[
https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14007629#comment-14007629
]
Felix Meschberger commented on FELIX-4420:
------------------------------------------
[~jajans] +1
Except that I would make "Constants" a final class and rename it to
SSLFilterConstants (there are so many Constants classes and interfaces flying
around that it is hard to disambiguate them).
Thanks.
> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>
> Key: FELIX-4420
> URL: https://issues.apache.org/jira/browse/FELIX-4420
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Affects Versions: http-2.2.1, http-2.2.2
> Reporter: Felix Meschberger
> Assignee: J.W. Janssen
> Fix For: http-2.3.0, http-sslfilter-1.0.0
>
> Attachments: FELIX-4420.patch
>
>
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the
> actual protocol used by the client side browser by inspecting a request
> header and exposing the proper scheme through its ServletRequest.getScheme()
> implementation if the actual server is operated behind an SSL terminating
> proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to
> server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location
> header to the absolute redirect URL which includes the scheme. In an SSL
> terminating proxy situation, the servlet container does not know about this
> fact and hence uses the actual server scheme (HTTP) for the redirect instead
> of the scheme used by client.
> To fix this situation the SSL filter response should implement the
> HttpServletResponse.sendRedirect() method to use use the client side scheme
> as extracted from the request instead of the actual server request.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
