tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r905625 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java webapps/docs/config/filter.xml
Date Tue, 02 Feb 2010 13:25:45 GMT
Author: markt
Date: Tue Feb  2 13:25:42 2010
New Revision: 905625

URL: http://svn.apache.org/viewvc?rev=905625&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48647
RemoteIpFilter : request.secure and request.scheme are not forced to "false" and "http" if
X-Forwarded-Proto=http
Patch provided by Cyrille Le Clerc 

Modified:
    tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
    tomcat/trunk/webapps/docs/config/filter.xml

Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=905625&r1=905624&r2=905625&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Tue Feb  2 13:25:42
2010
@@ -138,6 +138,19 @@
  * <td><code>https</code></td>
  * </tr>
  * <tr>
+ * <td>httpServerPort</td>
+ * <td>Value returned by {@link ServletRequest#getServerPort()} when the <code>protocolHeader</code>
indicates <code>http</code> protocol</td>
+ * <td>N/A</td>
+ * <td>integer</td>
+ * <td>80</td>
+ * </tr>
+ * <tr>
+ * <td>httpsServerPort</td>
+ * <td>Value returned by {@link ServletRequest#getServerPort()} when the <code>protocolHeader</code>
indicates <code>https</code> protocol</td>
+ * <td>N/A</td>
+ * <td>integer</td>
+ * <td>443</td>
+ * </tr>
  * </table>
  * </p>
  * <p>
@@ -575,6 +588,8 @@
      */
     private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*");
     
+    protected static final String HTTP_SERVER_PORT_PARAMETER = "httpServerPort";
+
     protected static final String HTTPS_SERVER_PORT_PARAMETER = "httpsServerPort";
     
     protected static final String INTERNAL_PROXIES_PARAMETER = "internalProxies";
@@ -655,10 +670,15 @@
     }
     
     /**
+     * @see #setHttpServerPort(int)
+     */
+    private int httpServerPort = 80;
+
+    /**
      * @see #setHttpsServerPort(int)
      */
     private int httpsServerPort = 443;
-    
+
     /**
      * @see #setInternalProxies(String)
      */
@@ -744,10 +764,16 @@
             
             if (protocolHeader != null) {
                 String protocolHeaderValue = request.getHeader(protocolHeader);
-                if (protocolHeaderValue != null && protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue))
{
+                if (protocolHeaderValue == null) {
+                    // don't modify the secure,scheme and serverPort attributes of the request
+                } else if (protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue))
{
                     xRequest.setSecure(true);
                     xRequest.setScheme("https");
                     xRequest.setServerPort(httpsServerPort);
+                } else {
+                    xRequest.setSecure(false);
+                    xRequest.setScheme("http");
+                    xRequest.setServerPort(httpServerPort);
                 }
             }
             
@@ -832,17 +858,38 @@
             setTrustedProxies(filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER));
         }
         
+        if (filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER) != null) {
+            try {
+                setHttpServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER)));
+            } catch (NumberFormatException e) {
+                throw new NumberFormatException("Illegal " + HTTP_SERVER_PORT_PARAMETER +
" : " + e.getMessage());
+            }
+        }
+        
         if (filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER) != null) {
             try {
                 setHttpsServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER)));
             } catch (NumberFormatException e) {
-                throw new NumberFormatException("Illegal serverPort : " + e.getMessage());
+                throw new NumberFormatException("Illegal " + HTTPS_SERVER_PORT_PARAMETER
+ " : " + e.getMessage());
             }
         }
     }
     
     /**
      * <p>
+     * Server Port value if the {@link #protocolHeader} indicates HTTP (i.e. {@link #protocolHeader}
is not null and
+     * has a value different of {@link #protocolHeaderHttpsValue}). 
+     * </p>
+     * <p>
+     * Default value : 80
+     * </p>
+     */
+    public void setHttpServerPort(int httpServerPort) {
+        this.httpServerPort = httpServerPort;
+    }
+    
+    /**
+     * <p>
      * Server Port value if the {@link #protocolHeader} indicates HTTPS
      * </p>
      * <p>

Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=905625&r1=905624&r2=905625&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Tue Feb  2 13:25:42 2010
@@ -205,8 +205,9 @@
     via a request headers (e.g. &quot;X-Forwarded-For&quot;).</p>
 
     <p>Another feature of this filter is to replace the apparent scheme
-    (http/https) and server port with the scheme presented by a proxy or a load
-    balancer via a request header (e.g. &quot;X-Forwarded-Proto&quot;).</p>
+    (http/https), server port and <code>request.secure</code> with the scheme
presented 
+    by a proxy or a load balancer via a request header 
+    (e.g. &quot;X-Forwarded-Proto&quot;).</p>
  
     <p>If used in conjunction with Remote Address/Host filters then this filter
     should be defined first to ensure that the correct client IP address is
@@ -272,6 +273,20 @@
         used.</p>
       </attribute>
 
+      <attribute name="httpServerPort" required="false">
+         <p>Value returned by <code>ServletRequest.getServerPort()</code>

+         when the <strong>protocolHeader</strong> indicates <code>http</code>

+         protocol. If not specified, the default of <code>80</code> is
+        used.</p>
+      </attribute>
+
+      <attribute name="httpsServerPort" required="false">
+         <p>Value returned by <code>ServletRequest.getServerPort()</code>

+         when the <strong>protocolHeader</strong> indicates <code>https</code>

+         protocol. If not specified, the default of <code>443</code> is
+        used.</p>
+      </attribute>
+
     </attributes>
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message