Author: markt
Date: Sun Feb 6 19:08:13 2011
New Revision: 1067732
URL: http://svn.apache.org/viewvc?rev=1067732&view=rev
Log:
Tweak defaults. Document.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1067732&r1=1067731&r2=1067732&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Sun Feb
6 19:08:13 2011
@@ -41,6 +41,7 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.AccessLog;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -698,6 +699,11 @@ public class RemoteIpFilter implements F
private String remoteIpHeader = "X-Forwarded-For";
/**
+ * @see #setRequestAttributesEnabled(boolean)
+ */
+ private boolean requestAttributesEnabled = true;
+
+ /**
* @see #setTrustedProxies(String)
*/
private Pattern trustedProxies = null;
@@ -792,6 +798,16 @@ public class RemoteIpFilter implements F
+ xRequest.getScheme() + "', newSecure='" +
xRequest.isSecure() + "', new[" + remoteIpHeader + "]='"
+ xRequest.getHeader(remoteIpHeader) + "', new[" +
proxiesHeader + "]='" + xRequest.getHeader(proxiesHeader) + "'");
}
+ if (requestAttributesEnabled) {
+ request.setAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE,
+ request.getRemoteAddr());
+ request.setAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE,
+ request.getRemoteHost());
+ request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE,
+ request.getProtocol());
+ request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE,
+ Integer.valueOf(request.getServerPort()));
+ }
chain.doFilter(xRequest, response);
} else {
if (log.isDebugEnabled()) {
@@ -839,6 +855,15 @@ public class RemoteIpFilter implements F
return remoteIpHeader;
}
+ /**
+ * @see #setRequestAttributesEnabled(boolean)
+ * @return <code>true</code> if the attributes will be logged, otherwise
+ * <code>false</code>
+ */
+ public boolean getRequestAttributesEnabled() {
+ return requestAttributesEnabled;
+ }
+
public Pattern getTrustedProxies() {
return trustedProxies;
}
@@ -988,6 +1013,28 @@ public class RemoteIpFilter implements F
}
/**
+ * Should this filter set request attributes for IP address, Hostname,
+ * protocol and port used for the request? This are typically used in
+ * conjunction with an {@link AccessLog} which will otherwise log the
+ * original values. Default is <code>true</code>.
+ *
+ * The attributes set are:
+ * <ul>
+ * <li>org.apache.catalina.RemoteAddr</li>
+ * <li>org.apache.catalina.RemoteHost</li>
+ * <li>org.apache.catalina.Protocol</li>
+ * <li>org.apache.catalina.ServerPost</li>
+ * </ul>
+ *
+ * @param requestAttributesEnabled <code>true</code> causes the attributes
+ * to be set, <code>false</code> disables
+ * the setting of the attributes.
+ */
+ public void setRequestAttributesEnabled(boolean requestAttributesEnabled) {
+ this.requestAttributesEnabled = requestAttributesEnabled;
+ }
+
+ /**
* <p>
* Regular expression defining proxies that are trusted when they appear in
* the {@link #remoteIpHeader} header.
Modified: tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?rev=1067732&r1=1067731&r2=1067732&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java Sun Feb 6
19:08:13 2011
@@ -296,7 +296,7 @@ public class AccessLogValve extends Valv
/**
* @see #setRequestAttributesEnabled(boolean)
*/
- protected boolean requestAttributesEnabled = true;
+ protected boolean requestAttributesEnabled = false;
// ------------------------------------------------------------- Properties
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1067732&r1=1067731&r2=1067732&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Sun Feb 6
19:08:13 2011
@@ -752,7 +752,7 @@ public class RemoteIpValve extends Valve
/**
* Should this valve set request attributes for IP address, Hostname,
* protocol and port used for the request? This are typically used in
- * conjunction with the {@link AccessLogValve} which will otherwise log the
+ * conjunction with the {@link AccessLog} which will otherwise log the
* original values. Default is <code>true</code>.
*
* The attributes set are:
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1067732&r1=1067731&r2=1067732&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Feb 6 19:08:13 2011
@@ -55,6 +55,11 @@
When running under a security manager, user requests may fail with a
security exception. (markt)
</fix>
+ <add>
+ Enhance the RemoteIpFilter and RemoteIpValve so that the modified
remote
+ address, remote host, protocol and server port may be used in an access
+ log if desired. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1067732&r1=1067731&r2=1067732&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Sun Feb 6 19:08:13 2011
@@ -119,6 +119,16 @@
use a zero-length string.</p>
</attribute>
+ <attribute name="requestAttributesEnabled" required="false">
+ <p>Set to <code>true</code> to check for the existance of request
+ attributes (typically set by the RemoteIpValve and similar) that should
+ be used to override the values returned by the request for remote
+ address, remote host, server port and protocol. If the attributes are
+ not set, or this attribute is set to <code>false</code> then the
values
+ from the request will be used. If not set, the default value of
+ <code>false</code> will be used.</p>
+ </attribute>
+
<attribute name="resolveHosts" required="false">
<p>Set to <code>true</code> to convert the IP address of the remote
host into the corresponding host name via a DNS lookup. Set to
@@ -820,6 +830,15 @@
<code>x-forwarded-by</code> is used.</p>
</attribute>
+ <attribute name="requestAttributesEnabled" required="false">
+ <p>Set to <code>true</code> to set the request attributes used by
+ AccessLog implementations to override the values returned by the
+ request for remote address, remote host, server port and protocol. If
+ the attributes are not set, or this attribute is set to
+ <code>false</code> then the values from the request will be used. If
not
+ set, the default value of <code>true</code> will be used.</p>
+ </attribute>
+
<attribute name="trustedProxies" required="false">
<p>Regular expression (using <code>java.util.regex</code>) that a
proxy's IP address must match to be considered an trusted proxy.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
