HTTP gateway proxy is a server-side Java (Java EE) -based non-transparent intercepting web proxy. The main function of the proxy is to act as a controlled proxy between the client and a web service (gateway) based on the hypertext transfer protocol (HTTP). The non-transparency hides the real gateway that is used as the back-end. The intercepting function works as a security guard to only allow specific requests to pass by. Intercepting The first filter is a servlet filter that intercepts every request going through the proxy servlet and denies or allows the requests with the help of the security guard component. If the request is denied, the intercepting filter sends the HTTP status code 403 (Forbidden) back to the client denoting that the request was denied. Otherwise the request is allowed to be completed normally.
Security guard The security guard component is the core component of the intercepting features which can be configured to allow requests containing only a certain set of parameters or request URLs to be passed through the intercepting filter. The security guard component also controls the proxy state management.
Non-transparency The second filter is a servlet filter that provides the non-transparency. When a specialized request is made through the proxy containing a partial set of parameters for example in order to perform a task in the web service, the transparency filter intercepts it and spawns an secondary request that contains the complete set of parameters for performing the task. This enables the hiding of certain parameters such as security credentials.
State management The proxy state management stores the state of the proxy in different situations. Through the proxy state management the HTTP gateway proxy can be set to pass through (allow) all traffic regardless of the intercepting filter settings or to restrict the traffic based on the intercepting filter settings. This allows the creation of special rules when the proxy can be set to allow all traffic.
Deployment diagram
Compatibility This solution concept is an implementation of the service product e-teho Integration. Supported data systems for e-teho Integration are any applications, systems and platforms based on server-side Java technology Java EE (J2EE).
Example implementation Cognos BI is a business intelligence reporting system, which offers a HTTP gateway for fetching reports. By using this solution reports can be integrated into web applications keeping the security intact.
