Task #5422
closed
develop a proxy service to be used for access http external pages from the portal domain
100%
Description
This service should provide a general solution for rendering within the portal external pages that uses the HTTP protocol. At the moment it is forbidden because the portal in HTTPS and a warning is raised (mixed content) in the browser if an HTTP page is requested.
Related issues
Updated by Pasquale Pagano over 8 years ago
- Priority changed from Normal to High
Updated by Francesco Mangiacrapa over 8 years ago
- Parent task deleted (
#5214)
I'm moving this ticket as related to #5338 instead of subtask.
Updated by Ciro Formisano over 8 years ago
- Blocked by Task #6710: virtual machine with apache 2.4.8 (or higher) added
Updated by Ciro Formisano over 8 years ago
- Assignee changed from Gabriele Giammatteo to Ciro Formisano
- % Done changed from 0 to 10
Apache based solution tested internally by ENG: waiting that the infrastructure will be ready to test in dev or test environment (see related tickets)
Updated by Ciro Formisano over 8 years ago
- Status changed from New to In Progress
After a discussion with @francesco.mangiacrapa@isti.cnr.it it has been agreed to use a solution different than apache. The solution should support BlueBRIDGE security model.
Updated by Ciro Formisano over 8 years ago
- % Done changed from 10 to 30
I have produced a portlet-based prototype that works on the sample cases that @francesco.mangiacrapa@isti.cnr.it pointed.
@francesco.mangiacrapa@isti.cnr.it, which section in project svn could I use to commit the code?
Second question: could we schedule some simple test before integrating the portlet with the security?
Updated by Francesco Mangiacrapa over 8 years ago
Ciro Formisano wrote:
I have produced a portlet-based prototype that works on the sample cases that @francesco.mangiacrapa@isti.cnr.it pointed.
@francesco.mangiacrapa@isti.cnr.it, which section in project svn could I use to commit the code?
Ciro, I just created http://svn.d4science-ii.research-infrastructures.eu/gcube/trunk/data-access/gcube-http-proxy where you can commit your code.
A best practice on "How to develop a gcube component": can You call your package project "org.gcube.data-access./gcube-http-proxy"? It should be identical to svn path and Etics component.
Again.. I will explain you via skype and/or email how to release your component using our procedures for releasing on Etics.
Second question: could we schedule some simple test before integrating the portlet with the security?
Sure. If it is a "portlet" You can deploy it on dev environment (i.e. a page of https://dev4.d4science.org/group/nextnext/home, I can deploy it for you). Under that path It is need the portal login to access to the portlet.
Updated by Ciro Formisano over 8 years ago
- % Done changed from 30 to 60
Servlet deployed on the test environment defined on https://portlet-proxy-d-d4s.d4science.org.
We made two tests on the testbed defined on https://dev4.d4science.org/group/nextnext/test-proxy and directly on the browser:
we used the endpoints: www.repubblica.it and http://geoserver-dev.d4science-ii.research-infrastructures.eu/geoserver/wms/wfs
Both the tests were successful.
After that the servlet was deployed for security reasons.
The next step will be to add the token based security.
Updated by Ciro Formisano over 8 years ago
- % Done changed from 60 to 80
First version of the servlet released with gCube 4.3.0
Updated by Ciro Formisano over 8 years ago
Dear @francesco.mangiacrapa@isti.cnr.it, at the TCOM we agreed to consider lists of accessible domains (not full endpoints), that could be downloaded from the IS. Before defining IS accessing criteria, may I have an example of that kind of URL to complete the filter and perform some tests, please?
Updated by Ciro Formisano about 8 years ago
- Status changed from In Progress to Feedback
- % Done changed from 80 to 100
The proxy service is available, up and running. It gets a list of allowed domains from the Information System in the following structure:
GenericResource
Name: ProxiedDomains
SecondaryType: SecureProxyDomains
<Body>
<Domains>
<domain>url</domain>
</Domains>
...
</Body>
The url is a domain, this means that if url is allower, also url/localdomain is allowed
Currently this GenericResource is available only in the scope /gcube/devNext/NextNext.
The testbed is available under https://portlet-proxy-d-d4s.d4science.org/httpproxy/proxy/ and it works by appending the url (with or without http): e.g.
https://portlet-proxy-d-d4s.d4science.org/httpproxy/proxy/www.repubblica.it
goes to http://www.repubblica.it if and only if the domain is contained in the list
It asks for the token.
I am also going to add the proxy to the current release (proxy version 2.0.0, since the previous one did not contain the domain filter)
Updated by Ciro Formisano about 8 years ago
- Status changed from Feedback to Closed
The proxy is up and running and works for not dinamic content
Updated by Massimiliano Assante about 8 years ago
- Target version deleted (
gCube related support)
