Java Code Examples for org.apache.catalina.connector.Request#getHeader()
The following examples show how to use
org.apache.catalina.connector.Request#getHeader() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RemoteIpValve.java From Tomcat8-Source-Read with MIT License | 6 votes |
private void setPorts(Request request, int defaultPort) { int port = defaultPort; if (portHeader != null) { String portHeaderValue = request.getHeader(portHeader); if (portHeaderValue != null) { try { port = Integer.parseInt(portHeaderValue); } catch (NumberFormatException nfe) { if (log.isDebugEnabled()) { log.debug(sm.getString( "remoteIpValve.invalidPortHeader", portHeaderValue, portHeader), nfe); } } } } request.setServerPort(port); if (changeLocalPort) { request.setLocalPort(port); } }
Example 2
Source File: CSRFValve.java From attic-stratos with Apache License 2.0 | 6 votes |
/** * Validate referer header * @param request Http Request * @throws ServletException */ private void validateRefererHeader(Request request) throws ServletException { String refererHeader = request.getHeader(REFERER_HEADER); boolean allow = false; if (refererHeader != null) { for (String ip : whiteList) { if (refererHeader.startsWith(ip)) { allow = true; break; } } if (!allow) { throw new ServletException("Possible CSRF attack. Refer header : " + refererHeader); } } }
Example 3
Source File: TestRemoteIpValve.java From Tomcat8-Source-Read with MIT License | 5 votes |
@Test public void testInvokeNotAllowedRemoteAddr() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11"); remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("not-allowed-internal-proxy"); request.setRemoteHost("not-allowed-internal-proxy-host"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); Assert.assertEquals("x-forwarded-for must be unchanged", "140.211.11.130, proxy1, proxy2", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); Assert.assertNull("x-forwarded-by must be null", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); Assert.assertEquals("remoteAddr", "not-allowed-internal-proxy", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); Assert.assertEquals("remoteHost", "not-allowed-internal-proxy-host", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy-host", actualPostInvokeRemoteHost); }
Example 4
Source File: TestRemoteIpValve.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
@Test public void testInvokeAllProxiesAreInternal() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11"); remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("remote-host-original-value"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, 192.168.0.10, 192.168.0.11"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("all proxies are internal, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("all proxies are internal, x-forwarded-by must be null", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost); }
Example 5
Source File: TestRemoteIpValve.java From tomcatsrc with Apache License 2.0 | 5 votes |
@Test public void testInvokeAllProxiesAreInternal() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11"); remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("remote-host-original-value"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, 192.168.0.10, 192.168.0.11"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("all proxies are internal, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("all proxies are internal, x-forwarded-by must be null", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost); }
Example 6
Source File: SSLValve.java From tomcatsrc with Apache License 2.0 | 5 votes |
public String mygetHeader(Request request, String header) { String strcert0 = request.getHeader(header); if (strcert0 == null) { return null; } /* mod_header writes "(null)" when the ssl variable is no filled */ if ("(null)".equals(strcert0)) { return null; } return strcert0; }
Example 7
Source File: TestRemoteIpValve.java From tomcatsrc with Apache License 2.0 | 5 votes |
@Test public void testInvokeAllowedRemoteAddrWithNullRemoteIpHeader() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("192\\.168\\.0\\.10, 192\\.168\\.0\\.11"); remoteIpValve.setTrustedProxies("proxy1, proxy2, proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("remote-host-original-value"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("x-forwarded-by must be null", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "192.168.0.10", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "remote-host-original-value", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost); }
Example 8
Source File: TestRemoteIpValve.java From Tomcat8-Source-Read with MIT License | 5 votes |
@Test public void testInvokeAllowedRemoteAddrWithNullRemoteIpHeader() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("192\\.168\\.0\\.10, 192\\.168\\.0\\.11"); remoteIpValve.setTrustedProxies("proxy1, proxy2, proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("remote-host-original-value"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); Assert.assertNull("x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); Assert.assertNull("x-forwarded-by must be null", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); Assert.assertEquals("remoteAddr", "192.168.0.10", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); Assert.assertEquals("remoteHost", "remote-host-original-value", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); Assert.assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost); }
Example 9
Source File: TestRemoteIpValve.java From Tomcat8-Source-Read with MIT License | 5 votes |
@Override public void invoke(Request request, Response response) throws IOException, ServletException { this.remoteHost = request.getRemoteHost(); this.remoteAddr = request.getRemoteAddr(); this.scheme = request.getScheme(); this.secure = request.isSecure(); this.serverName = request.getServerName(); this.serverPort = request.getServerPort(); this.forwardedFor = request.getHeader("x-forwarded-for"); this.forwardedBy = request.getHeader("x-forwarded-by"); }
Example 10
Source File: SSLValve.java From Tomcat8-Source-Read with MIT License | 5 votes |
public String mygetHeader(Request request, String header) { String strcert0 = request.getHeader(header); if (strcert0 == null) { return null; } /* mod_header writes "(null)" when the ssl variable is no filled */ if ("(null)".equals(strcert0)) { return null; } return strcert0; }
Example 11
Source File: TestRemoteIpValve.java From Tomcat8-Source-Read with MIT License | 4 votes |
@Test public void testInvokeXforwardedProtoSaysHttpsForIncomingHttpRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https"); request.setSecure(false); request.setServerPort(8080); request.getCoyoteRequest().scheme().setString("http"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor(); Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); Assert.assertEquals("x-forwarded-proto says https", "https", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); Assert.assertEquals("x-forwarded-proto says https", 443, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); Assert.assertTrue("x-forwarded-proto says https", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); Assert.assertFalse("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); Assert.assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); Assert.assertEquals("postInvoke scheme", "http", actualPostInvokeScheme); }
Example 12
Source File: TestRemoteIpValve.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
@Test public void testInvokeXforwardedProtoIsNullForIncomingHttpRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol // null "x-forwarded-proto" request.setSecure(false); request.setServerPort(8080); request.getCoyoteRequest().scheme().setString("http"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); assertEquals("x-forwarded-proto is null", "http", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); assertEquals("x-forwarded-proto is null", 8080, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); assertFalse("x-forwarded-proto is null", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); assertFalse("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); assertEquals("postInvoke scheme", "http", actualPostInvokeScheme); }
Example 13
Source File: TestRemoteIpValve.java From Tomcat8-Source-Read with MIT License | 4 votes |
@Test public void testInvokeXforwardedProtoIsNullForIncomingHttpsRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol // Don't declare "x-forwarded-proto" request.setSecure(true); request.setServerPort(8443); request.getCoyoteRequest().scheme().setString("https"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor(); Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); Assert.assertEquals("x-forwarded-proto is null", "https", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); Assert.assertEquals("x-forwarded-proto is null", 8443, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); Assert.assertTrue("x-forwarded-proto is null", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); Assert.assertTrue("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); Assert.assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); Assert.assertEquals("postInvoke scheme", "https", actualPostInvokeScheme); }
Example 14
Source File: DigestAuthenticator.java From Tomcat8-Source-Read with MIT License | 4 votes |
/** * Authenticate the user making this request, based on the specified * login configuration. Return <code>true</code> if any specified * constraint has been satisfied, or <code>false</code> if we have * created a response challenge already. * * @param request Request we are processing * @param response Response we are creating * * @exception IOException if an input/output error occurs */ @Override protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException { // NOTE: We don't try to reauthenticate using any existing SSO session, // because that will only work if the original authentication was // BASIC or FORM, which are less secure than the DIGEST auth-type // specified for this webapp // // Change to true below to allow previous FORM or BASIC authentications // to authenticate users for this webapp // TODO make this a configurable attribute (in SingleSignOn??) if (checkForCachedAuthentication(request, response, false)) { return true; } // Validate any credentials already included with this request Principal principal = null; String authorization = request.getHeader("authorization"); DigestInfo digestInfo = new DigestInfo(getOpaque(), getNonceValidity(), getKey(), nonces, isValidateUri()); if (authorization != null) { if (digestInfo.parse(request, authorization)) { if (digestInfo.validate(request)) { principal = digestInfo.authenticate(context.getRealm()); } if (principal != null && !digestInfo.isNonceStale()) { register(request, response, principal, HttpServletRequest.DIGEST_AUTH, digestInfo.getUsername(), null); return true; } } } // Send an "unauthorized" response and an appropriate challenge // Next, generate a nonce token (that is a token which is supposed // to be unique). String nonce = generateNonce(request); setAuthenticateHeader(request, response, nonce, principal != null && digestInfo.isNonceStale()); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return false; }
Example 15
Source File: TestRemoteIpValve.java From Tomcat7.0.67 with Apache License 2.0 | 4 votes |
@Test public void testInvokeXforwardedProtoSaysHttpForIncomingHttpsRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("http"); request.setSecure(true); request.setServerPort(8443); request.getCoyoteRequest().scheme().setString("https"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); assertEquals("x-forwarded-proto says http", "http", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); assertEquals("x-forwarded-proto says http", 80, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); assertFalse("x-forwarded-proto says http", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); assertTrue("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); assertEquals("postInvoke scheme", "https", actualPostInvokeScheme); }
Example 16
Source File: TestRemoteIpValve.java From tomcatsrc with Apache License 2.0 | 4 votes |
@Test public void testInvokeAllProxiesAreTrustedAndRemoteAddrMatchRegexp() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setInternalProxies("127\\.0\\.0\\.1|192\\.168\\..*|another-internal-proxy"); remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3"); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProxiesHeader("x-forwarded-by"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("remote-host-original-value"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("proxy1"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("proxy2"); // TEST remoteIpValve.invoke(request, null); // VERIFY String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost); }
Example 17
Source File: TestRemoteIpValve.java From tomcatsrc with Apache License 2.0 | 4 votes |
@Test public void testInvokeXforwardedProtoIsNullForIncomingHttpRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol // null "x-forwarded-proto" request.setSecure(false); request.setServerPort(8080); request.getCoyoteRequest().scheme().setString("http"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); assertEquals("x-forwarded-proto is null", "http", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); assertEquals("x-forwarded-proto is null", 8080, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); assertFalse("x-forwarded-proto is null", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); assertFalse("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); assertEquals("postInvoke scheme", "http", actualPostInvokeScheme); }
Example 18
Source File: JDBCAccessLogValve.java From tomcatsrc with Apache License 2.0 | 4 votes |
@Override public void log(Request request, Response response, long time) { if (!getState().isAvailable()) { return; } final String EMPTY = "" ; String remoteHost; if(resolveHosts) { if (requestAttributesEnabled) { Object host = request.getAttribute(REMOTE_HOST_ATTRIBUTE); if (host == null) { remoteHost = request.getRemoteHost(); } else { remoteHost = (String) host; } } else { remoteHost = request.getRemoteHost(); } } else { if (requestAttributesEnabled) { Object addr = request.getAttribute(REMOTE_ADDR_ATTRIBUTE); if (addr == null) { remoteHost = request.getRemoteAddr(); } else { remoteHost = (String) addr; } } else { remoteHost = request.getRemoteAddr(); } } String user = request.getRemoteUser(); String query=request.getRequestURI(); long bytes = response.getBytesWritten(true); if(bytes < 0) { bytes = 0; } int status = response.getStatus(); String virtualHost = EMPTY; String method = EMPTY; String referer = EMPTY; String userAgent = EMPTY; String logPattern = pattern; if (logPattern.equals("combined")) { virtualHost = request.getServerName(); method = request.getMethod(); referer = request.getHeader("referer"); userAgent = request.getHeader("user-agent"); } synchronized (this) { int numberOfTries = 2; while (numberOfTries>0) { try { open(); ps.setString(1, remoteHost); ps.setString(2, user); ps.setTimestamp(3, new Timestamp(getCurrentTimeMillis())); ps.setString(4, query); ps.setInt(5, status); if(useLongContentLength) { ps.setLong(6, bytes); } else { if (bytes > Integer.MAX_VALUE) { bytes = -1 ; } ps.setInt(6, (int) bytes); } if (logPattern.equals("combined")) { ps.setString(7, virtualHost); ps.setString(8, method); ps.setString(9, referer); ps.setString(10, userAgent); } ps.executeUpdate(); return; } catch (SQLException e) { // Log the problem for posterity container.getLogger().error(sm.getString("jdbcAccessLogValve.exception"), e); // Close the connection so that it gets reopened next time if (conn != null) { close(); } } numberOfTries--; } } }
Example 19
Source File: CertificateAuthenticator.java From carbon-device-mgt with Apache License 2.0 | 4 votes |
@Override public boolean canHandle(Request request) { return request.getHeader(CERTIFICATE_VERIFICATION_HEADER) != null || request.getHeader(MUTUAL_AUTH_HEADER) != null || request.getHeader(PROXY_MUTUAL_AUTH_HEADER) != null; }
Example 20
Source File: TestRemoteIpValve.java From tomcatsrc with Apache License 2.0 | 4 votes |
@Test public void testInvokeXforwardedProtoSaysHttpForIncomingHttpsRequest() throws Exception { // PREPARE RemoteIpValve remoteIpValve = new RemoteIpValve(); remoteIpValve.setRemoteIpHeader("x-forwarded-for"); remoteIpValve.setProtocolHeader("x-forwarded-proto"); RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); remoteIpValve.setNext(remoteAddrAndHostTrackerValve); Request request = new MockRequest(); request.setCoyoteRequest(new org.apache.coyote.Request()); // client ip request.setRemoteAddr("192.168.0.10"); request.setRemoteHost("192.168.0.10"); request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130"); // protocol request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("http"); request.setSecure(true); request.setServerPort(8443); request.getCoyoteRequest().scheme().setString("https"); // TEST remoteIpValve.invoke(request, null); // VERIFY // client ip String actualXForwardedFor = request.getHeader("x-forwarded-for"); assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor); String actualXForwardedBy = request.getHeader("x-forwarded-by"); assertNull("no intermediate trusted proxy", actualXForwardedBy); String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); String actualPostInvokeRemoteAddr = request.getRemoteAddr(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr); String actualPostInvokeRemoteHost = request.getRemoteHost(); assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost); // protocol String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); assertEquals("x-forwarded-proto says http", "http", actualScheme); int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); assertEquals("x-forwarded-proto says http", 80, actualServerPort); boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); assertFalse("x-forwarded-proto says http", actualSecure); boolean actualPostInvokeSecure = request.isSecure(); assertTrue("postInvoke secure", actualPostInvokeSecure); int actualPostInvokeServerPort = request.getServerPort(); assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort); String actualPostInvokeScheme = request.getScheme(); assertEquals("postInvoke scheme", "https", actualPostInvokeScheme); }