Author: markt
Date: Mon Apr 27 20:26:55 2015
New Revision: 1676369
URL: http://svn.apache.org/r1676369
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57856
Ensure that any scheme/port changes implemented by the RemoteIpFilter also
affect HttpServletResponse.sendRedirect()
Modified:
tomcat/tc8.0.x/trunk/ (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Apr 27 20:26:55 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1
666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,1655558,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657
907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1
666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties?rev=1676369&r1=1676368&r2=1676369&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
Mon Apr 27 20:26:55 2015
@@ -40,3 +40,4 @@ expiresFilter.filterInitialized=Filter i
expiresFilter.expirationHeaderAlreadyDefined=Request "{0}" with response
status "{1}" content-type "{2}", expiration header already defined
expiresFilter.skippedStatusCode=Request "{0}" with response status "{1}"
content-type "{1}", skip expiration header generation for given status
+remoteIpFilter.invalidLocation=Failed to modify the rewrite location [{0}] to
use scheme [{1}] and port [{2}]
\ No newline at end of file
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1676369&r1=1676368&r2=1676369&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
(original)
+++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
Mon Apr 27 20:26:55 2015
@@ -17,6 +17,8 @@
package org.apache.catalina.filters;
import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Arrays;
@@ -40,11 +42,13 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.catalina.AccessLog;
import org.apache.catalina.Globals;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
/**
* <p>
@@ -617,6 +621,49 @@ public class RemoteIpFilter implements F
}
}
+ public static class XForwardedResponse extends HttpServletResponseWrapper {
+
+ private final String scheme;
+ private final int port;
+
+ public XForwardedResponse(HttpServletResponse response, String scheme,
int port) {
+ super(response);
+ this.scheme = scheme;
+ if ("http".equals(scheme) && port == 80 || "https".equals(scheme)
&& port == 443) {
+ this.port = -1;
+ } else {
+ this.port = port;
+ }
+ }
+
+ @Override
+ public void sendRedirect(String location) throws IOException {
+ /*
+ * This isn't particularly pretty but, given that:
+ * a) there is no setRequest() method on ServletResponse (even if
+ * there were the response could still access this information
+ * via some internal structure for speed); and
+ * b) that this is meant to work on any Servlet container;
+ * this was the cleanest way I could come up with for doing this.
+ */
+ super.sendRedirect(location);
+ String redirect = getHeader("location");
+ URI newRedirectURI;
+ try {
+ URI redirectURI = new URI(redirect);
+ newRedirectURI = new URI(scheme, redirectURI.getUserInfo(),
+ redirectURI.getHost(), port, redirectURI.getPath(),
+ redirectURI.getQuery(), redirectURI.getFragment());
+ } catch (URISyntaxException e) {
+ log.warn(sm.getString("remoteIpFilter.invalidLocation",
+ location, scheme, Integer.toString(port)));
+ return;
+ }
+ reset();
+ super.sendRedirect(newRedirectURI.toString());
+ }
+ }
+
/**
* {@link Pattern} for a comma delimited string that support whitespace
characters
*/
@@ -632,6 +679,7 @@ public class RemoteIpFilter implements F
* Logger
*/
private static final Log log = LogFactory.getLog(RemoteIpFilter.class);
+ private static final StringManager sm =
StringManager.getManager(Constants.Package);
protected static final String PROTOCOL_HEADER_PARAMETER = "protocolHeader";
@@ -810,6 +858,14 @@ public class RemoteIpFilter implements F
}
}
+ HttpServletResponse xResponse;
+ if (xRequest.getScheme() != request.getScheme() ||
+ xRequest.getServerPort() != request.getServerPort()) {
+ xResponse = new XForwardedResponse(response,
xRequest.getScheme(), xRequest.getServerPort());
+ } else {
+ xResponse = response;
+ }
+
if (log.isDebugEnabled()) {
log.debug("Incoming request " + request.getRequestURI() + "
with originalRemoteAddr '" + request.getRemoteAddr()
+ "', originalRemoteHost='" + request.getRemoteHost()
+ "', originalSecure='" + request.isSecure()
@@ -832,7 +888,7 @@ public class RemoteIpFilter implements F
request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE,
Integer.valueOf(xRequest.getServerPort()));
}
- chain.doFilter(xRequest, response);
+ chain.doFilter(xRequest, xResponse);
} else {
if (log.isDebugEnabled()) {
log.debug("Skip RemoteIpFilter for request " +
request.getRequestURI() + " with originalRemoteAddr '"
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java?rev=1676369&r1=1676368&r2=1676369&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
(original)
+++ tomcat/tc8.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
Mon Apr 27 20:26:55 2015
@@ -60,4 +60,12 @@ public class TesterResponse extends Resp
// There is no buffer created for this test object since no test
depends
// on one being present or on this method suspending it.
}
+
+ @Override
+ public void reset() {
+ // Minimal implementation for tests that avoids using OutputBuffer
+ if (super.getCoyoteResponse() != null) {
+ super.getCoyoteResponse().reset();
+ }
+ }
}
Modified:
tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java?rev=1676369&r1=1676368&r2=1676369&view=diff
==============================================================================
---
tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java
(original)
+++
tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRemoteIpFilter.java
Mon Apr 27 20:26:55 2015
@@ -49,7 +49,8 @@ import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
+import org.apache.catalina.connector.TesterResponse;
+import org.apache.catalina.core.TesterContext;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.descriptor.web.FilterDef;
@@ -59,19 +60,25 @@ public class TestRemoteIpFilter extends
/**
* Mock {@link FilterChain} to keep a handle on the passed
- * {@link ServletRequest}.
+ * {@link ServletRequest} and (@link ServletResponse}.
*/
public static class MockFilterChain implements FilterChain {
private HttpServletRequest request;
+ private HttpServletResponse response;
@Override
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
this.request = (HttpServletRequest) request;
+ this.response = (HttpServletResponse) response;
}
public HttpServletRequest getRequest() {
return request;
}
+
+ public HttpServletResponse getResponse() {
+ return response;
+ }
}
public static class MockHttpServlet extends HttpServlet {
@@ -134,6 +141,20 @@ public class TestRemoteIpFilter extends
public Object getAttribute(String name) {
return getCoyoteRequest().getAttributes().get(name);
}
+
+ @Override
+ public String getServerName() {
+ return "localhost";
+ }
+
+ @Override
+ public Context getContext() {
+ // Lazt init
+ if (super.getContext() == null) {
+ getMappingData().context = new TesterContext();
+ }
+ return super.getContext();
+ }
}
public static final String TEMP_DIR = System.getProperty("java.io.tmpdir");
@@ -184,7 +205,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-proto", "http");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
boolean actualSecure = actualRequest.isSecure();
@@ -217,7 +238,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-proto", "http");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
boolean actualSecure = actualRequest.isSecure();
@@ -248,7 +269,7 @@ public class TestRemoteIpFilter extends
request.setRemoteHost("remote-host-original-value");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor = request.getHeader("x-forwarded-for");
@@ -262,7 +283,6 @@ public class TestRemoteIpFilter extends
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "remote-host-original-value",
actualRemoteHost);
-
}
@Test
@@ -281,7 +301,7 @@ public class TestRemoteIpFilter extends
request.addHeader("x-forwarded-for", "140.211.11.130, 192.168.0.10,
192.168.0.11");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -316,7 +336,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -350,7 +370,7 @@ public class TestRemoteIpFilter extends
request.addHeader("x-forwarded-for", "proxy2");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -383,7 +403,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2,
192.168.0.10, 192.168.0.11");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -415,7 +435,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -447,7 +467,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1,
untrusted-proxy, proxy2");
// TEST
- HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
String actualXForwardedFor =
actualRequest.getHeader("x-forwarded-for");
@@ -483,8 +503,8 @@ public class TestRemoteIpFilter extends
}
}
- private HttpServletRequest testRemoteIpFilter(FilterDef filterDef, Request
request) throws LifecycleException, IOException,
- ServletException {
+ private MockFilterChain testRemoteIpFilter(FilterDef filterDef, Request
request)
+ throws LifecycleException, IOException, ServletException {
Tomcat tomcat = getTomcatInstance();
Context root = tomcat.addContext("", TEMP_DIR);
@@ -504,8 +524,10 @@ public class TestRemoteIpFilter extends
MockFilterChain filterChain = new MockFilterChain();
// TEST
- remoteIpFilter.doFilter(request, new Response(), filterChain);
- return filterChain.getRequest();
+ TesterResponse response = new TesterResponse();
+ response.setRequest(request);
+ remoteIpFilter.doFilter(request, response, filterChain);
+ return filterChain;
}
@Test
@@ -522,8 +544,7 @@ public class TestRemoteIpFilter extends
request.setHeader("x-forwarded-proto", "http");
// TEST
- HttpServletRequest actualRequest =
- testRemoteIpFilter(filterDef, request);
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef,
request).getRequest();
// VERIFY
Assert.assertEquals("org.apache.catalina.AccessLog.ServerPort",
@@ -581,7 +602,6 @@ public class TestRemoteIpFilter extends
httpURLConnection.addRequestProperty("x-forwarded-proto", "https");
// VALIDATE
-
Assert.assertEquals(HttpURLConnection.HTTP_OK,
httpURLConnection.getResponseCode());
HttpServletRequest request = mockServlet.getRequest();
Assert.assertNotNull(request);
@@ -594,6 +614,98 @@ public class TestRemoteIpFilter extends
Assert.assertTrue(request.isSecure());
Assert.assertEquals("https", request.getScheme());
Assert.assertEquals(443, request.getServerPort());
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto01() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, false, 8080, 8080);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto02() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, true, 8080, 8080);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto03() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(true, false, 8080, 8080);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto04() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(true, true, 8080, 8080);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto05() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, false, 8080, 80);
+ }
+
+ @Test
+ public void testSendRedirectWithXForwardedProto06() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, false, 80, 8080);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto07() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, true, 8443, 443);
+ }
+
+
+ @Test
+ public void testSendRedirectWithXForwardedProto08() throws Exception {
+ doTestSendRedirectWithXForwardedProtol(false, true, 443, 8443);
+ }
+
+
+ private void doTestSendRedirectWithXForwardedProtol(boolean
incomingIsHttps,
+ boolean headerIsHttps, int incomingPort, int headerPort) throws
Exception {
+
+ // PREPARE
+ FilterDef filterDef = new FilterDef();
+ filterDef.addInitParameter("protocolHeader", "x-forwarded-proto");
+ filterDef.addInitParameter("remoteIpHeader", "x-my-forwarded-for");
+ if (headerIsHttps) {
+ filterDef.addInitParameter("httpsServerPort",
Integer.toString(headerPort));
+ } else {
+ filterDef.addInitParameter("httpServerPort",
Integer.toString(headerPort));
+ }
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRemoteAddr("192.168.0.10");
+ request.setServerPort(incomingPort);
+ request.setSecure(true);
+ if (incomingIsHttps) {
+ request.setScheme("https");
+ } else {
+ request.setScheme("http");
+ }
+ request.setHeader("x-my-forwarded-for", "140.211.11.130");
+ if (headerIsHttps) {
+ request.setHeader("x-forwarded-proto", "https");
+ } else {
+ request.setHeader("x-forwarded-proto", "http");
+ }
+
+ // TEST
+ HttpServletResponse actualResponse = testRemoteIpFilter(filterDef,
request).getResponse();
+ actualResponse.sendRedirect("/");
+ String location = actualResponse.getHeader("Location");
+
+ // VERIFY
+ Assert.assertEquals(location,
+ Boolean.valueOf(location.startsWith("https")),
Boolean.valueOf(headerIsHttps));
+ if (headerPort == 80 && !headerIsHttps || headerPort == 443 &&
headerIsHttps) {
+ Assert.assertTrue(location, location.contains("://localhost/"));
+ } else {
+ Assert.assertTrue(location, location.contains("://localhost:" +
headerPort + "/"));
+ }
}
}
Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1676369&r1=1676368&r2=1676369&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Mon Apr 27 20:26:55 2015
@@ -101,6 +101,11 @@
<bug>57841</bug>: Improve error logging during web application start.
(markt)
</fix>
+ <fix>
+ <bug>57856</bug>: Ensure that any scheme/port changes implemented by
the
+ <code>RemoteIpFilter</code> also affect
+ <code>HttpServletResponse.sendRedirect()</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
