felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject svn commit: r1597554 - in /felix/trunk/http/sslfilter/src: main/java/org/apache/felix/http/sslfilter/internal/ test/java/org/apache/felix/http/sslfilter/internal/
Date Mon, 26 May 2014 10:32:32 GMT
Author: jawi
Date: Mon May 26 10:32:31 2014
New Revision: 1597554

URL: http://svn.apache.org/r1597554
Log:
FELIX-4420 - Implement sendRedirect:

- rewrite redirects if the redirect-URL is at the same host as the rewritten URLs;
- added some tests in order to verify the correctness.


Added:
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
  (with props)
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
  (with props)
    felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
  (with props)
Modified:
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java

Modified: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java?rev=1597554&r1=1597553&r2=1597554&view=diff
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
(original)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
Mon May 26 10:32:31 2014
@@ -18,6 +18,9 @@
  */
 package org.apache.felix.http.sslfilter.internal;
 
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL_CERTIFICATE;
+
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Dictionary;
@@ -29,17 +32,19 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.osgi.service.cm.ConfigurationException;
 import org.osgi.service.log.LogService;
 
+@SuppressWarnings("rawtypes")
 public class SslFilter implements Filter
 {
     public static final String PID = "org.apache.felix.http.sslfilter.SslFilter";
 
-    private static final String DEFAULT_SSL_HEADER = "X-Forwarded-SSL";
+    private static final String DEFAULT_SSL_HEADER = HDR_X_FORWARDED_SSL;
     private static final String DEFAULT_SSL_VALUE = "on";
-    private static final String DEFAULT_CERT_HEADER = "X-Forwarded-SSL-Certificate";
+    private static final String DEFAULT_CERT_HEADER = HDR_X_FORWARDED_SSL_CERTIFICATE;
 
     private static final String PROP_SSL_HEADER = "ssl-forward.header";
     private static final String PROP_SSL_VALUE = "ssl-forward.value";
@@ -62,12 +67,14 @@ public class SslFilter implements Filter
         final ConfigHolder cfg = this.config;
 
         HttpServletRequest httpReq = (HttpServletRequest) req;
+        HttpServletResponse httpResp = (HttpServletResponse) res;
+
         if (cfg.sslValue.equalsIgnoreCase(httpReq.getHeader(cfg.sslHeader)))
         {
             try
             {
-                // In case this fails, we fall back to the original HTTP
-                // request, which is better than nothing...
+                httpResp = new SslFilterResponse(httpResp, httpReq);
+                // In case this fails, we fall back to the original HTTP request, which is
better than nothing...
                 httpReq = new SslFilterRequest(httpReq, httpReq.getHeader(cfg.certHeader));
             }
             catch (CertificateException e)
@@ -76,11 +83,10 @@ public class SslFilter implements Filter
             }
         }
 
-        // forward the request making sure any certificate is removed
-        // again after the request processing gets back here
+        // forward the request making sure any certificate is removed again after the request
processing gets back here
         try
         {
-            chain.doFilter(httpReq, res);
+            chain.doFilter(httpReq, httpResp);
         }
         finally
         {
@@ -96,7 +102,7 @@ public class SslFilter implements Filter
         // make sure there is some configuration
     }
 
-    void configure(@SuppressWarnings("rawtypes") final Dictionary properties) throws ConfigurationException
+    void configure(Dictionary properties) throws ConfigurationException
     {
         String certHeader = DEFAULT_CERT_HEADER;
         String sslHeader = DEFAULT_SSL_HEADER;
@@ -115,7 +121,7 @@ public class SslFilter implements Filter
             + certHeader + "'.");
     }
 
-    private String getOptionalString(@SuppressWarnings("rawtypes") Dictionary properties,
String key) throws ConfigurationException
+    private String getOptionalString(Dictionary properties, String key) throws ConfigurationException
     {
         Object raw = properties.get(key);
         if (raw == null || "".equals(((String) raw).trim()))
@@ -129,7 +135,7 @@ public class SslFilter implements Filter
         return ((String) raw).trim();
     }
 
-    private String getMandatoryString(@SuppressWarnings("rawtypes") Dictionary properties,
String key) throws ConfigurationException
+    private String getMandatoryString(Dictionary properties, String key) throws ConfigurationException
     {
         String value = getOptionalString(properties, key);
         if (value == null)

Added: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java?rev=1597554&view=auto
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
(added)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
Mon May 26 10:32:31 2014
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+/**
+ * Provides constants used in the SSL filter.
+ */
+interface SslFilterConstants
+{
+    /**
+     * If there is an SSL certificate associated with the request, it must be exposed by
the servlet container to the 
+     * servlet programmer as an array of objects of type java.security.cert.X509Certificate
and accessible via a 
+     * ServletRequest attribute of <tt>javax.servlet.request.X509Certificate</tt>.
+     * <p>
+     * The order of this array is defined as being in ascending order of trust. The first
certificate in the chain is
+     * the one set by the client, the next is the one used to authenticate the first, and
so on.
+     */
+    String ATTR_SSL_CERTIFICATE = "javax.servlet.request.X509Certificate";
+
+    /**
+     * De-facto header used to inform what protocol the forwarded client used to connect
to the proxy, such as "https".
+     */
+    String HDR_X_FORWARDED_PROTO = "X-Forwarded-Proto";
+    /**
+     * De-facto header used to inform what port the forwarded client used to connect to the
proxy, such as "433".
+     */
+    String HDR_X_FORWARDED_PORT = "X-Forwarded-Port";
+    /**
+     * De-facto header used to inform that the proxy is forwarding a SSL request.
+     */
+    String HDR_X_FORWARDED_SSL = "X-Forwarded-SSL";
+    /**
+     * De-facto(?) header used to pass the certificate the client used to connect to the
proxy, in X.509 format.
+     */
+    String HDR_X_FORWARDED_SSL_CERTIFICATE = "X-Forwarded-SSL-Certificate";
+
+    /**
+     * HTTP header used to explain the client it should redirect to another URL.
+     */
+    String HDR_LOCATION = "Location";
+
+    /**
+     * HTTP protocol/scheme.
+     */
+    String HTTP = "http";
+    /**
+     * Default port used for HTTP.
+     */
+    int HTTP_PORT = 80;
+
+    /**
+     * HTTPS protocol/scheme.
+     */
+    String HTTPS = "https";
+    /**
+     * Default port used for HTTPS.
+     */
+    int HTTPS_PORT = 443;
+
+    String UTF_8 = "UTF-8";
+    String X_509 = "X.509";
+}

Propchange: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java?rev=1597554&r1=1597553&r2=1597554&view=diff
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
(original)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
Mon May 26 10:32:31 2014
@@ -18,6 +18,11 @@
  */
 package org.apache.felix.http.sslfilter.internal;
 
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.ATTR_SSL_CERTIFICATE;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.UTF_8;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.X_509;
+
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
@@ -32,45 +37,29 @@ import javax.servlet.http.HttpServletReq
 
 class SslFilterRequest extends HttpServletRequestWrapper
 {
-    // The HTTPS scheme name
-    private static final String HTTPS_SCHEME = "https";
-
     // The HTTP scheme prefix in an URL
     private static final String HTTP_SCHEME_PREFIX = "http://";
 
     // pattern to convert the header to a PEM certificate for parsing
     // by replacing spaces with line breaks
-    private static Pattern HEADER_TO_CERT = Pattern.compile("(?! CERTIFICATE)(?= ) ");
-
-    // character encoding for the client certificate header
-    private static final String UTF_8 = "UTF-8";
-
-    /**
-     * If there is an SSL certificate associated with the request, it must be
-     * exposed by the servlet container to the servlet programmer as an array of
-     * objects of type java.security.cert.X509Certificate and accessible via a
-     * ServletRequest attribute of javax.servlet.request.X509Certificate.
-     * <p>
-     * The order of this array is defined as being in ascending order of trust.
-     * The first certificate in the chain is the one set by the client, the next
-     * is the one used to authenticate the first, and so on.
-     */
-    protected static final String ATTR_SSL_CERTIFICATE = "javax.servlet.request.X509Certificate";
-
-    private String requestURL;
+    private static final Pattern HEADER_TO_CERT = Pattern.compile("(?! CERTIFICATE)(?= )
");
 
     @SuppressWarnings("unchecked")
     SslFilterRequest(HttpServletRequest request, String clientCertHeader) throws CertificateException
     {
         super(request);
+        
+        // TODO jawi: perhaps we should make this class a little smarter wrt the given request:
+        // it now always assumes it should rewrite its URL, while this might not always be
the
+        // case...
 
-        if (clientCertHeader != null && clientCertHeader.length() > 0)
+        if (clientCertHeader != null && !"".equals(clientCertHeader.trim()))
         {
             final String clientCert = HEADER_TO_CERT.matcher(clientCertHeader).replaceAll("\n");
 
             try
             {
-                CertificateFactory fac = CertificateFactory.getInstance("X.509");
+                CertificateFactory fac = CertificateFactory.getInstance(X_509);
 
                 InputStream instream = new ByteArrayInputStream(clientCert.getBytes(UTF_8));
 
@@ -92,7 +81,7 @@ class SslFilterRequest extends HttpServl
 
     public String getScheme()
     {
-        return HTTPS_SCHEME;
+        return HTTPS;
     }
 
     public boolean isSecure()
@@ -102,19 +91,13 @@ class SslFilterRequest extends HttpServl
 
     public StringBuffer getRequestURL()
     {
-        if (this.requestURL == null)
+        StringBuffer tmp = new StringBuffer(super.getRequestURL());
+        // In case the request happened over http, simply insert an additional 's' 
+        // to make the request appear to be done over https...
+        if (tmp.indexOf(HTTP_SCHEME_PREFIX) == 0)
         {
-            StringBuffer tmp = super.getRequestURL();
-            if (tmp.indexOf(HTTP_SCHEME_PREFIX) == 0)
-            {
-                this.requestURL = HTTPS_SCHEME.concat(tmp.substring(4));
-            }
-            else
-            {
-                this.requestURL = tmp.toString();
-            }
+            tmp.insert(4, 's');
         }
-
-        return new StringBuffer(this.requestURL);
+        return tmp;
     }
 }

Added: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java?rev=1597554&view=auto
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
(added)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
Mon May 26 10:32:31 2014
@@ -0,0 +1,148 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_LOCATION;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS_PORT;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP_PORT;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+/**
+ * Provides a custom {@link HttpServletResponse} for use in SSL filter.
+ */
+class SslFilterResponse extends HttpServletResponseWrapper
+{
+    private final String serverName;
+    private final String serverProto;
+    private final int serverPort;
+    private final String clientProto;
+    private final int clientPort;
+
+    public SslFilterResponse(HttpServletResponse response, HttpServletRequest request)
+    {
+        super(response);
+
+        // Only rewrite URLs for the host & port the request was sent to...
+        this.serverName = request.getServerName();
+        this.serverPort = request.getServerPort();
+
+        String proto = request.getHeader(HDR_X_FORWARDED_PROTO);
+        if (HTTP.equalsIgnoreCase(proto))
+        {
+            // Not really a useful scenario: client is talking HTTP to proxy, and we should
rewrite all HTTPS-based URLs...
+            this.clientProto = HTTP;
+            this.serverProto = HTTPS;
+        }
+        else
+        {
+            // Client is talking HTTPS to proxy, so we should rewrite all HTTP-based URLs...

+            this.clientProto = HTTPS;
+            this.serverProto = HTTP;
+        }
+
+        int port;
+        try
+        {
+            String fwdPort = request.getHeader(HDR_X_FORWARDED_PORT);
+            port = Integer.valueOf(fwdPort);
+        }
+        catch (Exception e)
+        {
+            // Use default port for the used protocol...
+            port = -1;
+        }
+        // Normalize the protocol port...
+        if ((port > 0) && ((HTTPS.equals(this.clientProto) && (port ==
HTTPS_PORT)) || (HTTP.equals(this.clientProto) && (port == HTTP_PORT))))
+        {
+            // Port is the default one, do not use it...
+            port = -1;
+        }
+
+        this.clientPort = port;
+    }
+
+    @Override
+    public void setHeader(String name, String value)
+    {
+        if (HDR_LOCATION.equalsIgnoreCase(name))
+        {
+            URL rewritten = rewriteUrlIfNeeded(value);
+            // Trying to set a redirect location to the original client-side URL, which should
be https...
+            if (rewritten != null)
+            {
+                value = rewritten.toExternalForm();
+            }
+        }
+        super.setHeader(name, value);
+    }
+
+    private int normalizePort(String protocol, int port)
+    {
+        if (port > 0)
+        {
+            return port;
+        }
+        if (HTTPS.equalsIgnoreCase(protocol))
+        {
+            return HTTPS_PORT;
+        }
+        return HTTP_PORT;
+    }
+
+    private URL rewriteUrlIfNeeded(String value)
+    {
+        try
+        {
+            URL url = new URL(value);
+
+            String actualProto = url.getProtocol();
+
+            if (!this.serverProto.equalsIgnoreCase(actualProto))
+            {
+                return null;
+            }
+
+            if (!this.serverName.equals(url.getHost()))
+            {
+                return null;
+            }
+
+            if (normalizePort(this.serverProto, this.serverPort) != normalizePort(actualProto,
url.getPort()))
+            {
+                return null;
+            }
+
+            return new URL(this.clientProto, this.serverName, this.clientPort, url.getFile());
+        }
+        catch (MalformedURLException e)
+        {
+            return null;
+        }
+    }
+}

Propchange: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java?rev=1597554&view=auto
==============================================================================
--- felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
(added)
+++ felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
Mon May 26 10:32:31 2014
@@ -0,0 +1,378 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import static junit.framework.Assert.assertEquals;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+
+public class SslFilterResponseTest
+{
+    private static final String BACKEND_SERVER = "backend.server";
+    private static final String OTHER_SERVER = "other.server";
+
+    private static final String DEFAULT_HTTP_PORT = "80";
+    private static final String ALT_HTTP_PORT = "8080";
+    private static final String DEFAULT_HTTPS_PORT = "443";
+    private static final String ALT_HTTPS_PORT = "8443";
+
+    private static final String LOCATION = "Location";
+
+    @Test
+    public void testSetHttpLocationHeaderToNullValue() throws Exception
+    {
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        sresp.setHeader(LOCATION, null);
+
+        assertEquals(null, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpsLocationHeaderToOriginalRequestURI() throws Exception
+    {
+        String location, expected;
+
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        location = HTTPS + "://" + BACKEND_SERVER + "/foo";
+        expected = location;
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpLocationHeaderToOriginalRequestURI() throws Exception
+    {
+        String location, expected;
+
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        location = HTTP + "://" + BACKEND_SERVER + "/foo";
+        expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpLocationHeaderToOriginalRequestWithExplicitPort() throws Exception
+    {
+        String location, expected;
+
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        location = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT + "/foo";
+        expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpLocationHeaderToOriginalRequestWithForwardedPort() throws Exception
+    {
+        String location, expected;
+
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER, DEFAULT_HTTP_PORT,
HTTPS, ALT_HTTPS_PORT);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        location = HTTP + "://" + BACKEND_SERVER + "/foo";
+        expected = HTTPS + "://" + BACKEND_SERVER + ":" + ALT_HTTPS_PORT + "/foo";
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpLocationHeaderToOriginalRequestWithDifferentPort() throws Exception
+    {
+        String location, expected;
+
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        location = HTTP + "://" + BACKEND_SERVER + ":" + ALT_HTTP_PORT + "/foo";
+        expected = location;
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    @Test
+    public void testSetHttpLocationHeaderToOtherRequestURI() throws Exception
+    {
+        HttpServletResponse resp = createServletResponse();
+        HttpServletRequest req = createServletRequest(BACKEND_SERVER);
+
+        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+
+        String location = HTTP + "://" + OTHER_SERVER + "/foo";
+        String expected = location;
+
+        sresp.setHeader(LOCATION, location);
+
+        assertEquals(expected, sresp.getHeader(LOCATION));
+    }
+
+    private HttpServletRequest createServletRequest(String serverName)
+    {
+        return createServletRequest(serverName, DEFAULT_HTTP_PORT, HTTPS, DEFAULT_HTTPS_PORT);
+    }
+
+    private HttpServletRequest createServletRequest(String serverName, String serverPort,
String forwardedProto, String forwardedPort)
+    {
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getServerName()).thenReturn(serverName);
+        when(req.getServerPort()).thenReturn(Integer.parseInt(serverPort));
+        when(req.getHeader("X-Forwarded-Proto")).thenReturn(forwardedProto);
+        when(req.getHeader("X-Forwarded-Port")).thenReturn(forwardedPort);
+        return req;
+    }
+
+    private HttpServletResponse createServletResponse()
+    {
+        HttpServletResponse resp = new HttpServletResponse()
+        {
+            private final Map<String, String> headers = new HashMap<String, String>();
+            private int status = -1;
+            private boolean committed = false;
+
+            public void setLocale(Locale loc)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void setContentType(String type)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void setContentLength(int len)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void setCharacterEncoding(String charset)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void setBufferSize(int size)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void resetBuffer()
+            {
+            }
+
+            public void reset()
+            {
+            }
+
+            public boolean isCommitted()
+            {
+                return this.committed;
+            }
+
+            public PrintWriter getWriter() throws IOException
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public ServletOutputStream getOutputStream() throws IOException
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public Locale getLocale()
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public String getContentType()
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public String getCharacterEncoding()
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public int getBufferSize()
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void flushBuffer() throws IOException
+            {
+                committed = true;
+            }
+
+            public void setStatus(int sc, String sm)
+            {
+                status = sc;
+                committed = true;
+            }
+
+            public void setStatus(int sc)
+            {
+                status = sc;
+                committed = true;
+            }
+
+            public void setIntHeader(String name, int value)
+            {
+                headers.put(name, Integer.toString(value));
+            }
+
+            public void setHeader(String name, String value)
+            {
+                headers.put(name, value);
+            }
+
+            public void setDateHeader(String name, long date)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void sendRedirect(String location) throws IOException
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void sendError(int sc, String msg) throws IOException
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void sendError(int sc) throws IOException
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public int getStatus()
+            {
+                return status;
+            }
+
+            public Collection<String> getHeaders(String name)
+            {
+                return Collections.singleton(headers.get(name));
+            }
+
+            public Collection<String> getHeaderNames()
+            {
+                return headers.keySet();
+            }
+
+            public String getHeader(String name)
+            {
+                return headers.get(name);
+            }
+
+            public String encodeUrl(String url)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public String encodeURL(String url)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public String encodeRedirectUrl(String url)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public String encodeRedirectURL(String url)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public boolean containsHeader(String name)
+            {
+                return headers.containsKey(name);
+            }
+
+            public void addIntHeader(String name, int value)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void addHeader(String name, String value)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void addDateHeader(String name, long date)
+            {
+                throw new UnsupportedOperationException();
+            }
+
+            public void addCookie(Cookie cookie)
+            {
+                throw new UnsupportedOperationException();
+            }
+        };
+        return resp;
+    }
+}

Propchange: felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message