You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@chemistry.apache.org by fm...@apache.org on 2012/02/08 21:31:30 UTC
svn commit: r1242078 - in
/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main:
java/org/apache/chemistry/opencmis/server/impl/atompub/ webapp/WEB-INF/
Author: fmui
Date: Wed Feb 8 20:31:30 2012
New Revision: 1242078
URL: http://svn.apache.org/viewvc?rev=1242078&view=rev
Log:
CMIS-500: support for X-Forwarded-Host and X-Forwarded-Proto headers
Added:
chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java (with props)
Modified:
chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/CmisAtomPubServlet.java
chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/webapp/WEB-INF/web.xml
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/CmisAtomPubServlet.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/CmisAtomPubServlet.java?rev=1242078&r1=1242077&r2=1242078&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/CmisAtomPubServlet.java (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/CmisAtomPubServlet.java Wed Feb 8 20:31:30 2012
@@ -45,6 +45,7 @@ import static org.apache.chemistry.openc
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.regex.Pattern;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -85,6 +86,7 @@ import org.apache.commons.logging.LogFac
public class CmisAtomPubServlet extends HttpServlet {
public static final String PARAM_CALL_CONTEXT_HANDLER = "callContextHandler";
+ public static final String PARAM_TRUSTED_PROXIES = "trustedProxies";
private static final Log LOG = LogFactory.getLog(CmisAtomPubServlet.class.getName());
@@ -92,6 +94,7 @@ public class CmisAtomPubServlet extends
private Dispatcher dispatcher;
private CallContextHandler callContextHandler;
+ private Pattern trustedProxies;
@Override
public void init(ServletConfig config) throws ServletException {
@@ -108,6 +111,17 @@ public class CmisAtomPubServlet extends
}
}
+ // initialize trusted proxy pattern
+ trustedProxies = null;
+ String trustedProxiesString = config.getInitParameter(PARAM_TRUSTED_PROXIES);
+ if (trustedProxiesString != null) {
+ try {
+ trustedProxies = Pattern.compile(trustedProxiesString);
+ } catch (Exception e) {
+ throw new ServletException("Could not compile trustedProxies parameter: " + e, e);
+ }
+ }
+
// initialize the dispatcher
dispatcher = new Dispatcher();
@@ -155,6 +169,11 @@ public class CmisAtomPubServlet extends
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
+ // check for trusted proxy
+ if (trustedProxies != null && trustedProxies.matcher(request.getRemoteAddr()).matches()) {
+ request = new ProxyHttpServletRequestWrapper(request);
+ }
+
// set default headers
response.addHeader("Cache-Control", "private, max-age=0");
response.addHeader("Server", ServerVersion.OPENCMIS_SERVER);
Added: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java?rev=1242078&view=auto
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java (added)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java Wed Feb 8 20:31:30 2012
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.chemistry.opencmis.server.impl.atompub;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+public class ProxyHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+ private static final String FORWARDED_HOST_HEADER = "X-Forwarded-Host";
+ private static final String FORWARDED_PROTO_HEADER = "X-Forwarded-Proto";
+ private static final String HTTPS_SCHEME = "https";
+ private static final String HTTP_SCHEME = "http";
+
+ private String scheme;
+ private String serverName;
+ private int serverPort;
+
+ public ProxyHttpServletRequestWrapper(HttpServletRequest request) {
+ super(request);
+
+ scheme = request.getHeader(FORWARDED_PROTO_HEADER);
+
+ if (!HTTP_SCHEME.equals(scheme) && !HTTPS_SCHEME.equals(scheme)) {
+ scheme = request.getScheme();
+ }
+
+ serverName = request.getServerName();
+ serverPort = request.getServerPort();
+
+ String host = request.getHeader(FORWARDED_HOST_HEADER);
+ if ((host != null) && (host.length() > 0)) {
+ int index = host.indexOf(':');
+ if (index < 0) {
+ serverName = host;
+ } else {
+ serverName = host.substring(0, index);
+ try {
+ serverPort = Integer.parseInt(host.substring(index + 1));
+ } catch (NumberFormatException e) {
+ }
+ }
+ }
+ }
+
+ @Override
+ public String getScheme() {
+ return scheme;
+ }
+
+ @Override
+ public String getServerName() {
+ return serverName;
+ }
+
+ @Override
+ public int getServerPort() {
+ return serverPort;
+ }
+}
Propchange: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/impl/atompub/ProxyHttpServletRequestWrapper.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/webapp/WEB-INF/web.xml?rev=1242078&r1=1242077&r2=1242078&view=diff
==============================================================================
--- chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/webapp/WEB-INF/web.xml (original)
+++ chemistry/opencmis/trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/webapp/WEB-INF/web.xml Wed Feb 8 20:31:30 2012
@@ -82,10 +82,19 @@
<param-name>callContextHandler</param-name>
<param-value>org.apache.chemistry.opencmis.server.shared.BasicAuthCallContextHandler</param-value>
</init-param>
+ <!--
+ Uncomment the following parameter if the OpenCMIS server runs behind a proxy server or a load balancer.
+ The value of the parameter is a regular expression. It must match the IP address of the proxy or load balancer.
+ -->
+ <!--
+ <init-param>
+ <param-name>trustedProxies</param-name>
+ <param-value>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}</param-value>
+ </init-param>
+ -->
<load-on-startup>2</load-on-startup>
</servlet>
- <!-- Browser Binding is deactivated until the implementation is complete. -->
<servlet>
<servlet-name>cmisbrowser</servlet-name>
<servlet-class>org.apache.chemistry.opencmis.server.impl.browser.CmisBrowserBindingServlet</servlet-class>
@@ -106,7 +115,6 @@
<url-pattern>/atom/*</url-pattern>
</servlet-mapping>
- <!-- Browser Binding is deactivated until the implementation is complete. -->
<servlet-mapping>
<servlet-name>cmisbrowser</servlet-name>
<url-pattern>/browser/*</url-pattern>