cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Luo (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7160) Can not configure CXF http-jetty transport to handle X-Fowarded-for headers with Jetty 9
Date Tue, 20 Dec 2016 21:28:58 GMT

    [ https://issues.apache.org/jira/browse/CXF-7160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15765290#comment-15765290
] 

Joe Luo commented on CXF-7160:
------------------------------

I have a workaround for this issue. We can create a custom Jetty Handler to deal with those
reverse proxy headers:
{code}
public class CustomJettyHttpHandler extends AbstractHandler {
    private static final String X_FORWARDED_PROTO_HEADER = "X-Forwarded-Proto";
    private static final String X_FORWARDED_FOR_HEADER = "X-Forwarded-For";

    public CustomJettyHttpHandler() {
    }

    public void handle(String target, Request baseRequest, HttpServletRequest request,
                       HttpServletResponse response) throws IOException, ServletException
{
        String originalProto = request.getHeader(X_FORWARDED_PROTO_HEADER);
        String originalIp = request.getHeader(X_FORWARDED_FOR_HEADER);

        if (originalIp != null)
        {
            ((Request)request).setRemoteAddr(InetSocketAddress.createUnresolved(
                                  (originalIp.split(",")[0]).trim(),
                                  request.getRemotePort()));
        }

        if (originalProto != null)
        {
            ((Request)request).setScheme(originalProto);
            if (originalProto.equals(HttpScheme.HTTPS.toString()))
                ((Request)request).setSecure(true);
        }
    }
}
{code}

Then add it to the http-jetty transport <connector> element:
{code}
<httpj:engine-factory bus="cxf">
    <httpj:engine port="9000">
        <httpj:handlers>
            <bean class="com.mycompany.samples.jetty.handlers.CustomJettyHttpHandler" />
        </httpj:handlers>
    </httpj:engine>
  </httpj:engine-factory>

<camelcxf:cxfEndpoint id="consumer"
                    address="http://localhost:9000/person"
                    wsdlURL="META-INF/wsdl/person.wsdl"
                    serviceClass="org.apache.servicemix.samples.wsdl_first.Person"
                    serviceName="person:PersonService"
                    endpointName="person:soap"
                    xmlns:person="http://servicemix.apache.org/samples/wsdl-first" />
...
{code}

It does pretty much the same as Jetty9's org.eclipse.jetty.server.ForwardedRequestCustomizer
in dealing with "X-Forwarded-Proto" and "X-Forwarded-For" headers. However, this is not a
proper solution but a workaround only. I agree with Sergey that we should find a proper solution
to have a better Jetty9 support. In my opinion, it'd be great if we could just take advantage
of Jetty9 features through simple configuration like adding org.eclipse.jetty.server.ForwardedRequestCustomizer
into Jetty server. 

> Can not configure CXF http-jetty transport to handle X-Fowarded-for headers with Jetty
9
> ----------------------------------------------------------------------------------------
>
>                 Key: CXF-7160
>                 URL: https://issues.apache.org/jira/browse/CXF-7160
>             Project: CXF
>          Issue Type: Bug
>          Components: Transports
>    Affects Versions: 3.1.5
>            Reporter: Joe Luo
>            Assignee: Freeman Fang
>
> With Jetty 8, we can configure CXF http-jetty transport to handle reverse proxy headers
by simply setting "forwarded" to "true" to Jetty8 NIO SelectChannelConnector:
> {code}
> <httpj:engine-factory bus="cxf">
>     <httpj:engine port="${crx.ws.port}">
> 	    <httpj:connector>
> 		    <bean id="connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
                   
> 			    <property name="port" value="${crx.ws.port}" />                    
> 				<property name="forwarded" value="true" />                
> 			</bean>            
> 		</httpj:connector>          
> 	</httpj:engine> 
> </httpj:engine-factory>
> {code}
> However, with Jetty 9, it is not possible to do so. Because in Jetty 9, the SelectChannelConnector
was replaced by more generic purpose ServerConnector. And we can't configure ServerConnector
since the old no-args constructor does not exist anymore in ServerConnector class and all
new constructors require the org.eclipse.jetty.server.Server as an input parameter.
> Jetty 9 documentation here talked about "X-Forward-for Configuration":
> http://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html
> We should configure HttpConfiguration with ForwardedRequestCustomizer in order to handle
reverse proxy headers:
> {code}
> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
>     <Set name="outputBufferSize">32768</Set>
>     <Set name="requestHeaderSize">8192</Set>
>     <Set name="responseHeaderSize">8192</Set>
>     <Call name="addCustomizer">
>         <Arg>
>             <New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/>
>         </Arg>
>     </Call>
> </New>
> {code}
> However, CXF http-jetty transport schema is not in-sync with API changes in Jetty 9.
There is no way to configure above with CXF http-jetty transport schema.
> I can think of two solutions:
> # Just like what we did in another JIRA:
> https://issues.apache.org/jira/browse/CXF-5937 for servlet, we should also fix CXF http-jetty
transport so we can optionally react to X-Forwarded headers;
> # Change CXF http-jetty transport schema
> http://cxf.apache.org/schemas/configuration/http-jetty.xsd
> and related java code to allow configuring HttpConfiguration along with ForwardedRequestCustomizer
in order to handle X-Fowarded-for headers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message