io.undertow.server.handlers.ConnectHandler Maven / Gradle / Ivy
/*
* JBoss, Home of Professional Open Source.
* Copyright 2014 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.undertow.server.handlers;
import io.undertow.predicate.Predicate;
import io.undertow.predicate.Predicates;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.HttpUpgradeListener;
import io.undertow.util.Methods;
import io.undertow.util.SameThreadExecutor;
import io.undertow.util.StatusCodes;
import io.undertow.util.Transfer;
import org.xnio.ChannelExceptionHandler;
import org.xnio.ChannelListener;
import org.xnio.ChannelListeners;
import org.xnio.IoFuture;
import org.xnio.IoUtils;
import org.xnio.OptionMap;
import org.xnio.Options;
import org.xnio.StreamConnection;
import org.xnio.channels.StreamSinkChannel;
import java.io.Closeable;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.channels.Channel;
/**
*
* Handlers HTTP CONNECT requests, allowing the server to act as a forward proxy.
*
* WARNING: Do not enable this without some kind of authentication / IP based restriction scheme
* in place, as this will allow malicious actors to use your server as an open relay.
*
* @author Stuart Douglas
*/
public class ConnectHandler implements HttpHandler {
private final HttpHandler next;
private final Predicate allowed;
public ConnectHandler(HttpHandler next) {
this(next, Predicates.truePredicate());
}
public ConnectHandler(HttpHandler next, Predicate allowed) {
this.next = next;
this.allowed = allowed;
}
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
if(exchange.getRequestMethod().equals(Methods.CONNECT)) {
if(!allowed.resolve(exchange)) {
exchange.setStatusCode(StatusCodes.METHOD_NOT_ALLOWED);//not sure if this is the best response
return;
}
String[] parts = exchange.getRequestPath().split(":");
if(parts.length != 2) {
exchange.setStatusCode(StatusCodes.BAD_REQUEST);//not sure if this is the best response
return;
}
final String host = parts[0];
final Integer port = Integer.parseInt(parts[1]);
exchange.dispatch(SameThreadExecutor.INSTANCE, new Runnable() {
@Override
public void run() {
exchange.getConnection().getIoThread().openStreamConnection(new InetSocketAddress(host, port), new ChannelListener() {
@Override
public void handleEvent(final StreamConnection clientChannel) {
exchange.acceptConnectRequest(new HttpUpgradeListener() {
@Override
public void handleUpgrade(StreamConnection streamConnection, HttpServerExchange exchange) {
final ClosingExceptionHandler handler = new ClosingExceptionHandler(streamConnection, clientChannel);
Transfer.initiateTransfer(clientChannel.getSourceChannel(), streamConnection.getSinkChannel(), ChannelListeners.closingChannelListener(), ChannelListeners.writeShutdownChannelListener(ChannelListeners.flushingChannelListener(ChannelListeners.closingChannelListener(), ChannelListeners.closingChannelExceptionHandler()), ChannelListeners.closingChannelExceptionHandler()), handler, handler, exchange.getConnection().getByteBufferPool());
Transfer.initiateTransfer(streamConnection.getSourceChannel(), clientChannel.getSinkChannel(), ChannelListeners.closingChannelListener(), ChannelListeners.writeShutdownChannelListener(ChannelListeners.flushingChannelListener(ChannelListeners.closingChannelListener(), ChannelListeners.closingChannelExceptionHandler()), ChannelListeners.closingChannelExceptionHandler()), handler, handler, exchange.getConnection().getByteBufferPool());
}
});
exchange.setStatusCode(200);
exchange.endExchange();
}
}, OptionMap.create(Options.TCP_NODELAY, true)).addNotifier(new IoFuture.Notifier() {
@Override
public void notify(IoFuture extends StreamConnection> ioFuture, Object attachment) {
if(ioFuture.getStatus() == IoFuture.Status.FAILED) {
exchange.setStatusCode(503);
exchange.endExchange();
}
}
},null);
}
});
} else {
next.handleRequest(exchange);
}
}
private static final class ClosingExceptionHandler implements ChannelExceptionHandler {
private final Closeable[] toClose;
private ClosingExceptionHandler(Closeable... toClose) {
this.toClose = toClose;
}
@Override
public void handleException(Channel channel, IOException exception) {
IoUtils.safeClose(channel);
IoUtils.safeClose(toClose);
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy