Hendy Irawan created WICKET-6440:

             Summary: SecuredRemoteAddressRequestWrapperFactory doesn't make 
request secure
                 Key: WICKET-6440
                 URL: https://issues.apache.org/jira/browse/WICKET-6440
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 7.8.0
            Reporter: Hendy Irawan

I'm using SecuredRemoteAddressRequestWrapperFactory and what I get is:

2017-08-08 09:07:53.460 DEBUG 3851 --- [nio-8080-exec-3] 
ecuredRemoteAddressRequestWrapperFactory : Incoming request 
 with originalSecure='false', remoteAddr='' will be seen with 

Since remoteAddr is 127.* then it should be treated as secure, per 

This code in SecuredRemoteAddressRequestWrapperFactory is probably buggy: (i.e. 
need to remove {{==false}})

        public boolean needsWrapper(final HttpServletRequest request)
                return !request.isSecure() &&
config.securedRemoteAddresses) == false;

Related to WICKET-3015.
Tag [~jdonnerstag] [~pete]

This message was sent by Atlassian JIRA

Reply via email to