Gliffy | ||||
---|---|---|---|---|
|
Jasig would like to rewrite the existing web proxy portlet as modern, Spring-based portlet project. This portlet could furthermore also serve as a more general content transformation portlet, replacing the historical XSLT channel.
...
- SpringMVC
- HttpClient4 for requesting remote content
- OWASP AntiSamy for validating remote content
- NekoHTML for parsing HTML into processable SAX events
- Jackson for JSON deserialization
- Standard JDK classes for XSLT transformation
- Look into http://jsoup.org/ as a replacement for NekoHTML, it would also handle clipping and manipulation
Features
- Delegated authentication, including formPluggable authentication
- Form-based credential replay
- Proxy-CAS
- Delegated SAML
- Certificate?
- Proxying of embedded web resources, including CSS, JS, and images
- HTML Clipping, preferably using a jQuery like syntax
- Support regex-y whitelist of URLs to be proxied
- Actual All re-written URLs should be tracked in session to prevent exploiting poorly written whitelists and turning them this into an open proxy vulnerabilities
- Ability to load source content from the filesystem in addition to requesting remote web content
- Mechanism for adding user attributes / other interesting dynamic parameters to initial URLOptionally cache content and persist cookies in a database
- Play nice with the portlet 2.0 caching controls
- Persist the HttpClient state data (cookies) on a per user per instance basis
- Ability to add HTTP headers which could contain user attributes
- Ability to re-write proxied CSS to scope the included CSS to just the proxied content
Gliffy | ||||
---|---|---|---|---|
|