FELIX-4923 : SslFilterResponse doesn 't take in account ssl-forward.header property. Apply patch from Antonio Sanso
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1754836 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
index 877a555..0cdac9d 100644
--- a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
@@ -73,7 +73,7 @@
{
try
{
- httpResp = new SslFilterResponse(httpResp, httpReq);
+ httpResp = new SslFilterResponse(httpResp, httpReq, cfg);
// In case this fails, we fall back to the original HTTP request, which is better than nothing...
httpReq = new SslFilterRequest(httpReq, httpReq.getHeader(cfg.certHeader));
}
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
index db4edce..62b6c15 100644
--- a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
@@ -21,6 +21,7 @@
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_LOCATION;
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS_PORT;
@@ -36,6 +37,8 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
+import org.apache.felix.http.sslfilter.internal.SslFilter.ConfigHolder;
+
/**
* Provides a custom {@link HttpServletResponse} for use in SSL filter.
*/
@@ -48,7 +51,7 @@
private final String clientProto;
private final int clientPort;
- public SslFilterResponse(HttpServletResponse response, HttpServletRequest request) throws MalformedURLException
+ public SslFilterResponse(HttpServletResponse response, HttpServletRequest request, ConfigHolder config) throws MalformedURLException
{
super(response);
@@ -58,8 +61,10 @@
this.serverName = request.getServerName();
this.serverPort = request.getServerPort();
- String proto = request.getHeader(HDR_X_FORWARDED_PROTO);
- if (HTTP.equalsIgnoreCase(proto))
+ String value = request.getHeader(config.sslHeader);
+
+ if ((HDR_X_FORWARDED_PROTO.equalsIgnoreCase(config.sslHeader) && HTTP.equalsIgnoreCase(value)) ||
+ (HDR_X_FORWARDED_SSL.equalsIgnoreCase(config.sslHeader) && !config.sslValue.equalsIgnoreCase(value)))
{
// Not really a useful scenario: client is talking HTTP to proxy, and we should rewrite all HTTPS-based URLs...
this.clientProto = HTTP;
@@ -165,13 +170,6 @@
String actualProto = uri.getScheme();
-
- if (!this.serverProto.equalsIgnoreCase(actualProto))
- {
- // protocol is already correct
- return null;
- }
-
if (!this.serverName.equals(uri.getHost()))
{
// going to a different host
diff --git a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java b/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
index 17192d7..7910567 100644
--- a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
+++ b/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
@@ -37,9 +37,11 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import org.apache.felix.http.sslfilter.internal.SslFilter.ConfigHolder;
import org.junit.Test;
+import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
+
public class SslFilterResponseTest
{
private static final String BACKEND_SERVER = "backend.server";
@@ -59,8 +61,9 @@
{
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
sresp.setHeader(LOCATION, null);
@@ -74,8 +77,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTPS + "://" + BACKEND_SERVER + "/foo";
expected = location;
@@ -93,7 +97,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTP + "://" + BACKEND_SERVER + "/foo";
expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
@@ -111,8 +117,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTP + "://" + BACKEND_SERVER + "/foo#abc";
expected = HTTPS + "://" + BACKEND_SERVER + "/foo#abc";
@@ -130,8 +137,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT + "/foo";
expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
@@ -148,8 +156,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, DEFAULT_HTTP_PORT, HTTPS, ALT_HTTPS_PORT, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTP + "://" + BACKEND_SERVER + "/foo";
expected = HTTPS + "://" + BACKEND_SERVER + ":" + ALT_HTTPS_PORT + "/foo";
@@ -166,8 +175,9 @@
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
location = HTTP + "://" + BACKEND_SERVER + ":" + ALT_HTTP_PORT + "/foo";
expected = location;
@@ -182,8 +192,9 @@
{
TestHttpServletResponse resp = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(resp, req,cfg);
String location = HTTP + "://" + OTHER_SERVER + "/foo";
String expected = location;
@@ -198,8 +209,9 @@
{
TestHttpServletResponse response = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(response, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(response, req, cfg);
final String queryString = "?resource=%2Fen.html%3FpbOpen%3Dtrue&$$login$$=%24%24login%24%24&j_reason=errors.login.account.not.found";
final String setUrl = "http://" + BACKEND_SERVER + "/" + queryString;
@@ -215,8 +227,9 @@
{
TestHttpServletResponse response = createServletResponse();
HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- SslFilterResponse sresp = new SslFilterResponse(response, req);
+ ConfigHolder cfg = new ConfigHolder(HDR_X_FORWARDED_PROTO, "https", null);
+
+ SslFilterResponse sresp = new SslFilterResponse(response, req, cfg);
final String setUrl = "http://" + BACKEND_SERVER + "/apps/test/content/%E4%B8%83%E6%9C%88%E5%8F%B7.redirect";
sresp.setHeader(SslFilterConstants.HDR_LOCATION, setUrl);
