You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/12/01 14:00:15 UTC
svn commit: r1717418 - in /tomcat/trunk: java/org/apache/catalina/
java/org/apache/catalina/connector/ java/org/apache/catalina/core/
java/org/apache/catalina/startup/ java/org/apache/coyote/
test/org/apache/tomcat/unittest/ webapps/docs/ webapps/docs/...
Author: markt
Date: Tue Dec 1 13:00:14 2015
New Revision: 1717418
URL: http://svn.apache.org/viewvc?rev=1717418&view=rev
Log:
Additional fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=56917
Make relative redirects configurable
Modified:
tomcat/trunk/java/org/apache/catalina/Context.java
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java
tomcat/trunk/java/org/apache/coyote/Request.java
tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/context.xml
Modified: tomcat/trunk/java/org/apache/catalina/Context.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Context.java Tue Dec 1 13:00:14 2015
@@ -1716,4 +1716,36 @@ public interface Context extends Contain
* Context.
*/
public boolean getMapperDirectoryRedirectEnabled();
+
+ /**
+ * Controls whether HTTP 1.1 and later location headers generated by a call
+ * to {@link javax.servlet.http.HttpServletResponse#sendRedirect(String)}
+ * will use relative or absolute redirects.
+ * <p>
+ * Relative redirects are more efficient but may not work with reverse
+ * proxies that change the context path. It should be noted that it is not
+ * recommended to use a reverse proxy to change the context path because of
+ * the multiple issues it creates.
+ * <p>
+ * Absolute redirects should work with reverse proxies that change the
+ * context path but may cause issues with the
+ * {@link org.apache.catalina.filters.RemoteIpFilter} if the filter is
+ * changing the scheme and/or port.
+ *
+ * @param useRelativeRedirects {@code true} to use relative redirects and
+ * {@code false} to use absolute redirects
+ */
+ public void setUseRelativeRedirects(boolean useRelativeRedirects);
+
+ /**
+ * Will HTTP 1.1 and later location headers generated by a call to
+ * {@link javax.servlet.http.HttpServletResponse#sendRedirect(String)} use
+ * relative or absolute redirects.
+ *
+ * @return {@code true} if relative redirects will be used {@code false} if
+ * absolute redirects are used.
+ *
+ * @see #setUseRelativeRedirects(boolean)
+ */
+ public boolean getUseRelativeRedirects();
}
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Tue Dec 1 13:00:14 2015
@@ -1288,7 +1288,14 @@ public class Response
// Generate a temporary redirect to the specified location
try {
- String locationUri = URI.create(location).toASCIIString();
+ String locationUri;
+ // Relative redirects require HTTP/1.1
+ if (getRequest().getCoyoteRequest().getSupportsRelativeRedirects() &&
+ getContext().getUseRelativeRedirects()) {
+ locationUri = URI.create(location).toASCIIString();
+ } else {
+ locationUri = toAbsolute(location);
+ }
setStatus(status);
setHeader("Location", locationUri);
if (getContext().getSendRedirectBody()) {
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Tue Dec 1 13:00:14 2015
@@ -817,14 +817,33 @@ public class StandardContext extends Con
private boolean validateClientProvidedNewSessionId = true;
- boolean mapperContextRootRedirectEnabled = false;
+ private boolean mapperContextRootRedirectEnabled = false;
- boolean mapperDirectoryRedirectEnabled = false;
+ private boolean mapperDirectoryRedirectEnabled = false;
+
+ private boolean useRelativeRedirects = true;
// ----------------------------------------------------- Context Properties
@Override
+ public void setUseRelativeRedirects(boolean useRelativeRedirects) {
+ this.useRelativeRedirects = useRelativeRedirects;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ * <p>
+ * The default value for this implementation is {@code true}.
+ */
+ @Override
+ public boolean getUseRelativeRedirects() {
+ return useRelativeRedirects;
+ }
+
+
+ @Override
public void setMapperContextRootRedirectEnabled(boolean mapperContextRootRedirectEnabled) {
this.mapperContextRootRedirectEnabled = mapperContextRootRedirectEnabled;
}
Modified: tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/FailedContext.java Tue Dec 1 13:00:14 2015
@@ -785,4 +785,9 @@ public class FailedContext extends Lifec
@Override
public boolean getMapperDirectoryRedirectEnabled() { return false; }
+
+ @Override
+ public void setUseRelativeRedirects(boolean useRelativeRedirects) { /* NO-OP */ }
+ @Override
+ public boolean getUseRelativeRedirects() { return true; }
}
\ No newline at end of file
Modified: tomcat/trunk/java/org/apache/coyote/Request.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/Request.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/Request.java (original)
+++ tomcat/trunk/java/org/apache/coyote/Request.java Tue Dec 1 13:00:14 2015
@@ -471,6 +471,13 @@ public final class Request {
return result.get();
}
+ public boolean getSupportsRelativeRedirects() {
+ if (protocol().equals("") || protocol().equals("HTTP/1.0")) {
+ return false;
+ }
+ return true;
+ }
+
// -------------------- Input Buffer --------------------
Modified: tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/unittest/TesterContext.java Tue Dec 1 13:00:14 2015
@@ -1254,4 +1254,9 @@ public class TesterContext implements Co
@Override
public boolean getMapperDirectoryRedirectEnabled() { return false; }
+
+ @Override
+ public void setUseRelativeRedirects(boolean useRelativeRedirects) { /* NO-OP */ }
+ @Override
+ public boolean getUseRelativeRedirects() { return true; }
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Dec 1 13:00:14 2015
@@ -72,8 +72,10 @@
by Tom Anderson. (fschumacher)
</fix>
<add>
- <bug>56917</bug>: As per RFC7231 (HTTP/1.1) allow redirects to use
- relative UIRs. (markt)
+ <bug>56917</bug>: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later
+ redirects to use relative URIs. This is controlled by a new attribute
+ <code>useRelativeRedirects</code> on the <strong>Context</strong> and
+ defaults to <code>true</code>. (markt)
</add>
<fix>
<bug>58629</bug>: Allow an embedded Tomcat instance to start when the
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1717418&r1=1717417&r2=1717418&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Tue Dec 1 13:00:14 2015
@@ -551,6 +551,21 @@
<code>true</code>.</p>
</attribute>
+ <attribute name="useRelativeRedirects" required="false">
+ <p>Controls whether HTTP 1.1 and later location headers generated by a
+ call to
+ <code>javax.servlet.http.HttpServletResponse#sendRedirect(String)</code>
+ will use relative or absolute redirects. Relative redirects are more
+ efficient but may not work with reverse proxies that change the context
+ path. It should be noted that it is not recommended to use a reverse
+ proxy to change the context path because of the multiple issues it
+ creates. Absolute redirects should work with reverse proxies that change
+ the context path but may cause issues with the
+ <code>org.apache.catalina.filters.RemoteIpFilter</code> if the filter is
+ changing the scheme and/or port. Defaults to <code>true</code>.
+ </p>
+ </attribute>
+
<attribute name="validateClientProvidedNewSessionId" required="false">
<p>When a client provides the ID for a new session, this attribute
controls whether that ID is validated. The only use case for using a
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org