[jira] [Updated] (FELIX-4420) [HTTP SSLFilter] Implement sendRedirect

Wed, 21 May 2014 02:09:07 -0700 

     [ 
https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

J.W. Janssen updated FELIX-4420:
--------------------------------

    Attachment: FELIX-4420.patch

[~fmeschbe]/[~cziegeler]: the idea of overriding sendRedirect does not work 
well in practise: most webservers (Tomcat/Jetty) will set the "location" header 
with the fully qualified redirect-URL and mark the request as completed, after 
which you're not supposed (or able) to touch the response. This would mean we 
have to reimplement the sendRedirect functionality ourselves, which is 
something I'd like to avoid.

I've implemented an alternative approach (see attached patch) in which I check 
whether the "location" header is set using {{setHeader}}, and if so, rewrite 
the given URL. Jetty and Tomcat both use {{setHeader}} internally in their 
{{sendRedirect}} implementation, so this should work pretty well. WDYT?


> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>
>                 Key: FELIX-4420
>                 URL: https://issues.apache.org/jira/browse/FELIX-4420
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http-2.2.1, http-2.2.2
>            Reporter: Felix Meschberger
>            Assignee: J.W. Janssen
>             Fix For: http-2.3.0, http-sslfilter-1.0.0
>
>         Attachments: FELIX-4420.patch
>
>
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the 
> actual protocol used by the client side browser by inspecting a request 
> header and exposing the proper scheme through its ServletRequest.getScheme() 
> implementation if the actual server is operated behind an SSL terminating 
> proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to 
> server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location 
> header to the absolute redirect URL which includes the scheme. In an SSL 
> terminating proxy situation, the servlet container does not know about this 
> fact and hence uses the actual server scheme (HTTP) for the redirect instead 
> of the scheme used by client.
> To fix this situation the SSL filter response should implement the 
> HttpServletResponse.sendRedirect() method to use use the client side scheme 
> as extracted from the request instead of the actual server request.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to