felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1754836 - in /felix/trunk/http/sslfilter/src: main/java/org/apache/felix/http/sslfilter/internal/ test/java/org/apache/felix/http/sslfilter/internal/
Date Tue, 02 Aug 2016 07:30:01 GMT
Author: cziegeler
Date: Tue Aug  2 07:30:01 2016
New Revision: 1754836

URL: http://svn.apache.org/viewvc?rev=1754836&view=rev
Log:
FELIX-4923 : SslFilterResponse doesn 't take in account ssl-forward.header property. Apply
patch from Antonio Sanso

Modified:
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
    felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
    felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java

Modified: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java?rev=1754836&r1=1754835&r2=1754836&view=diff
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
(original)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
Tue Aug  2 07:30:01 2016
@@ -73,7 +73,7 @@ public class SslFilter implements Filter
         {
             try
             {
-                httpResp = new SslFilterResponse(httpResp, httpReq);
+                httpResp = new SslFilterResponse(httpResp, httpReq, cfg);
                 // In case this fails, we fall back to the original HTTP request, which is
better than nothing...
                 httpReq = new SslFilterRequest(httpReq, httpReq.getHeader(cfg.certHeader));
             }

Modified: felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java?rev=1754836&r1=1754835&r2=1754836&view=diff
==============================================================================
--- felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
(original)
+++ felix/trunk/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
Tue Aug  2 07:30:01 2016
@@ -21,6 +21,7 @@ package org.apache.felix.http.sslfilter.
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_LOCATION;
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
 import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS_PORT;
@@ -36,6 +37,8 @@ import javax.servlet.http.HttpServletReq
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;
 
+import org.apache.felix.http.sslfilter.internal.SslFilter.ConfigHolder;
+
 /**
  * Provides a custom {@link HttpServletResponse} for use in SSL filter.
  */
@@ -48,7 +51,7 @@ class SslFilterResponse extends HttpServ
     private final String clientProto;
     private final int clientPort;
 
-    public SslFilterResponse(HttpServletResponse response, HttpServletRequest request) throws
MalformedURLException
+    public SslFilterResponse(HttpServletResponse response, HttpServletRequest request, ConfigHolder
config) throws MalformedURLException
     {
         super(response);
 
@@ -58,8 +61,10 @@ class SslFilterResponse extends HttpServ
         this.serverName = request.getServerName();
         this.serverPort = request.getServerPort();
 
-        String proto = request.getHeader(HDR_X_FORWARDED_PROTO);
-        if (HTTP.equalsIgnoreCase(proto))
+        String value = request.getHeader(config.sslHeader);
+        
+        if ((HDR_X_FORWARDED_PROTO.equalsIgnoreCase(config.sslHeader) && HTTP.equalsIgnoreCase(value))
||
+                (HDR_X_FORWARDED_SSL.equalsIgnoreCase(config.sslHeader) && !config.sslValue.equalsIgnoreCase(value)))
         {
             // Not really a useful scenario: client is talking HTTP to proxy, and we should
rewrite all HTTPS-based URLs...
             this.clientProto = HTTP;
@@ -165,13 +170,6 @@ class SslFilterResponse extends HttpServ
 
             String actualProto = uri.getScheme();
 
-
-            if (!this.serverProto.equalsIgnoreCase(actualProto))
-            {
-                // protocol is already correct
-                return null;
-            }
-
             if (!this.serverName.equals(uri.getHost()))
             {
                 // going to a different host

Modified: felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java?rev=1754836&r1=1754835&r2=1754836&view=diff
==============================================================================
--- felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
(original)
+++ felix/trunk/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
Tue Aug  2 07:30:01 2016
@@ -37,9 +37,11 @@ import javax.servlet.ServletOutputStream
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
+import org.apache.felix.http.sslfilter.internal.SslFilter.ConfigHolder;
 import org.junit.Test;
 
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
+
 public class SslFilterResponseTest
 {
     private static final String BACKEND_SERVER = "backend.server";
@@ -59,8 +61,9 @@ public class SslFilterResponseTest
     {
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         sresp.setHeader(LOCATION, null);
 
@@ -74,8 +77,9 @@ public class SslFilterResponseTest
 
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTPS + "://" + BACKEND_SERVER + "/foo";
         expected = location;
@@ -93,7 +97,9 @@ public class SslFilterResponseTest
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
 
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTP + "://" + BACKEND_SERVER + "/foo";
         expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
@@ -111,8 +117,9 @@ public class SslFilterResponseTest
 
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTP + "://" + BACKEND_SERVER + "/foo#abc";
         expected = HTTPS + "://" + BACKEND_SERVER + "/foo#abc";
@@ -130,8 +137,9 @@ public class SslFilterResponseTest
 
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT + "/foo";
         expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
@@ -148,8 +156,9 @@ public class SslFilterResponseTest
 
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, DEFAULT_HTTP_PORT,
HTTPS, ALT_HTTPS_PORT, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTP + "://" + BACKEND_SERVER + "/foo";
         expected = HTTPS + "://" + BACKEND_SERVER + ":" + ALT_HTTPS_PORT + "/foo";
@@ -166,8 +175,9 @@ public class SslFilterResponseTest
 
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
 
         location = HTTP + "://" + BACKEND_SERVER + ":" + ALT_HTTP_PORT + "/foo";
         expected = location;
@@ -182,8 +192,9 @@ public class SslFilterResponseTest
     {
         TestHttpServletResponse resp = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(resp, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(resp, req,cfg);
 
         String location = HTTP + "://" + OTHER_SERVER + "/foo";
         String expected = location;
@@ -198,8 +209,9 @@ public class SslFilterResponseTest
     {
         TestHttpServletResponse response = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(response, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(response, req, cfg);
 
         final String queryString = "?resource=%2Fen.html%3FpbOpen%3Dtrue&$$login$$=%24%24login%24%24&j_reason=errors.login.account.not.found";
         final String setUrl = "http://" + BACKEND_SERVER + "/" + queryString;
@@ -215,8 +227,9 @@ public class SslFilterResponseTest
     {
         TestHttpServletResponse response = createServletResponse();
         HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
-        SslFilterResponse sresp = new SslFilterResponse(response, req);
+        ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+        
+        SslFilterResponse sresp = new SslFilterResponse(response, req, cfg);
 
         final String setUrl = "http://" + BACKEND_SERVER + "/apps/test/content/%E4%B8%83%E6%9C%88%E5%8F%B7.redirect";
         sresp.setHeader(SslFilterConstants.HDR_LOCATION, setUrl);



Mime
View raw message