POST to secure server

Discussion in 'Java' started by RVic, Mar 26, 2013.

  1. RVic

    RVic Guest

    I have an application that must run in windows which must post to a servletrunning on a secure server. I can WinSCP into that server, and I can use PuTTY to ssh into that server. But I am quite clueless how I can post to a servlet there? Is there something I can pass in posting, or something I do with my URLConnection or URL variable to allow me access as I get with WinSCP or PuTTY? Thank you.

    URL postURL = new URL(servletURL);
    HttpURLConnection conn = (HttpURLConnection) postURL.openConnection();
    conn.setRequestMethod("POST");
    conn.setDoOutput(true);
    conn.setUseCaches(false);
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    conn.connect();
    StringBuilder sb = new StringBuilder();
    sb.append(vtkey+"="+ paramval);
    out.write(sb.toString());
    out.flush();
    RVic, Mar 26, 2013
    #1
    1. Advertising

  2. RVic

    markspace Guest

    On 3/26/2013 4:46 AM, RVic wrote:
    > I have an application that must run in windows which must post to a
    > servlet running on a secure server. I can WinSCP into that server,
    > and I can use PuTTY to ssh into that server. But I am quite clueless
    > how I can post to a servlet there?

    ....
    > out.write(sb.toString());
    > out.flush();


    out.close();

    Generally speaking, you must close the TCP connection or the server
    won't "recognize" that you are done sending data.

    I seem to recall that Java's built-in HttpConnection is kind of
    primitive and doesn't really implement everything you'd expect for a
    real HTTP connection. In particular, I think you have to handle cookies
    yourself, which might be causing the server code to break if it doesn't
    see the cookies it's expecting.

    I think the Apache Commons library has an HTTP class that handles things
    more automagically. Try their HttpClient if you can't figure out what
    the built-in version needs:

    <http://hc.apache.org/>
    markspace, Mar 26, 2013
    #2
    1. Advertising

  3. RVic

    Roedy Green Guest

    On Tue, 26 Mar 2013 04:46:07 -0700 (PDT), RVic <>
    wrote, quoted or indirectly quoted someone who said :

    >I have an application that must run in windows which must post to a servlet=
    > running on a secure server. I can WinSCP into that server, and I can use P=
    >uTTY to ssh into that server. But I am quite clueless how I can post to a s=
    >ervlet there? Is there something I can pass in posting, or something I do w=
    >ith my URLConnection or URL variable to allow me access as I get with WinSC=
    >P or PuTTY? Thank you.


    for sample code see http://mindprod.com/jgloss/http.html
    --
    Roedy Green Canadian Mind Products http://mindprod.com
    Motors make noise, and that tells you about the feelings and attitudes
    that went into it. Something was more important than sensory pleasure --
    nobody would invent a chair or dish that smelled bad or that made horrible
    noises -- why were motors invented noisy? How could they possibly be
    considered complete or successful inventions with this glaring defect?
    Unless, of course, the aggressive, hostile, assaultive sound actually served
    to express some impulse of the owner.
    ~ Philip Slater (born: 1927 age: 85)
    The Wayward Gate: Science and the Supernatural
    Roedy Green, Mar 27, 2013
    #3
  4. RVic

    RVic Guest

    Thanks for all your responses. I'm finding out from the client that they have no exposed URLs that my servlet call can come in on, and they need to somehow provide that on their end.

    OTOH, because I need to get this project done ad get it done beyond the crawl of academic beureaucracy, couldn't I simply read and write to a socket (in lie of a servlet), forget about the post, just wrap and unwrap the parameters I would otherwise post, that I could access somehow with ssh through java?

    Thanks in advance.
    RVic, Mar 27, 2013
    #4
  5. RVic

    RVic Guest

    If I ssh in.....trying to think this through, how might I replicate a post to a servlet? Not sure on this last step, wouldn't I need a socket listenerrunning on the target where I otherwise would have had a servlet running? Thanks for your thoughts and ideas here.
    RVic, Mar 27, 2013
    #5
  6. RVic

    Silvio Guest

    On 03/26/2013 12:46 PM, RVic wrote:
    > I have an application that must run in windows which must post to a servlet running on a secure server. I can WinSCP into that server, and I can use PuTTY to ssh into that server. But I am quite clueless how I can post to a servlet there? Is there something I can pass in posting, or something I do with my URLConnection or URL variable to allow me access as I get with WinSCP or PuTTY? Thank you.
    >
    > URL postURL = new URL(servletURL);
    > HttpURLConnection conn = (HttpURLConnection) postURL.openConnection();
    > conn.setRequestMethod("POST");
    > conn.setDoOutput(true);
    > conn.setUseCaches(false);
    > conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    > conn.connect();
    > StringBuilder sb = new StringBuilder();
    > sb.append(vtkey+"="+ paramval);
    > out.write(sb.toString());
    > out.flush();
    >


    There are two options: you either post via HTTP or HTTPS directly to the
    servlet (possibly passing through reverse proxies or NAT at the server
    side) or you need to create an SSH tunnel first and use the tunnel to
    reach the servlet.

    The former will only work if the servlet is accessible from the outer
    world. The latter will require you to create the tunnel from the client
    side using the SSH connection for transport. Putty can create the tunnel
    for you but this requires setting up the tunnel manually. If you want to
    create the tunnel from inside the application you would need an SSH
    library. JSCH would be a good candidate since it is open source and it
    supports tunnelling. Having set up the tunnel you can simply post to
    localhost.

    Silvio
    Silvio, Mar 27, 2013
    #6
  7. RVic

    RVic Guest

    Thank you. I was thinking I would have to create a socket listener on the server side once I had an ssh connection set up with Jsch. I am looking through the Jsch examples (I am enclosing one in particular caled ViaHTTP) but I cannot, for the life of me, see how I would then perform my Post within that framework? Can you please explain further? Thank you!


    String proxy_host;
    int proxy_port;

    try{
    JSch jsch=new JSch();

    String host=null;
    if(arg.length>0){
    host=arg[0];
    }
    else{
    host=JOptionPane.showInputDialog("Enter username@hostname",
    System.getProperty("user.name")+
    "@localhost");
    }
    String user=host.substring(0, host.indexOf('@'));
    host=host.substring(host.indexOf('@')+1);

    Session session=jsch.getSession(user, host, 22);

    String proxy=JOptionPane.showInputDialog("Enter proxy server",
    "hostname:port");
    proxy_host=proxy.substring(0, proxy.indexOf(':'));
    proxy_port=Integer.parseInt(proxy.substring(proxy.indexOf(':')+1));

    session.setProxy(new ProxyHTTP(proxy_host, proxy_port));

    // username and password will be given via UserInfo interface.
    UserInfo ui=new MyUserInfo();
    session.setUserInfo(ui);

    session.connect();

    Channel channel=session.openChannel("shell");

    channel.setInputStream(System.in);
    channel.setOutputStream(System.out);

    channel.connect();
    }
    catch(Exception e){
    System.out.println(e);
    }
    RVic, Mar 27, 2013
    #7
  8. RVic

    Silvio Guest

    On 03/27/2013 02:45 PM, RVic wrote:
    > Thank you. I was thinking I would have to create a socket listener on the server side once I had an ssh connection set up with Jsch. I am looking through the Jsch examples (I am enclosing one in particular caled ViaHTTP) but I cannot, for the life of me, see how I would then perform my Post within that framework? Can you please explain further? Thank you!
    >
    >
    > String proxy_host;
    > int proxy_port;
    >
    > try{
    > JSch jsch=new JSch();
    >
    > String host=null;
    > if(arg.length>0){
    > host=arg[0];
    > }
    > else{
    > host=JOptionPane.showInputDialog("Enter username@hostname",
    > System.getProperty("user.name")+
    > "@localhost");
    > }
    > String user=host.substring(0, host.indexOf('@'));
    > host=host.substring(host.indexOf('@')+1);
    >
    > Session session=jsch.getSession(user, host, 22);
    >
    > String proxy=JOptionPane.showInputDialog("Enter proxy server",
    > "hostname:port");
    > proxy_host=proxy.substring(0, proxy.indexOf(':'));
    > proxy_port=Integer.parseInt(proxy.substring(proxy.indexOf(':')+1));
    >
    > session.setProxy(new ProxyHTTP(proxy_host, proxy_port));
    >
    > // username and password will be given via UserInfo interface.
    > UserInfo ui=new MyUserInfo();
    > session.setUserInfo(ui);
    >
    > session.connect();
    >
    > Channel channel=session.openChannel("shell");
    >
    > channel.setInputStream(System.in);
    > channel.setOutputStream(System.out);
    >
    > channel.connect();
    > }
    > catch(Exception e){
    > System.out.println(e);
    > }
    >



    I am guessing you meant this as a reply to my post...

    If you setup a tunnel using JSCH (which requires adding an addition
    connection property string to the connection that specifies the server
    destination host:port and the local port on the client side then any
    communication going through localhost:port on the client will be
    tunnelled via SSH and reach the destination host:port on the server side.
    So assuming that there is an existing servlet on the server side that is
    listening for HTTP requests on port 80 on the same box you make the SSH
    connection to you server host:port would be localhost:80 and you could
    use any desired port on the client side, lets say 8080. After that you
    can use new URL("http://localhost:8080/path/to/the/servlet/") and do a
    normal post from the client. The tunnel will automagically make your
    request reach the servlet.

    Despite what others have said the standard HTTP client in Java works
    fine and will probably give you what you need. If the servlet might barf
    on the URL because of the localhost:8080 you could even use any
    imaginable URL like new URL("http://www.whatever.com/path/to/servlet/")
    and use the proxy option of URL#openConnection to get traffic through
    localhost:8080.

    Good luck,

    Silvio
    Silvio, Mar 27, 2013
    #8
  9. RVic

    RVic Guest

    Silvio, Thank you -- but I am a little confused by what you say. Right now, using JSCH I can connect with:

    JSch jsch = new JSch();
    Session session = jsch.getSession("me"/*user*/, "moonprod"/*serverURL*/);
    session.setPort(22);
    session.setPassword(password);
    session.connect();

    And the servlet I must reach is on Tomcat on the server on port 28080 which would be hit as http://moonprod:28080/servlets/myservlet
    What are you saying, below, that I should change? Thank you!



    <<If you setup a tunnel using JSCH (which requires adding an addition
    connection property string to the connection that specifies the server
    destination host:port and the local port on the client side then any
    communication going through localhost:port on the client will be
    tunnelled via SSH and reach the destination host:port on the server side.
    So assuming that there is an existing servlet on the server side that is
    listening for HTTP requests on port 80 on the same box you make the SSH
    connection to you server host:port would be localhost:80 and you could
    use any desired port on the client side, lets say 8080. After that you
    can use new URL("http://localhost:8080/path/to/the/servlet/") and do a
    normal post from the client. The tunnel will automagically make your
    request reach the servlet. >>
    RVic, Mar 27, 2013
    #9
  10. RVic

    RVic Guest

    lipsa, Yes I do not know what silvio means -- not even sure why I would need to port forward it? Thank you.
    RVic, Mar 27, 2013
    #10
  11. On 03/27/2013 09:34 AM, RVic wrote:
    > Thanks for all your responses. I'm finding out from the client that they have no exposed URLs that my servlet call can come in on, and they need to somehow provide that on their end.

    [ SNIP ]

    Errr, to me that means that someone set up the servlet engine (Tomcat or
    whatever) with HTTP/HTTPS ports that are blocked by a firewall. And they
    are simply saying that they need to open up those ports.

    I'd let the client do just that.

    AHS
    Arved Sandstrom, Mar 27, 2013
    #11
  12. RVic

    markspace Guest

    On 3/27/2013 4:11 PM, Arved Sandstrom wrote:
    > On 03/27/2013 09:34 AM, RVic wrote:
    >> Thanks for all your responses. I'm finding out from the client that
    >> they have no exposed URLs that my servlet call can come in on, and
    >> they need to somehow provide that on their end.

    > [ SNIP ]
    >
    > Errr, to me that means that someone set up the servlet engine (Tomcat or
    > whatever) with HTTP/HTTPS ports that are blocked by a firewall. And they
    > are simply saying that they need to open up those ports.
    >
    > I'd let the client do just that.



    Well, firewall or DMZ plus gateway, or whatever else they might be using
    to protect their systems from teh hax. But yes, the general idea is
    that the client should do something about it (and probably only the
    client can).
    markspace, Mar 28, 2013
    #12
  13. RVic

    Silvio Guest

    On 03/27/2013 09:26 PM, RVic wrote:
    > lipsa, Yes I do not know what silvio means -- not even sure why I would need to port forward it? Thank you.
    >


    Your replies arrive at strange places...

    What Lipska posted is right on the money. In JSCH it is called port
    forwarding because they do not know what they would be forwarding but
    since in your case you would effectively be forwarding HTTP through the
    SSH connection it becomes tunnelling.

    If you can access the servlet directly at
    http://moonprod:28080/servlets/myservlet (like you said in your other
    post that was also misplaced) then you would not need the SSH
    connection. However, if the servlet is not publicly accessible creating
    the tunnel is the only option.

    Thank you Lipska for clarifying my post. This stuff is everyday routine
    for me so I may have rushed through the explanation.

    Silvio
    Silvio, Mar 28, 2013
    #13
  14. RVic

    Silvio Guest

    On 03/28/2013 09:49 AM, lipska the kat wrote:
    > On 27/03/13 23:11, Arved Sandstrom wrote:
    >> On 03/27/2013 09:34 AM, RVic wrote:
    >>> Thanks for all your responses. I'm finding out from the client that
    >>> they have no exposed URLs that my servlet call can come in on, and
    >>> they need to somehow provide that on their end.

    >> [ SNIP ]
    >>
    >> Errr, to me that means that someone set up the servlet engine (Tomcat or
    >> whatever) with HTTP/HTTPS ports that are blocked by a firewall. And they
    >> are simply saying that they need to open up those ports.
    >>
    >> I'd let the client do just that.

    >
    > The OP has already said that due to 'academic bureaucracy that is not an
    > option although I agree it's the ideal solution.
    >
    > I thought the port forwarding solution was quite neat although I haven't
    > tried it so I don't know if it would actually work.
    >
    > lipska
    >



    Hello Lipska,

    Yes, it works. And to boot it performs quite well.

    I run a load-balancing clustered (custom scripting) system off a small
    but constantly varying VPS park. The system communicates with lots of
    external servers that only accept SSH from one specific IP address I
    own. Behind the firewalls they have stuff like SQL-Server instances,
    FTP/HTTP servers etc. running that I need to access.

    Setting up a VPN would be an option but due to the volatile nature of my
    server park this is very inconvenient. Using SSH to tunnel through my
    steady factor IP works just as well and is just as safe.

    You gotta love SSH. (And thank god for SSHFS).

    Silvio
    Silvio, Mar 28, 2013
    #14
  15. On 03/28/2013 05:49 AM, lipska the kat wrote:
    > On 27/03/13 23:11, Arved Sandstrom wrote:
    >> On 03/27/2013 09:34 AM, RVic wrote:
    >>> Thanks for all your responses. I'm finding out from the client that
    >>> they have no exposed URLs that my servlet call can come in on, and
    >>> they need to somehow provide that on their end.

    >> [ SNIP ]
    >>
    >> Errr, to me that means that someone set up the servlet engine (Tomcat or
    >> whatever) with HTTP/HTTPS ports that are blocked by a firewall. And they
    >> are simply saying that they need to open up those ports.
    >>
    >> I'd let the client do just that.

    >
    > The OP has already said that due to 'academic bureaucracy that is not an
    > option although I agree it's the ideal solution.


    He also used the term "client". If that's actually the relationship, to
    me that changes the entire equation here. The OP is clearly talking to
    these folks, based on his wording above, so it does sound like there is
    a work relationship.

    Given that, the client opening up a port or two in a firewall is
    absolutely an option. What's totally an option is for him to get
    educated a bit more on networking, and talk a bit more to the client,
    before tackling an unfamiliar (to him) technique that may be no
    timesaver at all.

    > I thought the port forwarding solution was quite neat although I haven't
    > tried it so I don't know if it would actually work.
    >
    > lipska
    >

    It would work, in all its various permutations (forward ports for a
    single request, open a tunnel for lengthier work etc etc). I do this
    often for things like exposing a DB on a protected box so that a client
    program on a different box sees it as being on localhost maybe with a
    different port.

    AHS
    Arved Sandstrom, Mar 28, 2013
    #15
  16. RVic

    RVic Guest

    The client is a University, and they are not too responsive or cooperative,more just "We don't know what you are talking about make it work we won't help you."

    So after two days of waiting for them to open it to me, I decided there must be an alternative way.

    Now, they have decided to migrate the server, so U have no way of testing it until they let me know the new one is up. So as soon as I can, I will test the port forwarding using Jsch here. I already know the servlet and clentwork flawlessly (they use basic authentication and encrypt the post parameters -- there would be very little problem even if they exposed it to the outside world) as I have run them communicating together on my local -- so if there is a problem when I run it then it is because i have the tunnel setup incorrectly.

    Thank you guys for your elp -- I will report back here hopedfully within the next 24 hours. RVic
    RVic, Mar 28, 2013
    #16
  17. On 03/28/2013 06:54 AM, lipska the kat wrote:
    > On 28/03/13 09:19, Arved Sandstrom wrote:
    >> On 03/28/2013 05:49 AM, lipska the kat wrote:
    >>> On 27/03/13 23:11, Arved Sandstrom wrote:
    >>>> On 03/27/2013 09:34 AM, RVic wrote:
    >>>>> Thanks for all your responses. I'm finding out from the client that
    >>>>> they have no exposed URLs that my servlet call can come in on, and
    >>>>> they need to somehow provide that on their end.
    >>>> [ SNIP ]
    >>>>
    >>>> Errr, to me that means that someone set up the servlet engine
    >>>> (Tomcat or
    >>>> whatever) with HTTP/HTTPS ports that are blocked by a firewall. And
    >>>> they
    >>>> are simply saying that they need to open up those ports.
    >>>>
    >>>> I'd let the client do just that.
    >>>
    >>> The OP has already said that due to 'academic bureaucracy that is not an
    >>> option although I agree it's the ideal solution.

    >>
    >> He also used the term "client". If that's actually the relationship, to
    >> me that changes the entire equation here. The OP is clearly talking to
    >> these folks, based on his wording above, so it does sound like there is
    >> a work relationship.
    >>
    >> Given that, the client opening up a port or two in a firewall is
    >> absolutely an option.

    >
    > Well possibly, I remember trying to get root access to a Solaris box
    > back in the day when I was a drunken bum, er I mean student, it was
    > something akin to asking for access to the deans personal bank account.
    > There were meetings and meetings and meetings to plan meetings ... it
    > took three weeks just to get the cave dwelling troglodyte who managed
    > these things to set up a single Solaris box, and I was writing software
    > *for* the University.
    >
    > As I see it, if the target server has ssh up and the developer can use
    > ssh to implement a solution then that means he can do so without waiting
    > an eternity for some doofus to open up a port then that sounds like a
    > solution to me, in fact, it's such a neat solution that I'm tempted to
    > get a tunnel set up to one of my remote servers and give it a go.
    >
    > Incidentally, Zenmap reports three open ports on moonprod.com one of
    > which may be an httpd on 80 so it looks like they have it fairly tightly
    > locked down.
    >
    > lipska
    >
    > Lipska the Kat©: Troll hunter, sandbox destroyer
    > and farscape dreamer of Aeryn Sun


    I think everyone's been in situations where infrastructure requests are
    handled glacially, or are rejected, or are modified.

    I'm thinking I (we) don't know enough about what's going on here. We
    know next to nothing about the client's network setup; we have no idea
    who exactly the OP talked to (a networking type, or a barely technical
    customer?).

    Like I said, I use exactly this SSH approach now, and have used it in
    the past. I can tell you this, I've never used it for a webserver. That
    is unusual enough that to me it signals lack of information that the OP
    would do well to acquire.

    AHS
    Arved Sandstrom, Mar 28, 2013
    #17
  18. RVic

    RVic Guest

    Gentlemen,

    It works, I'm able to hit the server now (though my servlet returns a 500 error, and I need to look in the tomcat logs to figure out why that might be) at least I am able to connect. Thanks for all your help on this. RVic.
    RVic, Apr 2, 2013
    #18
  19. RVic

    Silvio Guest

    On 04/02/2013 04:07 PM, RVic wrote:
    > Gentlemen,
    >
    > It works, I'm able to hit the server now (though my servlet returns a 500 error, and I need to look in the tomcat logs to figure out why that might be) at least I am able to connect. Thanks for all your help on this. RVic.
    >


    Good for you. And glad to hear we could be of service.

    Cheers.
    Silvio, Apr 2, 2013
    #19
  20. RVic

    Joerg Meier Guest

    On Wed, 03 Apr 2013 10:39:58 +0100, lipska the kat wrote:

    > On 02/04/13 15:07, RVic wrote:
    >> Gentlemen,


    >> It works, I'm able to hit the server now (though my servlet returns a 500 error, and I need to look in the tomcat logs to figure out why that might be) at least I am able to connect. Thanks for all your help on this. RVic.

    > Never give up, never surrender


    By Grabthar's Hammer, you shall be avenged!

    Liebe Gruesse,
    Joerg

    --
    Ich lese meine Emails nicht, replies to Email bleiben also leider
    ungelesen.
    Joerg Meier, Apr 3, 2013
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,436
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    554
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    434
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    957
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    546
    Sudsy
    Sep 4, 2004
Loading...

Share This Page