cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5937] Updating AbstractHttpServlet to optionally support X-Forwarded headers
Date Mon, 11 Aug 2014 12:59:44 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes c97f1daa1 -> 00db94d84


[CXF-5937] Updating AbstractHttpServlet to optionally support X-Forwarded headers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/00db94d8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/00db94d8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/00db94d8

Branch: refs/heads/3.0.x-fixes
Commit: 00db94d8498794c7848110d24958fabd7ef56edf
Parents: c97f1da
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Aug 11 13:58:22 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Aug 11 13:59:25 2014 +0100

----------------------------------------------------------------------
 .../http/osgi/HTTPTransportActivator.java       |  2 +
 .../transport/servlet/AbstractHTTPServlet.java  | 74 ++++++++++++++++++--
 2 files changed, 70 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/00db94d8/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
index 375046d..82087bc 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
@@ -138,6 +138,8 @@ public class HTTPTransportActivator
                        getProp(properties, "org.apache.cxf.servlet.service-list-page-authenticate",
"false"));
             sprops.put("service-list-page-authenticate-realm", 
                        getProp(properties, "org.apache.cxf.servlet.service-list-page-authenticate-realm",
"karaf"));
+            sprops.put("use-x-forwarded-headers", 
+                       getProp(properties, "org.apache.cxf.servlet.use-x-forwarded-headers",
"false"));
             context.registerService(Servlet.class.getName(), servlet, sprops);
         }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/00db94d8/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
index fa10aae..c257618 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
@@ -76,6 +76,9 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
     private static final String REDIRECT_SERVLET_PATH_PARAMETER = "redirect-servlet-path";
     private static final String REDIRECT_ATTRIBUTES_PARAMETER = "redirect-attributes";
     private static final String REDIRECT_QUERY_CHECK_PARAMETER = "redirect-query-check";
+    private static final String USE_X_FORWARDED_HEADERS_PARAMETER = "use-x-forwarded-headers";
+    private static final String X_FORWARDED_PROTO_HEADER = "X-Forwarded-Proto";
+    private static final String X_FORWARDED_FOR_HEADER = "X-Forwarded-For";
     
     private static final Map<String, String> DEFAULT_STATIC_CONTENT_TYPES;
     
@@ -98,19 +101,19 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
     private Map<String, String> staticContentTypes = 
         new HashMap<String, String>(DEFAULT_STATIC_CONTENT_TYPES);
     private boolean redirectQueryCheck;
+    private boolean useXForwardedHeaders; 
     
     public void init(ServletConfig servletConfig) throws ServletException {
         super.init(servletConfig);
 
         staticResourcesList = parseListSequence(servletConfig.getInitParameter(STATIC_RESOURCES_PARAMETER));
         staticWelcomeFile = servletConfig.getInitParameter(STATIC_WELCOME_FILE_PARAMETER);
-        
         redirectList = parseListSequence(servletConfig.getInitParameter(REDIRECTS_PARAMETER));
         redirectQueryCheck = Boolean.valueOf(servletConfig.getInitParameter(REDIRECT_QUERY_CHECK_PARAMETER));
         dispatcherServletName = servletConfig.getInitParameter(REDIRECT_SERVLET_NAME_PARAMETER);
         dispatcherServletPath = servletConfig.getInitParameter(REDIRECT_SERVLET_PATH_PARAMETER);
-        
         redirectAttributes = parseMapSequence(servletConfig.getInitParameter(REDIRECT_ATTRIBUTES_PARAMETER));
+        useXForwardedHeaders = Boolean.valueOf(servletConfig.getInitParameter(USE_X_FORWARDED_HEADERS_PARAMETER));
     }
     
     protected void finalizeServletInit(ServletConfig servletConfig) {
@@ -283,9 +286,24 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
                                staticWelcomeFileMatch ? staticWelcomeFile : request.getPathInfo());
             return;
         }
+        request = checkXForwardedHeaders(request);
         invoke(request, response);
     }
     
+    protected HttpServletRequest checkXForwardedHeaders(HttpServletRequest request) {
+        if (useXForwardedHeaders) {
+            String originalProto = request.getHeader(X_FORWARDED_PROTO_HEADER);
+            String originalIp = request.getHeader(X_FORWARDED_FOR_HEADER);
+            if (originalProto != null || originalIp != null) {
+                return new HttpServletRequestXForwardedFilter(request, originalProto, originalIp);

+            }
+        } 
+        
+        return request;
+        
+    }
+    
+    
     private boolean matchPath(List<Pattern> values, HttpServletRequest request) {
         String path = request.getPathInfo();
         if (path == null) {
@@ -357,8 +375,8 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
             for (Map.Entry<String, String> entry : redirectAttributes.entrySet()) {
                 request.setAttribute(entry.getKey(), entry.getValue());
             }
-            HttpServletRequestFilter servletRequest = 
-                new HttpServletRequestFilter(request, pathInfo, theServletPath, customServletPath);
+            HttpServletRequest servletRequest = 
+                new HttpServletRequestRedirectFilter(request, pathInfo, theServletPath, customServletPath);
             rd.forward(servletRequest, response);
         } catch (Throwable ex) {
             throw new ServletException("RequestDispatcher for path " + pathInfo + " has failed");
@@ -369,12 +387,12 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
     protected abstract void invoke(HttpServletRequest request, HttpServletResponse response)

         throws ServletException;
     
-    private static class HttpServletRequestFilter extends HttpServletRequestWrapper {
+    private static class HttpServletRequestRedirectFilter extends HttpServletRequestWrapper
{
         
         private String pathInfo;
         private String servletPath;
         
-        public HttpServletRequestFilter(HttpServletRequest request, 
+        public HttpServletRequestRedirectFilter(HttpServletRequest request, 
                                         String pathInfo,
                                         String servletPath,
                                         boolean customServletPath) {
@@ -413,5 +431,49 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements
Filter
             return super.getAttribute(name);
         }
     }
+    private static class HttpServletRequestXForwardedFilter extends HttpServletRequestWrapper
{
+        
+        private String originalProto;
+        private String originalClientIp;
+        
+        public HttpServletRequestXForwardedFilter(HttpServletRequest request, 
+                                                  String originalProto, 
+                                                  String originalIp) {
+            super(request);
+            this.originalProto = originalProto;
+            if (originalIp != null) {
+                originalClientIp = (originalIp.split(",")[0]).trim();
+            }
+        }
+        @Override
+        public boolean isSecure() {
+            if (originalProto != null) {
+                return "https".equals(originalProto);
+            } else {
+                return super.isSecure();
+            }
+        }
+        @Override
+        public StringBuffer getRequestURL() {
+            StringBuffer buf = super.getRequestURL();
+            if (originalProto != null && isSecure()) {
+                String str = buf.toString();
+                if (str.startsWith("http:")) {
+                    buf = new StringBuffer();
+                    buf.append("https").append(str.substring(4));
+                }
+            }
+            return buf;
+        }
+        @Override
+        public String getRemoteAddr() {
+            if (originalClientIp != null) {
+                return originalClientIp;
+            } else {
+                return super.getRemoteAddr();
+            }
+        }
+        
+    }
 
 }


Mime
View raw message