• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

grabbing servlet output in a filter

 
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm going to be using an encryption filter for decrypting requests from the client and encrypting responses (including the headers). Does anyone know how to go about grabbing *everything* a servlet sends to the client, including headers and anything else? I was considering using HttpServletResponseWrapper, and overwriting getOutputStream(). But is that enough, or do I need to overwrite cookie, status, and header methods as well?
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Think about what the headers are -- instructions for the browser and or the server (meta-data about the page).
Content-length, Content-type, etc..

If you encrypt those, how will the browser or server know how to handle the requests and responses?

Also, why not just let SSL handle this?
 
Angel Dobbs-Sciortino
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SSL will be used, but this encryption layer is going on top of that. There will be a client/plugin on the client side that decrypts and sends everything to the browser. So, do you know how to get all the output, or no?
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

So, do you know how to get all the output, or no?



Being snippy will not induce people to want to help you. Ben's point is a good one that you have not addressed: what's the point of encrypting the headers?
 
Angel Dobbs-Sciortino
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't think I can say the reason for encrypting the headers without violating the confidentiality clause in my contract. But it is something I need to attempt to do.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Angel Dobbs-Sciortino:
I don't think I can say the reason for encrypting the headers without violating the confidentiality clause in my contract. But it is something I need to attempt to do.



Understandable.
I think you're going to need to selectively encrypt the headers unless you have a proxy server that can decrypt them before they get to Tomcat (or whatever app server you're using). If you encrypt the content-length header for example, the socket won't know when the POSTs have completed. I can picture similar problems with the JSPSessionID.

They're all stored in a map so it shouldn't be difficult for your wrapper to pull them all out and return your new (encrypted), versions.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic