Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Modifying the client request after the TLS handshake is complete

Hello jetty devs!

I am a developer working on implementing proof-of-concepts of an upcoming IETF standard, a new HTTP authentication scheme called Signature auth [0], or sometimes referred to as "Unprompted Auth" (because the client sends the authentication request unprompted by the server).

To be clear, I'm not working on a patch-set that would be directly submitted to Jetty. This is an earlier stage where we are just working on getting a working implementation of the draft. Polishing it up into a production ready patch would come later, and will likely look different than my proof of concept.

I chose to implement my proof on concept with Jetty since it is one of the most widely used web server in the java ecosystem, but I don't need to sing the praises of Jetty to you.

There is now  a semi-working server implementation of this draft with Jetty, and now I am trying to implement it on the client using Jetty's client library.

My problem:

* I need to be able to modify the request headers *after* the TLS handshake is complete
* The `onBegin` listener is the last chance to modify the request
* ..but the `onBegin` listener fires before the TLS handshake is complete

You can see this in my small demo [1].

I've been banging my head against Jetty internals for a few days now and would appreciate some ideas from you all.

Things I've tired:

* set connect blocking on the connector. Result: doesn't have an effect
* setting a single-threaded thread pool executor. Result: hangs jetty when it starts. * I'm trying to find the right layer of abstraction to hook in with a custom implementation of HttpConnectionOverHTTP, etc, to delay the request, but without success so far.

I am *ok* with a reflection-based solution or something else equally as hacky, once again this is just a proof-of-concept.

Cheers,

~abel

[0]: https://www.ietf.org/archive/id/draft-ietf-httpbis-unprompted-auth-06.html
[1]: https://gist.github.com/abeluck/2cde182eecced0f1a61ee77085124a22


Back to the top