Author: markt
Date: Tue Feb 2 13:25:42 2010
New Revision: 905625
URL: http://svn.apache.org/viewvc?rev=905625&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48647
RemoteIpFilter : request.secure and request.scheme are not forced to "false"
and "http" if X-Forwarded-Proto=http
Patch provided by Cyrille Le Clerc
Modified:
tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
tomcat/trunk/webapps/docs/config/filter.xml
Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=905625&r1=905624&r2=905625&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Tue Feb
2 13:25:42 2010
@@ -138,6 +138,19 @@
* <td><code>https</code></td>
* </tr>
* <tr>
+ * <td>httpServerPort</td>
+ * <td>Value returned by {...@link ServletRequest#getServerPort()} when the
<code>protocolHeader</code> indicates <code>http</code> protocol</td>
+ * <td>N/A</td>
+ * <td>integer</td>
+ * <td>80</td>
+ * </tr>
+ * <tr>
+ * <td>httpsServerPort</td>
+ * <td>Value returned by {...@link ServletRequest#getServerPort()} when the
<code>protocolHeader</code> indicates <code>https</code> protocol</td>
+ * <td>N/A</td>
+ * <td>integer</td>
+ * <td>443</td>
+ * </tr>
* </table>
* </p>
* <p>
@@ -575,6 +588,8 @@
*/
private static final Pattern commaSeparatedValuesPattern =
Pattern.compile("\\s*,\\s*");
+ protected static final String HTTP_SERVER_PORT_PARAMETER =
"httpServerPort";
+
protected static final String HTTPS_SERVER_PORT_PARAMETER =
"httpsServerPort";
protected static final String INTERNAL_PROXIES_PARAMETER =
"internalProxies";
@@ -655,10 +670,15 @@
}
/**
+ * @see #setHttpServerPort(int)
+ */
+ private int httpServerPort = 80;
+
+ /**
* @see #setHttpsServerPort(int)
*/
private int httpsServerPort = 443;
-
+
/**
* @see #setInternalProxies(String)
*/
@@ -744,10 +764,16 @@
if (protocolHeader != null) {
String protocolHeaderValue = request.getHeader(protocolHeader);
- if (protocolHeaderValue != null &&
protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue)) {
+ if (protocolHeaderValue == null) {
+ // don't modify the secure,scheme and serverPort
attributes of the request
+ } else if
(protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue)) {
xRequest.setSecure(true);
xRequest.setScheme("https");
xRequest.setServerPort(httpsServerPort);
+ } else {
+ xRequest.setSecure(false);
+ xRequest.setScheme("http");
+ xRequest.setServerPort(httpServerPort);
}
}
@@ -832,17 +858,38 @@
setTrustedProxies(filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER));
}
+ if (filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER) != null)
{
+ try {
+
setHttpServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER)));
+ } catch (NumberFormatException e) {
+ throw new NumberFormatException("Illegal " +
HTTP_SERVER_PORT_PARAMETER + " : " + e.getMessage());
+ }
+ }
+
if (filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER) !=
null) {
try {
setHttpsServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER)));
} catch (NumberFormatException e) {
- throw new NumberFormatException("Illegal serverPort : " +
e.getMessage());
+ throw new NumberFormatException("Illegal " +
HTTPS_SERVER_PORT_PARAMETER + " : " + e.getMessage());
}
}
}
/**
* <p>
+ * Server Port value if the {...@link #protocolHeader} indicates HTTP
(i.e. {...@link #protocolHeader} is not null and
+ * has a value different of {...@link #protocolHeaderHttpsValue}).
+ * </p>
+ * <p>
+ * Default value : 80
+ * </p>
+ */
+ public void setHttpServerPort(int httpServerPort) {
+ this.httpServerPort = httpServerPort;
+ }
+
+ /**
+ * <p>
* Server Port value if the {...@link #protocolHeader} indicates HTTPS
* </p>
* <p>
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=905625&r1=905624&r2=905625&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Tue Feb 2 13:25:42 2010
@@ -205,8 +205,9 @@
via a request headers (e.g. "X-Forwarded-For").</p>
<p>Another feature of this filter is to replace the apparent scheme
- (http/https) and server port with the scheme presented by a proxy or a load
- balancer via a request header (e.g. "X-Forwarded-Proto").</p>
+ (http/https), server port and <code>request.secure</code> with the scheme
presented
+ by a proxy or a load balancer via a request header
+ (e.g. "X-Forwarded-Proto").</p>
<p>If used in conjunction with Remote Address/Host filters then this filter
should be defined first to ensure that the correct client IP address is
@@ -272,6 +273,20 @@
used.</p>
</attribute>
+ <attribute name="httpServerPort" required="false">
+ <p>Value returned by <code>ServletRequest.getServerPort()</code>
+ when the <strong>protocolHeader</strong> indicates <code>http</code>
+ protocol. If not specified, the default of <code>80</code> is
+ used.</p>
+ </attribute>
+
+ <attribute name="httpsServerPort" required="false">
+ <p>Value returned by <code>ServletRequest.getServerPort()</code>
+ when the <strong>protocolHeader</strong> indicates <code>https</code>
+ protocol. If not specified, the default of <code>443</code> is
+ used.</p>
+ </attribute>
+
</attributes>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
