• Post Reply Bookmark Topic Watch Topic
  • New Topic

grabbing servlet output in a filter  RSS feed

 
Angel Dobbs-Sciortino
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm going to be using an encryption filter for decrypting requests from the client and encrypting responses (including the headers). Does anyone know how to go about grabbing *everything* a servlet sends to the client, including headers and anything else? I was considering using HttpServletResponseWrapper, and overwriting getOutputStream(). But is that enough, or do I need to overwrite cookie, status, and header methods as well?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Think about what the headers are -- instructions for the browser and or the server (meta-data about the page).
Content-length, Content-type, etc..

If you encrypt those, how will the browser or server know how to handle the requests and responses?

Also, why not just let SSL handle this?
 
Angel Dobbs-Sciortino
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSL will be used, but this encryption layer is going on top of that. There will be a client/plugin on the client side that decrypts and sends everything to the browser. So, do you know how to get all the output, or no?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66158
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, do you know how to get all the output, or no?


Being snippy will not induce people to want to help you. Ben's point is a good one that you have not addressed: what's the point of encrypting the headers?
 
Angel Dobbs-Sciortino
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think I can say the reason for encrypting the headers without violating the confidentiality clause in my contract. But it is something I need to attempt to do.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Angel Dobbs-Sciortino:
I don't think I can say the reason for encrypting the headers without violating the confidentiality clause in my contract. But it is something I need to attempt to do.


Understandable.
I think you're going to need to selectively encrypt the headers unless you have a proxy server that can decrypt them before they get to Tomcat (or whatever app server you're using). If you encrypt the content-length header for example, the socket won't know when the POSTs have completed. I can picture similar problems with the JSPSessionID.

They're all stored in a map so it shouldn't be difficult for your wrapper to pull them all out and return your new (encrypted), versions.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!