You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2019/07/09 20:23:25 UTC
[tomcat] branch mark-forwarded-request/7.0.x created (now f33fcbb)
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a change to branch mark-forwarded-request/7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at f33fcbb BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
This branch includes the following new commits:
new f33fcbb BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[tomcat] 01/01: BZ 63556: Mark request as forwarded in
RemoteIpValve and RemoteIpFilter
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch mark-forwarded-request/7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f33fcbbd8bbcb8cde635c01615a1daeb802c677d
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Tue Jul 9 14:59:09 2019 +0200
BZ 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
---
java/org/apache/catalina/Globals.java | 8 +++++-
.../apache/catalina/filters/RemoteIpFilter.java | 4 +++
java/org/apache/catalina/valves/RemoteIpValve.java | 4 +++
.../catalina/filters/TestRemoteIpFilter.java | 23 +++++++++++++++++
.../apache/catalina/valves/TestRemoteIpValve.java | 30 ++++++++++++++++++++++
webapps/docs/changelog.xml | 11 ++++++++
6 files changed, 79 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/Globals.java b/java/org/apache/catalina/Globals.java
index 90ab78c..d079697 100644
--- a/java/org/apache/catalina/Globals.java
+++ b/java/org/apache/catalina/Globals.java
@@ -274,8 +274,14 @@ public final class Globals {
/**
- *
+ * The request attribute that is set to the value of {@code Boolean.TRUE}
+ * by the RemoteIpFilter, RemoteIpValve (and other similar components) that identifies
+ * a request which been forwarded via one or more proxies.
*/
+ public static final String REQUEST_FORWARDED_ATTRIBUTE =
+ "org.apache.tomcat.request.forwarded";
+
+
public static final String ASYNC_SUPPORTED_ATTR =
"org.apache.catalina.ASYNC_SUPPORTED";
diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java
index 1bc5b9f..2830ac7 100644
--- a/java/org/apache/catalina/filters/RemoteIpFilter.java
+++ b/java/org/apache/catalina/filters/RemoteIpFilter.java
@@ -82,6 +82,8 @@ import org.apache.juli.logging.LogFactory;
* <code>protocolHeaderHttpsValue</code> configuration parameter (default <code>https</code>) then <code>request.isSecure = true</code>,
* <code>request.scheme = https</code> and <code>request.serverPort = 443</code>. Note that 443 can be overwritten with the
* <code>$httpsServerPort</code> configuration parameter.</li>
+ * <li>Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate
+ * that this request has been forwarded by one or more proxies.</li>
* </ul>
* <table border="1">
* <caption>Configuration parameters</caption>
@@ -842,6 +844,8 @@ public class RemoteIpFilter implements Filter {
}
}
+ request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE);
+
if (log.isDebugEnabled()) {
log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr()
+ "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure()
diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java
index 24e0065..f36cd72 100644
--- a/java/org/apache/catalina/valves/RemoteIpValve.java
+++ b/java/org/apache/catalina/valves/RemoteIpValve.java
@@ -64,6 +64,8 @@ import org.apache.tomcat.util.http.MimeHeaders;
* <code>protocolHeaderHttpsValue</code> configuration parameter (default <code>https</code>) then <code>request.isSecure = true</code>,
* <code>request.scheme = https</code> and <code>request.serverPort = 443</code>. Note that 443 can be overwritten with the
* <code>$httpsServerPort</code> configuration parameter.</li>
+ * <li>Mark the request with the attribute {@link Globals#REQUEST_FORWARDED_ATTRIBUTE} and value {@code Boolean.TRUE} to indicate
+ * that this request has been forwarded by one or more proxies.</li>
* </ul>
* <table border="1">
* <caption>Configuration parameters</caption>
@@ -660,6 +662,8 @@ public class RemoteIpValve extends ValveBase {
}
}
+ request.setAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE, Boolean.TRUE);
+
if (log.isDebugEnabled()) {
log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + originalRemoteAddr
+ "', originalRemoteHost='" + originalRemoteHost + "', originalSecure='" + originalSecure + "', originalScheme='"
diff --git a/test/org/apache/catalina/filters/TestRemoteIpFilter.java b/test/org/apache/catalina/filters/TestRemoteIpFilter.java
index 3d796bd..f6c14eb 100644
--- a/test/org/apache/catalina/filters/TestRemoteIpFilter.java
+++ b/test/org/apache/catalina/filters/TestRemoteIpFilter.java
@@ -42,6 +42,7 @@ import org.junit.Test;
import org.apache.catalina.AccessLog;
import org.apache.catalina.Context;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
@@ -625,6 +626,28 @@ public class TestRemoteIpFilter extends TomcatBaseTest {
actualRequest.getAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE));
}
+ @Test
+ public void testRequestForwarded() throws Exception {
+ // PREPARE
+ FilterDef filterDef = new FilterDef();
+ filterDef.addInitParameter("protocolHeader", "x-forwarded-proto");
+ filterDef.addInitParameter("remoteIpHeader", "x-my-forwarded-for");
+ filterDef.addInitParameter("httpServerPort", "8080");
+
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.setRemoteAddr("192.168.0.10");
+ request.setHeader("x-my-forwarded-for", "140.211.11.130");
+ request.setHeader("x-forwarded-proto", "http");
+
+ // TEST
+ HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
+
+ // VERIFY
+ Assert.assertEquals("org.apache.tomcat.request.forwarded",
+ Boolean.TRUE,
+ actualRequest.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
+ }
+
/**
* Test {@link RemoteIpFilter} in Tomcat standalone server
*/
diff --git a/test/org/apache/catalina/valves/TestRemoteIpValve.java b/test/org/apache/catalina/valves/TestRemoteIpValve.java
index 1d9e7b0..e62db95 100644
--- a/test/org/apache/catalina/valves/TestRemoteIpValve.java
+++ b/test/org/apache/catalina/valves/TestRemoteIpValve.java
@@ -27,6 +27,7 @@ import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.AccessLog;
+import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -901,6 +902,35 @@ public class TestRemoteIpValve {
request.getAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE));
}
+ @Test
+ public void testRequestForwarded() throws Exception {
+
+ // PREPARE
+ RemoteIpValve remoteIpValve = new RemoteIpValve();
+ remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+ remoteIpValve.setProtocolHeader("x-forwarded-proto");
+ RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
+ remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+ Request request = new MockRequest();
+ request.setCoyoteRequest(new org.apache.coyote.Request());
+ // client ip
+ request.setRemoteAddr("192.168.0.10");
+ request.setRemoteHost("192.168.0.10");
+ request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
+ // protocol
+ request.setServerPort(8080);
+ request.getCoyoteRequest().scheme().setString("http");
+
+ // TEST
+ remoteIpValve.invoke(request, null);
+
+ // VERIFY
+ Assert.assertEquals("org.apache.tomcat.request.forwarded",
+ Boolean.TRUE,
+ request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
+ }
+
private void assertArrayEquals(String[] expected, String[] actual) {
if (expected == null) {
Assert.assertNull(actual);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e002955..efb7ee6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -38,6 +38,7 @@
<author email="jboynes at apache.org">Jeremy Boynes</author>
<author email="fschumacher at apache.org">Felix Schumacher</author>
<author email="huxing at apache.org">Huxing Zhang</author>
+ <author email="michaelo at apache.org">Michael Osipov</author>
<title>Changelog</title>
<no-comments />
</properties>
@@ -58,6 +59,16 @@
They eventually become mixed with the numbered issues (i.e., numbered
issues do not "pop up" wrt. others).
-->
+<section name="Tomcat 7.0.96" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <add>
+ <bug>63556</bug>: Mark request as forwarded in RemoteIpValve and
+ RemoteIpFilter (michaelo)
+ </add>
+ </changelog>
+ </subsection>
+</section>
<section name="Tomcat 7.0.95 (violetagg)">
<subsection name="Catalina">
<changelog>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org