrentTickCount());
HttpServletRequest request = (HttpServletRequest) sr;
// e.g. "PUT /Customers/1234"
System.out.printf("%s %s\r\n", request.getMethod());
}
#Override
public void requestDestroyed(ServletRequestEvent sre) {
ServletRequest sr = sre.getServletRequest();
long requestStartTicks = (long)sr.getAttribute("requestStartTicks");
HttpServletResponse response = (HttpServletRequest)...nothing, because i don't know how...
// e.g. "226 IM Used"
System.out.printf("%d %s\r\n", response.getStatus(), response.getStatusDescription());
}
}
But how do we get the response?
Now that I'm notified when the response ends, I need the result of that request:
I need the HTTP status code (e.g., 424)
I need the HTTP status description (e.g., Failed Dependency)
I need to inspect response headers
I need to modify response headers
You notice the line in my code above:
HttpServletResponse response = (HttpServletRequest)...nothing, because i don't know how...
How can I get hold of the response?
You can create a Filter instead of a listener.
Filters allow you to create wrappers around request processing. See the documentation on that topic.
For HTTP, you can use HTTPFilter. This could look like the following:
#WebFilter("/*")//or via deployment descriptor
public class YourFilter extends HttpFilter{ //or just Filter for general (non-HTTP) processing
#Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) {//for generic filters, use ServletRequest/ServletResponse instead
//before request processing
chain.doFilter(req, res);//calls other filters and processes request
//after request processing
//you can use res here
}
}
If you do not call chain.doFilter, other filters and the servlet will not be executed.
If you prefer declaring the filter in your deployment descriptor (web.xml), you can do that as well:
<filter>
<filter-name>yourFilter</filter-name>
<filter-class>your.FilterClass</filter-class>
</filter>
<filter-mapping>
<filter-name>yourFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I have a login servlet and after successful login, I want the user to
/login/{username}/
How can I place username in the URL for POST request?
I have looked up certain answers like this and this but couldn't understand how to actually accomplish my goal.
I would like to stick to using servlets and refrain from using technologies like JAX-RS and so on.
This is my login logic implementation:
private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKeySpecException, NoSuchAlgorithmException, ServletException, IOException {
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
pst = c.prepareStatement(query);
pst.setString(1,userInput);
rs = pst.executeQuery();
while (rs.next()){
imiya = rs.getString("user_name");
kyuch = rs.getString("key");
kodom = rs.getBytes("nitrate");
}
EncryptClass instance = new EncryptClass(2048,100000);
if(instance.chkPass(pass,kyuch,kodom) && imiya.equals(userInput)){
HttpSession session = request.getSession();
session.setAttribute("userLogged",userInput);
request.setAttribute("title",userInput);
String pathInfo = request.getPathInfo();
if(pathInfo!=null || !pathInfo.isEmpty()){
String[] pathArr = pathInfo.split("/");
String val = pathArr[1];//{username}
//now what??.....
}
request.getRequestDispatcher("/LoginLanding.jsp").forward(request,response);
} else {
request.setAttribute("message", message);
request.getRequestDispatcher("/index.jsp").include(request,response);
}
}
And this is the web.xml for it:
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>AuthPack.ServletLogin</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login/*</url-pattern>
</servlet-mapping>
After I submit the form, the URL becomes something like
/login
But I want it like this:
/login/{username}
more preferably:
/{username}
you have to use a url rewriter or a filter.
Here is an example using a filter method:
in your login servlet instead of going to loginLanding.jsp
you redirect to the filter like so:
//REDIRECT TO filter
response.sendRedirect("/user/"+userInput);
To create a filter, it's very similar to creating a servlet, and you get the option to create a mapping like this (web.xml):
<filter>
<display-name>UserFilter</display-name>
<filter-name>UserFilter</filter-name>
<filter-class>filters.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
Your filter should look something like this:
public class UserFilter implements Filter {
public UserFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
HttpSession session = (((HttpServletRequest) request).getSession());
String RequestedUsername = null;
if(requri.contains("user/")){
//get the username after "user/"
RequestedUsername=requri.substring(5);
if(!RequestedUsername.isEmpty()){
//if not empty set session
session.setAttribute("loggedInUser",RequestedUsername);
}
}
//forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
request.getRequestDispatcher("/profile").forward(request, response);
}
In this code, you expect the parameters to be in the available in HttpServletRequest.getParameter() accessed from the doPost() method in your servlet:
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
But you don't show whether you are a) submitting the request as a POST or b) accessing these from the doPost() call in your servlet.
You can access parameter information on the path by using HttpServletRequest.getPathInfo() (see this link)
String extraPathInfo = request.getPathInfo();
// If extraPathInfo is not null, parse it to extract the user name
String pass = request.getParameter("pass");
If your servlet is available at /login and you append the user name to that (like /login/someUser/) then getPathInfo() will return that, though you may want to check whether this includes the slashes.
As an aside, doing this for a login feature creates a security vulnerability. Rather than putting user names on the path, it's better to simply send both the username and password as POST parameters.
THE CONFIGURATION
Web server : Nginx
App server : Tomcat with default configuration of 200 request serving threads
Expected response time for my server : ~30 seconds(There are lots of third party dependencies)
THE SCENARIO
Every 10 seconds the application will need to generate the token for its use. The expected time for token generation is around 5 seconds, but since its a third party system being contacted over network, this is obviously not consistent and can go up to 10 seconds.
During the token generation process, nearly 80% of the incoming requests per second will need to wait.
WHAT I BELIEVE SHOULD HAPPEN
Since the requests waiting for the token generation will have to wait a "long" time, there is no reason for these request serving to be reused to serve other incoming requests while waiting for token generation process to complete.
Basically, it would make sense if my 20% to keep being served. If the waiting threads are not being utilized for other requests, tomcat request serving limit will be reached and server would essentially choke, not really something any developer will like.
WHAT I TRIED
Initially I expected switching to tomcat NIO connector would do this job. But after looking at this comparison, I was really not hopeful. Nevertheless, I tried by forcing the requests to wait for 10 second and it did not work.
Now I am thinking on the lines that I need to, sort of, shelve the request while its waiting and need to signal the tomcat that this thread is free to reuse. Similarly, I will need tomcat to give me a thread from its threadpool when the request is ready to be moved forward. But I am blindsided on how to do it or even if this is possible.
Any guidance or help?
You need an asynchronous servlet but you also need asynchronous HTTP calls to the external token generator. You will gain nothing by passing the requests from the servlet to an ExecutorService with a thread pool if you still create one thread somewhere per token request. You have to decouple threads from HTTP requests so that one thread can handle multiple HTTP requests. This can be achieved with an asynchronous HTTP client like Apache Asynch HttpClient or Async Http Client.
First you have to create an asynchronous servlet like this one
public class ProxyService extends HttpServlet {
private CloseableHttpAsyncClient httpClient;
#Override
public void init() throws ServletException {
httpClient = HttpAsyncClients.custom().
setMaxConnTotal(Integer.parseInt(getInitParameter("maxtotalconnections"))).
setMaxConnPerRoute(Integer.parseInt(getInitParameter("maxconnectionsperroute"))).
build();
httpClient.start();
}
#Override
public void destroy() {
try {
httpClient.close();
} catch (IOException e) { }
}
#Override
public void doGet(HttpServletRequest request, HttpServletResponse response) {
AsyncContext asyncCtx = request.startAsync(request, response);
asyncCtx.setTimeout(ExternalServiceMock.TIMEOUT_SECONDS * ExternalServiceMock.K);
ResponseListener listener = new ResponseListener();
asyncCtx.addListener(listener);
Future<String> result = httpClient.execute(HttpAsyncMethods.createGet(getInitParameter("serviceurl")), new ResponseConsumer(asyncCtx), null);
}
}
This servlet performs an asynchronous HTTP call using Apache Asynch HttpClient. Note that you may want to configure the maximum connections per route because as per RFC 2616 spec HttpAsyncClient will only allow a maximum of two concurrent connections to the same host by default. And there are plenty of other options that you can configure as shown in HttpAsyncClient configuration. HttpAsyncClient is expensive to create, therefore you do not want to create an instace of it on each GET operation.
One listener is hooked to the AsyncContext, this listener is only used in the example above to handle timeouts.
public class ResponseListener implements AsyncListener {
#Override
public void onStartAsync(AsyncEvent event) throws IOException {
}
#Override
public void onComplete(AsyncEvent event) throws IOException {
}
#Override
public void onError(AsyncEvent event) throws IOException {
event.getAsyncContext().getResponse().getWriter().print("error:");
}
#Override
public void onTimeout(AsyncEvent event) throws IOException {
event.getAsyncContext().getResponse().getWriter().print("timeout:");
}
}
Then you need a consumer for the HTTP client. This consumer informs the AsyncContext by calling complete() when buildResult() is executed internally by HttpClient as a step to return a Future<String> to the caller ProxyService servlet.
public class ResponseConsumer extends AsyncCharConsumer<String> {
private int responseCode;
private StringBuilder responseBuffer;
private AsyncContext asyncCtx;
public ResponseConsumer(AsyncContext asyncCtx) {
this.responseBuffer = new StringBuilder();
this.asyncCtx = asyncCtx;
}
#Override
protected void releaseResources() { }
#Override
protected String buildResult(final HttpContext context) {
try {
PrintWriter responseWriter = asyncCtx.getResponse().getWriter();
switch (responseCode) {
case javax.servlet.http.HttpServletResponse.SC_OK:
responseWriter.print("success:" + responseBuffer.toString());
break;
default:
responseWriter.print("error:" + responseBuffer.toString());
}
} catch (IOException e) { }
asyncCtx.complete();
return responseBuffer.toString();
}
#Override
protected void onCharReceived(CharBuffer buffer, IOControl ioc) throws IOException {
while (buffer.hasRemaining())
responseBuffer.append(buffer.get());
}
#Override
protected void onResponseReceived(HttpResponse response) throws HttpException, IOException {
responseCode = response.getStatusLine().getStatusCode();
}
}
The web.xml configuration for ProxyService servlet may be like
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0" metadata-complete="true">
<display-name>asyncservlet-demo</display-name>
<servlet>
<servlet-name>External Service Mock</servlet-name>
<servlet-class>ExternalServiceMock</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Proxy Service</servlet-name>
<servlet-class>ProxyService</servlet-class>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
<init-param>
<param-name>maxtotalconnections</param-name>
<param-value>200</param-value>
</init-param>
<init-param>
<param-name>maxconnectionsperroute</param-name>
<param-value>4</param-value>
</init-param>
<init-param>
<param-name>serviceurl</param-name>
<param-value>http://127.0.0.1:8080/asyncservlet/externalservicemock</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>External Service Mock</servlet-name>
<url-pattern>/externalservicemock</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Proxy Service</servlet-name>
<url-pattern>/proxyservice</url-pattern>
</servlet-mapping>
</web-app>
And a mock servlet for the token generator with a delay in seconds may be:
public class ExternalServiceMock extends HttpServlet{
public static final int TIMEOUT_SECONDS = 13;
public static final long K = 1000l;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
Random rnd = new Random();
try {
Thread.sleep(rnd.nextInt(TIMEOUT_SECONDS) * K);
} catch (InterruptedException e) { }
final byte[] token = String.format("%10d", Math.abs(rnd.nextLong())).getBytes(ISO_8859_1);
response.setContentType("text/plain");
response.setCharacterEncoding(ISO_8859_1.name());
response.setContentLength(token.length);
response.getOutputStream().write(token);
}
}
You can get a fully working example at GitHub.
This problem is essentially the reason so many "reactive" libraries and toolkits exist.
It's not a problem that can be solved by tweaking or swapping out the tomcat connector.
You basically need to remove all blocking IO calls, replacing them with non-blocking IO will likely require rewriting large parts of the application.
Your HTTP server needs to be non-blocking, you need to be using a non blocking API to the server(like servlet 3.1) and your calls to the third party API need to be non blocking.
Libraries like Vert.x and RxJava provide tooling to help with all of this.
Otherwise the only other alternative is to just increase the size of the threadpool, the operating system already takes care of scheduling the CPU so that the inactive threads don’t cause too much performance loss, but there is always going to be more overhead compared to a reactive approach.
Without knowing more about your application it is hard to offer advice on a specific approach.
Using async servlet requests or reactive libraries (as mentioned in other answers) can help but will demand major architectural changes.
Another option is to separate token updates from token uses.
Here is a naive implementation:
public class TokenHolder {
public static volatile Token token = null;
private static Timer timer = new Timer(true);
static {
// set the token 1st time
TokenHolder.token = getNewToken();
// schedule updates periodically
timer.schedule(new TimerTask(){
public void run() {
TokenHolder.token = getNewToken();
}
}, 10000, 10000);
}
}
Now your requests can just use TokenHolder.token to access the service.
In a real application you probably will use a more advanced scheduling tool.
I am creating a jsp application in jsp.I am trying to redirect to login page on ajax request if user is not signed in.
My approach
The request is send from javascript that pass some parameters to
url.The server side code checks is user is signed in or not.
The server side code has a function to build sign in url
The Problem where i am stuck is i have to pass this text to client side from server to javascript so that i can use something like window.location.href=url;
Can anyone please explain how do i pass this url and access it in callback function in ajax success function.
Is there any other approach?..
Checking the user is logged in should probably be handled by your JSP code.
That way you can send redirect headers before the page is rendered, rather than having to wait for a ajax response to be returned before redirecting the user. Using ajax will mean they see the page they don't have access to before you redirect them.
There are tons of ways to handle ajax request. The simplest way (not necessarily best) is to create a servlet to handle your ajax request. Below servlet example will return the json string { status: 'not logged in'}:
package mycompany;
public CheckLoginServlet extends HttpServlet {
protected doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
res.setContentType("application/json");
HttpSession session = req.getSession();
// do your stuff to check if user logged in here ..
PrintWriter writer = res.getWriter();
writer.append("{ status: 'not logged in' }");
}
}
Declare & map this servlet on your web.xml deployment descriptor file:
<web-app>
<servlet>
<servlet-class>mycompany.CheckLoginServlet</servlet-class>
<servlet-name>CheckLoginServlet</servlet-name>
</servlet>
<servlet-mapping>
<servlet-name>CheckLoginServlet</servlet-name>
<url-pattern>/checklogin</url-pattern>
</servlet-mapping>
</web-app>
The servlet is now mapped to http://myhost/myappname/checklogin. You can then send ajax post request to this servlet via jquery:
$.ajax('checklogin', {
type: 'POST'
}).done(function(res) {
console.log(res.status); // will give you 'not logged in'
});
This approach is ofcourse an old and obsolete approach, but it's good for you to understand servlet basics. If you're building real-life enterprise application consider using web frameworks such as Spring or JSF.
You can send the user status and the sign-in URL in the response as JSON. Let us create a model for your response.
public class Result {
private boolean status;
private String url;
Result() {
}
Result(boolean status, String url) {
this.status = status;
this.url = url;
}
// getters and setters
}
Now in your action where you check the user status and build the sign in url, initialise your model.
Result res = new Result(status, url);
Now we need to send this model as json response. There are many ways to do that but I will be using the Google GSON to serialize the model into json string.
private String result;
public void getResult() {
return this.result;
}
public void setResult(Stringresult) {
this.result = result;
}
Gson gson = new Gson();
result= gson.toJson(res);
==> json is {"status": true,"url":"www.example.com"}
The last part is checking the response in your client side and taking the appropriate action.
$.ajax({
// ...
success: function(response) {
var responseJson = JSON.parse (response.responseText);
if (!responseJson.status) {
window.location.href = responseJson.url;
}
}
});
References : https://sites.google.com/site/gson/gson-user-guide
my task is to check if my program is running fine on server or not.The scenario is like this :A URL is sent to the program that is continuously running and it is supposed to reply with a status OK if it is running fine.I am not able to understand the process how to do it.Can anyone explain.
OK, I am assuming that you wanted to write some sort of health check page for your application. So here it goes.
package test.naishe.so;
public class HealthCheck extends HttpServlet {
private static final long serialVersionUID = 940861886429788526L;
#Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
int response = HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
boolean checkServices = true;
//optional: assumming you wanted to do health check on various services (eg. DB service) and have a utility class for that
checkServices = CheckServices.checkAll();
if(checkServices)
response = HttpServletResponse.SC_OK;
String out =
"<healthCheck>" +
"<services>" +
(checkServices?"OK":"ERROR")
"</services>" +
"</healthCheck>"
;
resp.setStatus(response);
resp.getWriter().println(out);
}
}
in your web.xml add the following:
<servlet>
<servlet-name>healthCheck</servlet-name>
<servlet-class>test.naishe.so.HealthCheck</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>healthCheck</servlet-name>
<url-pattern>/check_health</url-pattern>
</servlet-mapping>
you can access this page from <base_url>/check_health on your local machine, http://localhost[:port][/app_name]/check_health