This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch jakarta-servlet-6
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/jakarta-servlet-6 by this push:
new 14a2ea3a85 Remove sslfilter from branch - version from master works
for servlet 5 and 6
14a2ea3a85 is described below
commit 14a2ea3a8511cdfa5515e936ab9abaecb93a876e
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Tue Aug 15 10:29:45 2023 +0200
Remove sslfilter from branch - version from master works for servlet 5 and 6
---
http/pom.xml | 1 -
http/sslfilter/pom.xml | 112 ----
.../main/appended-resources/META-INF/DEPENDENCIES | 13 -
.../felix/http/sslfilter/internal/SslFilter.java | 129 -----
.../sslfilter/internal/SslFilterConstants.java | 83 ---
.../http/sslfilter/internal/SslFilterRequest.java | 103 ----
.../http/sslfilter/internal/SslFilterResponse.java | 187 -------
.../sslfilter/internal/SslFilterJettyTest.java | 177 ------
.../sslfilter/internal/SslFilterRequestTest.java | 111 ----
.../sslfilter/internal/SslFilterResponseTest.java | 609 ---------------------
10 files changed, 1525 deletions(-)
diff --git a/http/pom.xml b/http/pom.xml
index 84ffd1fbe5..65f3abd7c9 100644
--- a/http/pom.xml
+++ b/http/pom.xml
@@ -47,7 +47,6 @@
<module>itest</module>
<module>webconsoleplugin</module>
<module>inventoryprinter</module>
- <module>sslfilter</module>
<module>samples/whiteboard</module>
</modules>
</project>
diff --git a/http/sslfilter/pom.xml b/http/sslfilter/pom.xml
deleted file mode 100644
index 3a2eced28a..0000000000
--- a/http/sslfilter/pom.xml
+++ /dev/null
@@ -1,112 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
-
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.http.parent</artifactId>
- <version>16-SNAPSHOT</version>
- <relativePath>../parent/pom.xml</relativePath>
- </parent>
-
- <name>Apache Felix Http SSL Filter</name>
- <artifactId>org.apache.felix.http.sslfilter</artifactId>
- <version>4.0.0-SNAPSHOT</version>
- <packaging>bundle</packaging>
-
- <scm>
-
<connection>scm:git:https://github.com/apache/felix-dev.git</connection>
-
<developerConnection>scm:git:https://github.com/apache/felix-dev.git</developerConnection>
- <url>https://gitbox.apache.org/repos/asf?p=felix-dev.git</url>
- <tag>HEAD</tag>
- </scm>
-
- <properties>
- <felix.java.version>17</felix.java.version>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>1.7.36</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.service.component.annotations</artifactId>
- <version>1.5.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.service.metatype.annotations</artifactId>
- <version>1.4.1</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.service.servlet</artifactId>
- <version>3.0.0-SNAPSHOT</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>jakarta.servlet</groupId>
- <artifactId>jakarta.servlet-api</artifactId>
- <scope>provided</scope>
- </dependency>
- <!-- Test Dependencies -->
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <version>1.7.36</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty.ee10</groupId>
- <artifactId>jetty-ee10-servlet</artifactId>
- <version>12.0.0.beta4</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
-</project>
diff --git a/http/sslfilter/src/main/appended-resources/META-INF/DEPENDENCIES
b/http/sslfilter/src/main/appended-resources/META-INF/DEPENDENCIES
deleted file mode 100644
index f2abec2e83..0000000000
--- a/http/sslfilter/src/main/appended-resources/META-INF/DEPENDENCIES
+++ /dev/null
@@ -1,13 +0,0 @@
-I. Included Third-Party Software
-
-N/A
-
-II. Used Third-Party Software
-
-This product uses software developed at
-The OSGi Alliance (http://www.osgi.org).
-Copyright (c) OSGi Alliance (2000, 2018).
-Licensed under the Apache License 2.0.
-
-III. License Summary
-- Apache License 2.0
diff --git
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
deleted file mode 100644
index 2541dee4d9..0000000000
---
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL_CERTIFICATE;
-
-import java.io.IOException;
-
-import jakarta.servlet.FilterChain;
-import jakarta.servlet.FilterConfig;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
-import org.osgi.service.component.annotations.Activate;
-import org.osgi.service.component.annotations.Component;
-import org.osgi.service.component.annotations.Modified;
-import org.osgi.service.metatype.annotations.AttributeDefinition;
-import org.osgi.service.metatype.annotations.Designate;
-import org.osgi.service.metatype.annotations.ObjectClassDefinition;
-import org.osgi.service.servlet.whiteboard.HttpWhiteboardConstants;
-import org.osgi.service.servlet.whiteboard.Preprocessor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-@Designate(ocd = SslFilter.Config.class)
-@Component( service = Preprocessor.class,
- configurationPid = "org.apache.felix.http.sslfilter.Configuration",
- property = {
- HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_SELECT + "=(" +
HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_NAME + "=*)",
- HttpWhiteboardConstants.HTTP_WHITEBOARD_FILTER_PATTERN + "=/"
- })
-public class SslFilter implements Preprocessor {
-
- public static final Logger LOGGER =
LoggerFactory.getLogger(SslFilter.class);
-
- @ObjectClassDefinition(name = "Apache Felix Http Service SSL Filter",
- description = "Configuration for the Http Service SSL Filter. Please
consult the documentation of your proxy for the actual headers and values to
use.")
- public @interface Config {
-
- @AttributeDefinition(name = "SSL forward header",
- description = "HTTP Request header name that indicates a request
is a SSL request terminated at a" +
- " proxy between the client and the originating
server. The default value is 'X-Forwarded-SSL' as is " +
- "customarily used in the wild. Other commonly used
names are: 'X-Forwarded-Proto' (Amazon ELB), " +
- "'X-Forwarded-Protocol' (alternative), and
'Front-End-Https' (Microsoft IIS).")
- String ssl_forward_header() default HDR_X_FORWARDED_SSL ;
-
- @AttributeDefinition(name = "SSL forward value",
- description = "HTTP Request header value that indicates a request
is a SSL request terminated at a proxy. " +
- "The default value is 'on'. Another commonly used
value is 'https'.")
- String ssl_forward_value() default "on";
-
- @AttributeDefinition(name = "SSL client header",
- description = "HTTP Request header name that contains the client
certificate forwarded by a proxy. The default " +
- "value is 'X-Forwarded-SSL-Certificate'. Another
commonly used value is 'X-Forwarded-SSL-Client-Cert'.")
- String ssl_forward_cert_header() default
HDR_X_FORWARDED_SSL_CERTIFICATE;
-
- @AttributeDefinition(name = "Rewrite Absolute URLs",
- description = "If enabled, absolute URLs passed to either
sendRedirect or by setting the location header are rewritten as well.")
- boolean rewrite_absolute_urls() default false;
- }
-
- private volatile Config config;
-
- @Activate
- public SslFilter(final Config config) {
- updateConfig(config);
- }
-
- @Modified
- public void updateConfig(final Config config) {
- this.config = config;
- LOGGER.info("SSL filter (re)configured with: " +
- "rewrite absolute urls = {}; SSL forward header = '{}'; SSL
forward value = '{}'; SSL certificate header = '{}'",
- config.rewrite_absolute_urls(), config.ssl_forward_header(),
config.ssl_forward_value(), config.ssl_forward_cert_header());
- }
-
- @Override
- public void init(final FilterConfig config) {
- // No explicit init needed...
- }
-
- @Override
- public void destroy() {
- // No explicit destroy needed...
- }
-
- @Override
- public void doFilter(final ServletRequest req, final ServletResponse res,
final FilterChain chain)
- throws IOException, ServletException {
- final Config cfg = this.config;
-
- HttpServletRequest httpReq = (HttpServletRequest) req;
- HttpServletResponse httpResp = (HttpServletResponse) res;
-
- if
(cfg.ssl_forward_value().equalsIgnoreCase(httpReq.getHeader(cfg.ssl_forward_header())))
{
- httpResp = new SslFilterResponse(httpResp, httpReq, cfg);
- httpReq = new SslFilterRequest(httpReq,
httpReq.getHeader(cfg.ssl_forward_cert_header()));
- }
-
- // forward the request making sure any certificate is removed again
after the request processing gets back here
- try {
- chain.doFilter(httpReq, httpResp);
- } finally {
- if (httpReq instanceof SslFilterRequest) {
- ((SslFilterRequest) httpReq).done();
- }
- }
- }
-}
diff --git
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
deleted file mode 100644
index f68837cca7..0000000000
---
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterConstants.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-/**
- * Provides constants used in the SSL filter.
- */
-interface SslFilterConstants {
- /**
- * If there is an SSL certificate associated with the request, it must be
exposed by the servlet container to the
- * servlet programmer as an array of objects of type
java.security.cert.X509Certificate and accessible via a
- * ServletRequest attribute of
<tt>jakarta.servlet.request.X509Certificate</tt>.
- * <p>
- * The order of this array is defined as being in ascending order of
trust. The first certificate in the chain is
- * the one set by the client, the next is the one used to authenticate the
first, and so on.
- */
- String ATTR_SSL_CERTIFICATE = "jakarta.servlet.request.X509Certificate";
-
- /**
- * De-facto header used to inform what protocol the forwarded client used
to connect to the proxy, such as "https".
- */
- String HDR_X_FORWARDED_PROTO = "X-Forwarded-Proto";
- /**
- * De-facto header used to inform what port the forwarded client used to
connect to the proxy, such as "443".
- */
- String HDR_X_FORWARDED_PORT = "X-Forwarded-Port";
- /**
- * De-facto header used to inform that the proxy is forwarding a SSL
request.
- */
- String HDR_X_FORWARDED_SSL = "X-Forwarded-SSL";
- /**
- * De-facto(?) header used to pass the certificate the client used to
connect to the proxy, in X.509 format.
- */
- String HDR_X_FORWARDED_SSL_CERTIFICATE = "X-Forwarded-SSL-Certificate";
-
- /**
- * HTTP header used to explain the client it should redirect to another
URL.
- */
- String HDR_LOCATION = "Location";
-
- /**
- * HTTP protocol/scheme.
- */
- String HTTP = "http";
-
- /**
- * Default port used for HTTP.
- */
- int HTTP_PORT = 80;
-
- /**
- * HTTPS protocol/scheme.
- */
- String HTTPS = "https";
-
- /**
- * Default port used for HTTPS.
- */
- int HTTPS_PORT = 443;
-
- String X_509 = "X.509";
-
- /**
- * The HTTP scheme prefix in an URL
- */
- String HTTP_SCHEME_PREFIX = "http://";;
-}
diff --git
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
deleted file mode 100644
index 7a7931ea22..0000000000
---
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.ATTR_SSL_CERTIFICATE;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS_PORT;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP_SCHEME_PREFIX;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.X_509;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.regex.Pattern;
-
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletRequestWrapper;
-
-class SslFilterRequest extends HttpServletRequestWrapper {
-
- // pattern to convert the header to a PEM certificate for parsing
- // by replacing spaces with line breaks
- private static final Pattern HEADER_TO_CERT = Pattern.compile("(?!
CERTIFICATE)(?= ) ");
-
- @SuppressWarnings("unchecked")
- SslFilterRequest(final HttpServletRequest request, final String
clientCertHeader) {
- super(request);
-
- if (clientCertHeader != null && clientCertHeader.trim().length() > 0) {
- final String clientCert =
HEADER_TO_CERT.matcher(clientCertHeader).replaceAll("\n");
-
- try (InputStream instream = new
ByteArrayInputStream(clientCert.getBytes(StandardCharsets.UTF_8))) {
- final CertificateFactory fac =
CertificateFactory.getInstance(X_509);
- Collection<X509Certificate> certs =
(Collection<X509Certificate>) fac.generateCertificates(instream);
- request.setAttribute(ATTR_SSL_CERTIFICATE,
certs.toArray(new X509Certificate[certs.size()]));
- } catch ( final IOException ignore) {
- // ignore - can only happen on close
- } catch ( final CertificateException ce) {
- SslFilter.LOGGER.warn("Failed to create SSL filter request!
Problem parsing client certificates?! Client certificate will *not* be
forwarded...", ce);
- }
- }
- }
-
- void done() {
- getRequest().removeAttribute(ATTR_SSL_CERTIFICATE);
- }
-
- @Override
- public String getScheme() {
- return HTTPS;
- }
-
- @Override
- public boolean isSecure() {
- return true;
- }
-
- @Override
- public StringBuffer getRequestURL() {
- final StringBuffer result = super.getRequestURL();
- // In case the request happened over http, simply insert an additional
's'
- // to make the request appear to be done over https...
- if (result.indexOf(HTTP_SCHEME_PREFIX) == 0) {
- result.insert(4, 's');
- }
- return result;
- }
-
- @Override
- public int getServerPort() {
- int port;
-
- try {
- port = Integer.parseInt(getHeader(HDR_X_FORWARDED_PORT));
- } catch (final Exception e) {
- // Use default port
- port = HTTPS_PORT;
- }
- return port;
- }
-}
diff --git
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
deleted file mode 100644
index a0e5723b9d..0000000000
---
a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterResponse.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_LOCATION;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
-import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS_PORT;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP_PORT;
-
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpServletResponseWrapper;
-
-import org.apache.felix.http.sslfilter.internal.SslFilter.Config;
-
-/**
- * Provides a custom {@link HttpServletResponse} for use in SSL filter.
- */
-class SslFilterResponse extends HttpServletResponseWrapper {
- private final URL requestURL;
- private final String serverName;
- private final String serverProto;
- private final int serverPort;
- private final String clientProto;
- private final int clientPort;
-
- private final boolean rewriteAbsoluteUrls;
-
- public SslFilterResponse(final HttpServletResponse response, final
HttpServletRequest request, final Config config) throws MalformedURLException {
- super(response);
-
- this.requestURL = new URL(request.getRequestURL().toString());
-
- // Only rewrite URLs for the host & port the request was sent to...
- this.serverName = request.getServerName();
- this.serverPort = request.getServerPort();
-
- final String value = request.getHeader(config.ssl_forward_header());
-
- if
((HDR_X_FORWARDED_PROTO.equalsIgnoreCase(config.ssl_forward_header()) &&
HTTP.equalsIgnoreCase(value)) ||
-
(HDR_X_FORWARDED_SSL.equalsIgnoreCase(config.ssl_forward_header()) &&
!config.ssl_forward_value().equalsIgnoreCase(value))) {
- // Not really a useful scenario: client is talking HTTP to proxy,
and we should rewrite all HTTPS-based URLs...
- this.clientProto = HTTP;
- this.serverProto = HTTPS;
- } else {
- // Client is talking HTTPS to proxy, so we should rewrite all
HTTP-based URLs...
- this.clientProto = HTTPS;
- this.serverProto = HTTP;
- }
-
- int port;
- try {
- String fwdPort = request.getHeader(HDR_X_FORWARDED_PORT);
- port = Integer.valueOf(fwdPort);
- } catch (Exception e) {
- // Use default port for the used protocol...
- port = -1;
- }
- // Normalize the protocol port...
- if ((port > 0) && ((HTTPS.equals(this.clientProto) && (port ==
HTTPS_PORT)) || (HTTP.equals(this.clientProto) && (port == HTTP_PORT)))) {
- // Port is the default one, do not use it...
- port = -1;
- }
-
- this.clientPort = port;
- this.rewriteAbsoluteUrls = config.rewrite_absolute_urls();
- }
-
- @Override
- public void setHeader(String name, String value) {
- if (HDR_LOCATION.equalsIgnoreCase(name)) {
- String rewritten = null;
- try {
- rewritten = rewriteUrlIfNeeded(value);
- } catch (URISyntaxException e) {
- // ignore
- }
- // Trying to set a redirect location to the original client-side
URL, which should be https...
- if (rewritten != null) {
- value = rewritten;
- }
- }
- super.setHeader(name, value);
- }
-
- @Override
- public void sendRedirect(String location) throws IOException {
- String rewritten = null;
- try {
- rewritten = rewriteUrlIfNeeded(location);
- } catch (URISyntaxException e) {
- throw new IOException (e);
- }
- if (rewritten != null) {
- location = rewritten;
- }
- super.sendRedirect(location);
- }
-
- private int normalizePort(String protocol, int port) {
- if (port > 0) {
- return port;
- }
- if (HTTPS.equalsIgnoreCase(protocol)) {
- return HTTPS_PORT;
- }
- return HTTP_PORT;
- }
-
- private String rewriteUrlIfNeeded(String value) throws URISyntaxException {
- if (value == null || (!this.rewriteAbsoluteUrls &&
value.contains("://")) ) {
- return null;
- }
-
- try {
- URI uri;
- if (value.startsWith(this.serverProto.concat("://"))) {
-
- uri = new URI (value);
- } else {
- URL url = new URL(this.requestURL, value);
- uri = url.toURI();
- }
-
- String actualProto = uri.getScheme();
-
- if (!this.serverName.equals(uri.getHost())) {
- // going to a different host
- return null;
- }
-
- if (normalizePort(this.serverProto, this.serverPort) !=
normalizePort(actualProto, uri.getPort())) {
- // not to default port
- return null;
- }
-
- final StringBuilder sb = new StringBuilder();
- sb.append(this.clientProto);
- sb.append("://");
- sb.append(this.serverName);
- if ( this.clientPort != -1 ) {
- sb.append(':');
- sb.append(this.clientPort);
- }
- if ( uri.getRawPath() != null ) {
- sb.append(uri.getRawPath());
- }
- if ( uri.getRawQuery() != null ) {
- sb.append('?');
- sb.append(uri.getRawQuery());
- }
- if ( uri.getRawFragment() != null ) {
- sb.append('#');
- sb.append(uri.getRawFragment());
- }
- return sb.toString();
- } catch (MalformedURLException e) {
- return null;
- }
- }
-}
diff --git
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterJettyTest.java
b/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterJettyTest.java
deleted file mode 100644
index 0367e1b4cf..0000000000
---
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterJettyTest.java
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_LOCATION;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL_CERTIFICATE;
-import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.InetSocketAddress;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.EnumSet;
-
-import org.eclipse.jetty.ee10.servlet.FilterHolder;
-import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
-import org.eclipse.jetty.ee10.servlet.ServletHolder;
-import org.eclipse.jetty.server.Server;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-import jakarta.servlet.DispatcherType;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.http.HttpServlet;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
-public class SslFilterJettyTest {
- private InetSocketAddress serverAddress;
-
- private Server server;
- private ServletContextHandler context;
- private boolean originalFollowRedirects;
-
- @Before
- public void setupServer() throws Exception {
- final SslFilter.Config config = Mockito.mock(SslFilter.Config.class);
- Mockito.when(config.rewrite_absolute_urls()).thenReturn(false);
-
Mockito.when(config.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_SSL);
- Mockito.when(config.ssl_forward_value()).thenReturn("on");
-
Mockito.when(config.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- this.serverAddress = new InetSocketAddress("localhost", 8080);
-
- this.context = new
ServletContextHandler(ServletContextHandler.SESSIONS);
- this.context.setContextPath("/");
- this.context.addFilter(new FilterHolder(new SslFilter(config)), "/*",
EnumSet.of(DispatcherType.REQUEST));
-
- this.server = new Server(this.serverAddress);
- this.server.setHandler(this.context);
-
- this.originalFollowRedirects = HttpURLConnection.getFollowRedirects();
- HttpURLConnection.setFollowRedirects(false);
- }
-
- @After
- public void tearDown() throws Exception {
- HttpURLConnection.setFollowRedirects(this.originalFollowRedirects);
-
- if (this.server != null) {
- this.server.stop();
- }
- }
-
- @Test
- public void testSslFilterWithRelativeRedirectURL() throws Exception {
- String servletPath = "/test";
- String redirectPath = "/foo";
-
- this.context.addServlet(new ServletHolder(new
RedirectServlet(redirectPath)), servletPath);
- this.server.start();
-
- HttpURLConnection conn = openConnection(createURL(servletPath));
-
- assertEquals(302, conn.getResponseCode());
- String location = conn.getHeaderField(HDR_LOCATION);
- assertTrue(location, location.startsWith(HTTPS));
- }
-
- @Test
- public void testSslFilterWithAbsoluteRedirectURL() throws Exception {
- String servletPath = "/test";
- String redirectPath = String.format("http://%s:%d/foo";,
this.serverAddress.getHostName(), this.serverAddress.getPort());
-
- this.context.addServlet(new ServletHolder(new
RedirectServlet(redirectPath)), servletPath);
- this.server.start();
-
- HttpURLConnection conn = openConnection(createURL(servletPath));
-
- assertEquals(302, conn.getResponseCode());
-
- String location = conn.getHeaderField(HDR_LOCATION);
- assertTrue(location, location.startsWith(HTTP));
- }
-
- @Test
- public void testSslFilterWithAbsoluteRedirectURLWithoutScheme() throws
Exception {
- String servletPath = "/test";
- String redirectPath = String.format("//%s:%d/foo",
this.serverAddress.getHostName(), this.serverAddress.getPort());
-
- this.context.addServlet(new ServletHolder(new
RedirectServlet(redirectPath)), servletPath);
- this.server.start();
-
- HttpURLConnection conn = openConnection(createURL(servletPath));
-
- assertEquals(302, conn.getResponseCode());
-
- String location = conn.getHeaderField(HDR_LOCATION);
- assertTrue(location, location.startsWith(HTTPS));
- }
-
- @Test
- public void testSslFilterWithAbsoluteRedirectURLWithHttpsScheme() throws
Exception {
- String servletPath = "/test";
- String redirectPath = String.format("https://%s:%d/foo";,
this.serverAddress.getHostName(), this.serverAddress.getPort());
-
- this.context.addServlet(new ServletHolder(new
RedirectServlet(redirectPath)), servletPath);
- this.server.start();
-
- HttpURLConnection conn = openConnection(createURL(servletPath));
-
- assertEquals(302, conn.getResponseCode());
-
- String location = conn.getHeaderField(HDR_LOCATION);
- assertTrue(location, location.startsWith(HTTPS));
- }
-
- private HttpURLConnection openConnection(URL url) throws IOException {
- HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- conn.setRequestProperty(HDR_X_FORWARDED_PROTO, HTTPS);
- conn.setRequestProperty(HDR_X_FORWARDED_SSL, "on");
- conn.connect();
- return conn;
- }
-
- private URL createURL(String path) throws MalformedURLException {
- return new URL(HTTP, this.serverAddress.getHostName(),
this.serverAddress.getPort(), path);
- }
-
- private static class RedirectServlet extends HttpServlet {
- private final String redirectPath;
-
- private RedirectServlet(String redirectPath) {
- this.redirectPath = redirectPath;
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- resp.sendRedirect(redirectPath);
- assertEquals(HTTPS, req.getScheme());
- }
- }
-}
\ No newline at end of file
diff --git
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterRequestTest.java
b/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterRequestTest.java
deleted file mode 100644
index d930a5cdb4..0000000000
---
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterRequestTest.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PORT;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import jakarta.servlet.http.HttpServletRequest;
-
-import org.junit.Test;
-import org.mockito.Mockito;
-
-public class SslFilterRequestTest
-{
- @Test
- public void test_isSecure() throws Exception {
- HttpServletRequest req = mock(HttpServletRequest.class);
- SslFilterRequest sreq = new SslFilterRequest(req, null);
-
- when(req.isSecure()).thenReturn(false);
- assertFalse(req.isSecure());
- assertTrue(sreq.isSecure());
- assertFalse(req.isSecure());
-
- when(req.isSecure()).thenReturn(true);
- assertTrue(req.isSecure());
- assertTrue(sreq.isSecure());
- assertTrue(req.isSecure());
- }
-
- @Test
- public void test_getScheme() throws Exception {
- HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
- SslFilterRequest sreq = new SslFilterRequest(req, null);
-
- when(req.getScheme()).thenReturn("http");
- assertEquals("http", req.getScheme());
- assertEquals("https", sreq.getScheme());
- assertEquals("http", req.getScheme());
-
- when(req.getScheme()).thenReturn("https");
- assertEquals("https", req.getScheme());
- assertEquals("https", sreq.getScheme());
- assertEquals("https", req.getScheme());
- }
-
- @Test
- public void test_getRequestURL() throws Exception {
- HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
- SslFilterRequest sreq = new SslFilterRequest(req, null);
-
- when(req.getRequestURL()).thenReturn(new
StringBuffer("http://some/page";));
- assertEquals("http://some/page";, req.getRequestURL().toString());
- assertEquals("https://some/page";, sreq.getRequestURL().toString());
-
- when(req.getRequestURL()).thenReturn(new
StringBuffer("https://some/page";));
- assertEquals("https://some/page";, req.getRequestURL().toString());
- assertEquals("https://some/page";, sreq.getRequestURL().toString());
- }
-
- @Test
- public void test_getServerPort() throws Exception {
- HttpServletRequest req = Mockito.mock(HttpServletRequest.class);
- SslFilterRequest sreq = new SslFilterRequest(req, null);
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn(null);
- when(req.getServerPort()).thenReturn(-1);
- assertEquals(443, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("");
- when(req.getServerPort()).thenReturn(-1);
- assertEquals(443, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("WRONG");
- when(req.getServerPort()).thenReturn(-1);
- assertEquals(443, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("W1");
- when(req.getServerPort()).thenReturn(-1);
- assertEquals(443, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("443");
- assertEquals(443, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("80");
- assertEquals(80, sreq.getServerPort());
-
- when(req.getHeader(HDR_X_FORWARDED_PORT)).thenReturn("4502");
- assertEquals(4502, sreq.getServerPort());
- }
-}
diff --git
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
b/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
deleted file mode 100644
index 19bcc72bd2..0000000000
---
a/http/sslfilter/src/test/java/org/apache/felix/http/sslfilter/internal/SslFilterResponseTest.java
+++ /dev/null
@@ -1,609 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.felix.http.sslfilter.internal;
-
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_PROTO;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HDR_X_FORWARDED_SSL_CERTIFICATE;
-import static org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTP;
-import static
org.apache.felix.http.sslfilter.internal.SslFilterConstants.HTTPS;
-import static org.junit.Assert.assertEquals;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-
-import org.junit.Test;
-
-import jakarta.servlet.ServletOutputStream;
-import jakarta.servlet.http.Cookie;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
-public class SslFilterResponseTest
-{
- private static final String BACKEND_SERVER = "backend.server";
- private static final String OTHER_SERVER = "other.server";
-
- private static final String PATH = "http://"; + BACKEND_SERVER + "/foo";
-
- private static final String DEFAULT_HTTP_PORT = "80";
- private static final String ALT_HTTP_PORT = "8080";
- private static final String DEFAULT_HTTPS_PORT = "443";
- private static final String ALT_HTTPS_PORT = "8443";
-
- private static final String LOCATION = "Location";
-
- @Test
- public void testSetHttpLocationHeaderToNullValue() throws Exception {
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- sresp.setHeader(LOCATION, null);
-
- assertEquals(null, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpsLocationHeaderToOriginalRequestURI() throws
Exception {
- String location, expected;
-
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTPS + "://" + BACKEND_SERVER + "/foo";
- expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- req = createServletRequest(BACKEND_SERVER, PATH);
-
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + "/foo";
- expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpLocationHeaderToOriginalRequestURI() throws
Exception {
- String location, expected;
-
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + "/foo";
- expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + "/foo";
- expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpLocationHeaderToOriginalRequestWithExplicitPort()
throws Exception {
- String location, expected;
-
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT +
"/foo";
- expected = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT +
"/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- resp = createServletResponse();
- req = createServletRequest(BACKEND_SERVER, PATH);
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + ":" + DEFAULT_HTTP_PORT +
"/foo";
- expected = HTTPS + "://" + BACKEND_SERVER + "/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpLocationHeaderToOriginalRequestWithForwardedPort()
throws Exception {
- String location, expected;
-
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER,
DEFAULT_HTTP_PORT, HTTPS, ALT_HTTPS_PORT, PATH);
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + "/foo";
- expected = HTTP + "://" + BACKEND_SERVER + "/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- resp = createServletResponse();
- req = createServletRequest(BACKEND_SERVER, DEFAULT_HTTP_PORT, HTTPS,
ALT_HTTPS_PORT, PATH);
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + "/foo";
- expected = HTTPS + "://" + BACKEND_SERVER + ":" + ALT_HTTPS_PORT +
"/foo";
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpLocationHeaderToOriginalRequestWithDifferentPort()
throws Exception {
- String location, expected;
-
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + ":" + ALT_HTTP_PORT +
"/foo";
- expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- resp = createServletResponse();
- req = createServletRequest(BACKEND_SERVER, PATH);
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req, cfg);
-
- location = HTTP + "://" + BACKEND_SERVER + ":" + ALT_HTTP_PORT +
"/foo";
- expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testSetHttpLocationHeaderToOtherRequestURI() throws Exception {
- TestHttpServletResponse resp = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
- final SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
-
- SslFilterResponse sresp = new SslFilterResponse(resp, req,cfg);
-
- String location = HTTP + "://" + OTHER_SERVER + "/foo";
- String expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
-
- resp = createServletResponse();
- req = createServletRequest(BACKEND_SERVER, PATH);
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
-
- sresp = new SslFilterResponse(resp, req,cfg);
-
- location = HTTP + "://" + OTHER_SERVER + "/foo";
- expected = location;
-
- sresp.setHeader(LOCATION, location);
-
- assertEquals(expected, resp.getHeader(LOCATION));
- }
-
- @Test
- public void testFragment() throws Exception {
- test("/foo#abc");
- }
-
- @Test
- public void testQueryString() throws Exception {
- final String queryString =
"?resource=%2Fen.html%3FpbOpen%3Dtrue&$$login$$=%24%24login%24%24&j_reason=errors.login.account.not.found";
- test("/" + queryString);
- }
-
- @Test
- public void testPathEncoding() throws Exception {
- test("/apps/test/content/%E4%B8%83%E6%9C%88%E5%8F%B7.redirect");
- }
-
-
- private void test(final String path) throws Exception {
- TestHttpServletResponse response = createServletResponse();
- HttpServletRequest req = createServletRequest(BACKEND_SERVER, PATH);
-
- // test - don't rewrite absolute urls / absolute http url /
sendRedirect
- // expected: no rewrite
- SslFilter.Config cfg = mock(SslFilter.Config.class);
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- SslFilterResponse sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.sendRedirect("http://"; + BACKEND_SERVER + path);
- assertEquals("http://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - don't rewrite absolute urls / absolute http url / setHeader
- // expected: no rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.setHeader(SslFilterConstants.HDR_LOCATION, "http://"; +
BACKEND_SERVER + path);
- assertEquals("http://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - don't rewrite absolute urls / absolute https url /
sendRedirect
- // expected: no rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.sendRedirect("https://"; + BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - don't rewrite absolute urls / absolute https url / setHeader
- // expected: no rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.setHeader(SslFilterConstants.HDR_LOCATION, "https://"; +
BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - rewrite absolute urls / absolute http url / sendRedirect
- // expected: rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.sendRedirect("http://"; + BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - rewrite absolute urls / absolute http url / setHeader
- // expected: rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.setHeader(SslFilterConstants.HDR_LOCATION, "http://"; +
BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - rewrite absolute urls / absolute https url / sendRedirect
- // expected: no rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.sendRedirect("https://"; + BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - rewrite absolute urls / absolute https url / setHeader
- // expected: no rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.setHeader(SslFilterConstants.HDR_LOCATION, "https://"; +
BACKEND_SERVER + path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - don't rewrite absolute urls / relative path / setHeader
- // expected: rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(false);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.sendRedirect(path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
-
- // test - rewrite absolute urls / relative path / sendRedirect
- // expected: rewrite
- when(cfg.rewrite_absolute_urls()).thenReturn(true);
- when(cfg.ssl_forward_header()).thenReturn(HDR_X_FORWARDED_PROTO);
- when(cfg.ssl_forward_value()).thenReturn("https");
-
when(cfg.ssl_forward_cert_header()).thenReturn(HDR_X_FORWARDED_SSL_CERTIFICATE);
- sresp = new SslFilterResponse(response, req, cfg);
-
- sresp.setHeader(SslFilterConstants.HDR_LOCATION, path);
- assertEquals("https://"; + BACKEND_SERVER + path,
sresp.getHeader(SslFilterConstants.HDR_LOCATION));
- }
-
- private HttpServletRequest createServletRequest(String serverName, String
requestURL) {
- return createServletRequest(serverName, DEFAULT_HTTP_PORT, HTTPS,
DEFAULT_HTTPS_PORT, requestURL);
- }
-
- private HttpServletRequest createServletRequest(String serverName, String
serverPort, String forwardedProto, String forwardedPort, String requestURL) {
- HttpServletRequest req = mock(HttpServletRequest.class);
- when(req.getServerName()).thenReturn(serverName);
- when(req.getServerPort()).thenReturn(Integer.parseInt(serverPort));
- when(req.getRequestURL()).thenReturn(new StringBuffer(requestURL));
- when(req.getHeader("X-Forwarded-Proto")).thenReturn(forwardedProto);
- when(req.getHeader("X-Forwarded-Port")).thenReturn(forwardedPort);
- return req;
- }
-
- private TestHttpServletResponse createServletResponse() {
- return new TestHttpServletResponse();
- }
-
- private static class TestHttpServletResponse implements
HttpServletResponse {
- private final Map<String, String> headers = new HashMap<String,
String>();
- private int status = -1;
- private boolean committed = false;
-
- @Override
- public void setLocale(Locale loc) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setContentType(String type) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setContentLength(int len) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setContentLengthLong(long len) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setCharacterEncoding(String charset) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setBufferSize(int size) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void resetBuffer() {
- }
-
- @Override
- public void reset() {
- }
-
- @Override
- public boolean isCommitted() {
- return this.committed;
- }
-
- @Override
- public PrintWriter getWriter() throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public ServletOutputStream getOutputStream() throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Locale getLocale() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String getContentType() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String getCharacterEncoding() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public int getBufferSize() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void flushBuffer() throws IOException {
- committed = true;
- }
-
- @Override
- public void setStatus(int sc) {
- status = sc;
- committed = true;
- }
-
- @Override
- public void setIntHeader(String name, int value) {
- headers.put(name, Integer.toString(value));
- }
-
- @Override
- public void setHeader(String name, String value) {
- headers.put(name, value);
- }
-
- @Override
- public void setDateHeader(String name, long date) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void sendRedirect(String location) throws IOException {
- this.setHeader(SslFilterConstants.HDR_LOCATION, location);
- }
-
- @Override
- public void sendError(int sc, String msg) throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void sendError(int sc) throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public int getStatus() {
- return status;
- }
-
- @Override
- public Collection<String> getHeaders(String name) {
- return Collections.singleton(headers.get(name));
- }
-
- @Override
- public Collection<String> getHeaderNames() {
- return headers.keySet();
- }
-
- @Override
- public String getHeader(String name) {
- return headers.get(name);
- }
-
- @Override
- public String encodeURL(String url) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String encodeRedirectURL(String url) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean containsHeader(String name) {
- return headers.containsKey(name);
- }
-
- @Override
- public void addIntHeader(String name, int value) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void addHeader(String name, String value) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void addDateHeader(String name, long date) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void addCookie(Cookie cookie) {
- throw new UnsupportedOperationException();
- }
- }
-}
