You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/01/20 15:06:01 UTC
svn commit: r1559699 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/ java/org/apache/catalina/filters/
java/org/apache/catalina/manager/ java/org/apache/catalina/valves/
java/org/apache/coyote/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Mon Jan 20 14:06:01 2014
New Revision: 1559699
URL: http://svn.apache.org/r1559699
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55956
Make the forwarded remote IP available on the Manager status page
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/StatusTransformer.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/Constants.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/RequestInfo.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1559697
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/Globals.java Mon Jan 20 14:06:01 2014
@@ -258,6 +258,19 @@ public final class Globals {
/**
+ * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may
+ * be set by other similar components) that identifies for the connector the
+ * remote IP address claimed to be associated with this request when a
+ * request is received via one or more proxies. It is typically provided via
+ * the X-Forwarded-For HTTP header.
+ *
+ * Duplicated here for neater code in the catalina packages.
+ */
+ public static final String REMOTE_ADDR_ATTRIBUTE =
+ org.apache.coyote.Constants.REMOTE_ADDR_ATTRIBUTE;
+
+
+ /**
*
*/
public static final String ASYNC_SUPPORTED_ATTR =
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Jan 20 14:06:01 2014
@@ -42,6 +42,7 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.AccessLog;
+import org.apache.catalina.Globals;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -821,6 +822,8 @@ public class RemoteIpFilter implements F
if (requestAttributesEnabled) {
request.setAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE,
xRequest.getRemoteAddr());
+ request.setAttribute(Globals.REMOTE_ADDR_ATTRIBUTE,
+ xRequest.getRemoteAddr());
request.setAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE,
xRequest.getRemoteHost());
request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE,
@@ -1108,6 +1111,7 @@ public class RemoteIpFilter implements F
* <li>org.apache.catalina.AccessLog.RemoteHost</li>
* <li>org.apache.catalina.AccessLog.Protocol</li>
* <li>org.apache.catalina.AccessLog.ServerPort</li>
+ * <li>org.apache.tomcat.remoteAddr</li>
* </ul>
*
* @param requestAttributesEnabled <code>true</code> causes the attributes
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/StatusTransformer.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/StatusTransformer.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/StatusTransformer.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/StatusTransformer.java Mon Jan 20 14:06:01 2014
@@ -337,7 +337,7 @@ public class StatusTransformer {
(grpName, "bytesSent"), true));
writer.print("</p>");
- writer.print("<table border=\"0\"><tr><th>Stage</th><th>Time</th><th>B Sent</th><th>B Recv</th><th>Client</th><th>VHost</th><th>Request</th></tr>");
+ writer.print("<table border=\"0\"><tr><th>Stage</th><th>Time</th><th>B Sent</th><th>B Recv</th><th>Client (Forwarded)</th><th>Client (Actual)</th><th>VHost</th><th>Request</th></tr>");
enumeration = requestProcessors.elements();
while (enumeration.hasMoreElements()) {
@@ -486,6 +486,10 @@ public class StatusTransformer {
writer.write("</td>");
writer.write("<td>");
writer.print(filter(mBeanServer.getAttribute
+ (pName, "remoteAddrForwarded")));
+ writer.write("</td>");
+ writer.write("<td>");
+ writer.print(filter(mBeanServer.getAttribute
(pName, "remoteAddr")));
writer.write("</td>");
writer.write("<td nowrap>");
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Jan 20 14:06:01 2014
@@ -26,6 +26,7 @@ import java.util.regex.Pattern;
import javax.servlet.ServletException;
import org.apache.catalina.AccessLog;
+import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.juli.logging.Log;
@@ -669,6 +670,8 @@ public class RemoteIpValve extends Valve
if (requestAttributesEnabled) {
request.setAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE,
request.getRemoteAddr());
+ request.setAttribute(Globals.REMOTE_ADDR_ATTRIBUTE,
+ request.getRemoteAddr());
request.setAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE,
request.getRemoteHost());
request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE,
@@ -827,6 +830,7 @@ public class RemoteIpValve extends Valve
* <li>org.apache.catalina.AccessLog.RemoteHost</li>
* <li>org.apache.catalina.AccessLog.Protocol</li>
* <li>org.apache.catalina.AccessLog.ServerPort</li>
+ * <li>org.apache.tomcat.remoteAddr</li>
* </ul>
*
* @param requestAttributesEnabled <code>true</code> causes the attributes
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/Constants.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/Constants.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/Constants.java Mon Jan 20 14:06:01 2014
@@ -128,4 +128,15 @@ public final class Constants {
*/
public static final String SENDFILE_FILE_END_ATTR =
"org.apache.tomcat.sendfile.end";
+
+
+ /**
+ * The request attribute set by the RemoteIpFilter, RemoteIpValve (and may
+ * be set by other similar components) that identifies for the connector the
+ * remote IP address claimed to be associated with this request when a
+ * request is received via one or more proxies. It is typically provided via
+ * the X-Forwarded-For HTTP header.
+ */
+ public static final String REMOTE_ADDR_ATTRIBUTE =
+ "org.apache.tomcat.remoteAddr";
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/RequestInfo.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/RequestInfo.java?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/RequestInfo.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/RequestInfo.java Mon Jan 20 14:06:01 2014
@@ -98,6 +98,18 @@ public class RequestInfo {
return req.remoteAddr().toString();
}
+ /**
+ * Obtain the remote address for this connection as reported by an
+ * intermediate proxy (if any).
+ */
+ public String getRemoteAddrForwarded() {
+ String remoteAddrProxy = (String) req.getAttribute(Constants.REMOTE_ADDR_ATTRIBUTE);
+ if (remoteAddrProxy == null) {
+ return getRemoteAddr();
+ }
+ return remoteAddrProxy;
+ }
+
public int getContentLength() {
return req.getContentLength();
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jan 20 14:06:01 2014
@@ -117,6 +117,10 @@
set. (markt)
</fix>
<fix>
+ <bug>55956</bug>: Make the forwarded remote IP address available to the
+ Connectors via a request attribute. (markt)
+ </fix>
+ <fix>
<bug>55976</bug>: Fix sendfile support for the HTTP NIO connector.
(markt)
</fix>
@@ -185,6 +189,11 @@
<bug>55888</bug>: Update the documentation web application to make it
clearer that a Container may define no more than one Realm. (markt)
</fix>
+ <fix>
+ <bug>55956</bug>: Where available, displayed the forwarded remote IP
+ address available on the status page of the Manager web application.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml Mon Jan 20 14:06:01 2014
@@ -914,6 +914,7 @@ FINE: Request "/docs/config/manager.html
<li><code>org.apache.catalina.AccessLog.RemoteHost</code></li>
<li><code>org.apache.catalina.AccessLog.Protocol</code></li>
<li><code>org.apache.catalina.AccessLog.ServerPort</code></li>
+ <li><code>org.apache.tomcat.remoteAddr</code></li>
</ul>
</subsection>
@@ -1250,6 +1251,8 @@ FINE: Request "/docs/config/manager.html
<p>Set to <code>true</code> to set the request attributes used by
AccessLog implementations to override the values returned by the
request for remote address, remote host, server port and protocol.
+ Request attributes are also used to enable the forwarded remote address
+ to be displayed on the status page of the Manager web application.
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1559699&r1=1559698&r2=1559699&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Mon Jan 20 14:06:01 2014
@@ -1256,6 +1256,7 @@
<li><code>org.apache.catalina.AccessLog.RemoteHost</code></li>
<li><code>org.apache.catalina.AccessLog.Protocol</code></li>
<li><code>org.apache.catalina.AccessLog.ServerPort</code></li>
+ <li><code>org.apache.tomcat.remoteAddr</code></li>
</ul>
</subsection>
@@ -1299,6 +1300,8 @@
<p>Set to <code>true</code> to set the request attributes used by
AccessLog implementations to override the values returned by the
request for remote address, remote host, server port and protocol.
+ Request attributes are also used to enable the forwarded remote address
+ to be displayed on the status page of the Manager web application.
If not set, the default value of <code>true</code> will be used.</p>
</attribute>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org