felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.W. Janssen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FELIX-4420) [HTTP SSLFilter] Implement sendRedirect
Date Wed, 21 May 2014 09:08:38 GMT

     [ https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

J.W. Janssen updated FELIX-4420:

    Attachment: FELIX-4420.patch

[~fmeschbe]/[~cziegeler]: the idea of overriding sendRedirect does not work well in practise:
most webservers (Tomcat/Jetty) will set the "location" header with the fully qualified redirect-URL
and mark the request as completed, after which you're not supposed (or able) to touch the
response. This would mean we have to reimplement the sendRedirect functionality ourselves,
which is something I'd like to avoid.

I've implemented an alternative approach (see attached patch) in which I check whether the
"location" header is set using {{setHeader}}, and if so, rewrite the given URL. Jetty and
Tomcat both use {{setHeader}} internally in their {{sendRedirect}} implementation, so this
should work pretty well. WDYT?

> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>                 Key: FELIX-4420
>                 URL: https://issues.apache.org/jira/browse/FELIX-4420
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http-2.2.1, http-2.2.2
>            Reporter: Felix Meschberger
>            Assignee: J.W. Janssen
>             Fix For: http-2.3.0, http-sslfilter-1.0.0
>         Attachments: FELIX-4420.patch
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the actual protocol
used by the client side browser by inspecting a request header and exposing the proper scheme
through its ServletRequest.getScheme() implementation if the actual server is operated behind
an SSL terminating proxy (i.e. client connects with HTTPS to proxy, proxy forwards request
to server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location header to
the absolute redirect URL which includes the scheme. In an SSL terminating proxy situation,
the servlet container does not know about this fact and hence uses the actual server scheme
(HTTP) for the redirect instead of the scheme used by client.
> To fix this situation the SSL filter response should implement the HttpServletResponse.sendRedirect()
method to use use the client side scheme as extracted from the request instead of the actual
server request.

This message was sent by Atlassian JIRA

View raw message