You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2019/07/09 20:07:43 UTC
[tomcat] branch mark-forwarded-request/9.0.x updated (db6e822 ->
6c891b6)
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a change to branch mark-forwarded-request/9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
discard db6e822 BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
add e110331 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=55969
add c9947ff Code clean-up. Space, indents, {}, wrapping. No functional change.
add eb9f04d Add release date for 9.0.22
add 1ccb893 Fix typo
add 5474fd4 JSP compatibility testing for Graal
new 6c891b6 BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (db6e822)
\
N -- N -- N refs/heads/mark-forwarded-request/9.0.x (6c891b6)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
build.properties.default | 14 +--
java/org/apache/catalina/connector/Request.java | 89 ++++++--------
.../apache/jasper/runtime/JspRuntimeLibrary.java | 133 +++++++++++++++------
res/tomcat-maven/graal-webapp.ant.xml | 49 ++++++++
res/tomcat.nsi | 18 ++-
webapps/docs/changelog.xml | 17 ++-
6 files changed, 216 insertions(+), 104 deletions(-)
create mode 100644 res/tomcat-maven/graal-webapp.ant.xml
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/01: BZ 63556: Mark request as forwarded in
RemoteIpValve and RemoteIpFilter
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch mark-forwarded-request/9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6c891b6cec5695cd9afb49ce9d0baa37f6cad1f1
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Tue Jul 9 14:59:09 2019 +0200
BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
---
java/org/apache/catalina/Globals.java | 9 +++++++
.../apache/catalina/filters/RemoteIpFilter.java | 4 +++
java/org/apache/catalina/valves/RemoteIpValve.java | 4 +++
.../catalina/filters/TestRemoteIpFilter.java | 23 +++++++++++++++++
.../apache/catalina/valves/TestRemoteIpValve.java | 30 ++++++++++++++++++++++
webapps/docs/changelog.xml | 8 ++++++
6 files changed, 78 insertions(+)
diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java
index 8801724..b25ee32 100644
--- a/java/org/apache/catalina/Globals.java
+++ b/java/org/apache/catalina/Globals.java
@@ -199,6 +199,15 @@ public final class Globals {
org.apache.coyote.Constants.REMOTE_ADDR_ATTRIBUTE;
+ /**
+ * The request attribute that is set to the value of {@code Boolean.TRUE}
+ * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies
+ * a request which been forwarded via one or more proxies.
+ */
+ public static final String REQUEST_FORWARDED_ATTRIBUTE =
+ "org.apache.tomcat.request.forwarded";
+
+
public static final String ASYNC_SUPPORTED_ATTR =
"org.apache.catalina.ASYNC_SUPPORTED";
diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java
index 5c04858..1afe033 100644
--- a/java/org/apache/catalina/filters/RemoteIpFilter.java
+++ b/java/org/apache/catalina/filters/RemoteIpFilter.java
@@ -82,6 +82,8 @@ import org.apache.tomcat.util.res.StringManager;
* <code>protocolHeaderHttpsValue</code> configuration parameter (default <code>https</code>) then <code>request.isSecure = true</code>,
* <code>request.scheme = https</code> and <code>request.serverPort = 443</code>. Note that 443 can be overwritten with the
* <code>$httpsServerPort</code> configuration parameter.</li>
+ * <li>Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate
+ * that this request has been forwarded by one or more proxies.</li>
* </ul>
* <table border="1">
* <caption>Configuration parameters</caption>
@@ -820,6 +822,8 @@ public class RemoteIpFilter extends GenericFilter {
}
}
+ request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE);
+
if (log.isDebugEnabled()) {
log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr()
+ "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure()
diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java
index 145b095..cd08cc7 100644
--- a/java/org/apache/catalina/valves/RemoteIpValve.java
+++ b/java/org/apache/catalina/valves/RemoteIpValve.java
@@ -64,6 +64,8 @@ import org.apache.tomcat.util.http.MimeHeaders;
* <code>protocolHeaderHttpsValue</code> configuration parameter (default <code>https</code>) then <code>request.isSecure = true</code>,
* <code>request.scheme = https</code> and <code>request.serverPort = 443</code>. Note that 443 can be overwritten with the
* <code>$httpsServerPort</code> configuration parameter.</li>
+ * <li>Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate
+ * that this request has been forwarded by one or more proxies.</li>
* </ul>
* <table border="1">
* <caption>Configuration parameters</caption>
@@ -651,6 +653,8 @@ public class RemoteIpValve extends ValveBase {
}
}
+ request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE);
+
if (log.isDebugEnabled()) {
log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr
+ "', originalRemoteHost='" + originalRemoteHost + "', originalSecure='" + originalSecure + "', originalScheme='"
diff --git a/test/org/apache/catalina/filters/TestRemoteIpFilter.java b/test/org/apache/catalina/filters/TestRemoteIpFilter.java
index f7f2093..956bbf1 100644
--- a/test/org/apache/catalina/filters/TestRemoteIpFilter.java
+++ b/test/org/apache/catalina/filters/TestRemoteIpFilter.java
@@ -42,6 +42,7 @@ import org.junit.Test;
import org.apache.catalina.AccessLog;
import org.apache.catalina.Context;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
@@ -624,6 +625,28 @@ public class TestRemoteIpFilter extends TomcatBaseTest {
actualRequest.getAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE));
}
+ @Test
+ public void testRequestForwarded() throws Exception {
+ // PREPARE
+ FilterDef filterDef = new FilterDef();
+ filterDef.addInitParameter("protocolHeader", "x-forwarded-proto");
+ filterDef.addInitParameter("remoteIpHeader", "x-my-forwarded-for");
+ filterDef.addInitParameter("httpServerPort", "8080");
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRemoteAddr("192.168.0.10");
+ request.setHeader("x-my-forwarded-for", "140.211.11.130");
+ request.setHeader("x-forwarded-proto", "http");
+
+ // TEST
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
+
+ // VERIFY
+ Assert.assertEquals("org.apache.tomcat.request.forwarded",
+ Boolean.TRUE,
+ actualRequest.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
+ }
+
/*
* Test {@link RemoteIpFilter} in Tomcat standalone server
*/
diff --git a/test/org/apache/catalina/valves/TestRemoteIpValve.java b/test/org/apache/catalina/valves/TestRemoteIpValve.java
index 5d93d84..8ab03b4 100644
--- a/test/org/apache/catalina/valves/TestRemoteIpValve.java
+++ b/test/org/apache/catalina/valves/TestRemoteIpValve.java
@@ -27,6 +27,7 @@ import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.AccessLog;
+import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -985,6 +986,35 @@ public class TestRemoteIpValve {
request.getAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE));
}
+ @Test
+ public void testRequestForwarded() throws Exception {
+
+ // PREPARE
+ RemoteIpValve remoteIpValve = new RemoteIpValve();
+ remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+ remoteIpValve.setProtocolHeader("x-forwarded-proto");
+ RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
+ remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+ Request request = new MockRequest();
+ request.setCoyoteRequest(new org.apache.coyote.Request());
+ // client ip
+ request.setRemoteAddr("192.168.0.10");
+ request.setRemoteHost("192.168.0.10");
+ request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
+ // protocol
+ request.setServerPort(8080);
+ request.getCoyoteRequest().scheme().setString("http");
+
+ // TEST
+ remoteIpValve.invoke(request, null);
+
+ // VERIFY
+ Assert.assertEquals("org.apache.tomcat.request.forwarded",
+ Boolean.TRUE,
+ request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
+ }
+
private void assertArrayEquals(String[] expected, String[] actual) {
if (expected == null) {
Assert.assertNull(actual);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5fc543b..cffca39 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,14 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.23 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <add>
+ <bug>63556</bug>: Mark request as forwarded in RemoteIpValve and
+ RemoteIpFilter (michaelo)
+ </add>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<scode>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org