[
https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14044387#comment-14044387
]
Chetan Mehrotra commented on FELIX-4420:
----------------------------------------
bq. I'm not to sure about the suggested fix, as it tightly couples the
SslFilter to Jetty
Agreed. Note that Jetty usage is optional. Other features would work in non
Jetty case
bq. I think it can be solved in a generic way by going back to the original
proposed solution: override sendRedirect() (and possibly sendHeader() as well,
for implementations that directly try to set redirect locations) and change the
redirect URL on the fly
That would be the right way. The rational for suggesting the Jetty solution was
# The sendRedirect method does a bit of preprocessing as can be seen in case of
Jetty [1] and Tomcat [2] and they might differ. How it is done in other servers
like Websphere, Weblogic etc is not clear. Also one need to take care of
encoding etc. So we have to be careful there that required compatibility is
maintained
# Our primary requirement is while running with Jetty based Felix !!
Probably we can take a middle path. For the cases where we can use some native
support like Jetty we make use of that. Otherwise we fallback to creating
required url in SslResponse itself as you suggested.
[1]
https://github.com/eclipse/jetty.project/blob/master/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java#L671
[2]
https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/connector/Response.java#L1242-1274
> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>
> Key: FELIX-4420
> URL: https://issues.apache.org/jira/browse/FELIX-4420
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Affects Versions: http-2.2.1, http-2.2.2
> Reporter: Felix Meschberger
> Assignee: J.W. Janssen
> Fix For: http-next
>
> Attachments: FELIX-4420-jetty.patch, FELIX-4420.patch
>
>
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the
> actual protocol used by the client side browser by inspecting a request
> header and exposing the proper scheme through its ServletRequest.getScheme()
> implementation if the actual server is operated behind an SSL terminating
> proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to
> server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location
> header to the absolute redirect URL which includes the scheme. In an SSL
> terminating proxy situation, the servlet container does not know about this
> fact and hence uses the actual server scheme (HTTP) for the redirect instead
> of the scheme used by client.
> To fix this situation the SSL filter response should implement the
> HttpServletResponse.sendRedirect() method to use use the client side scheme
> as extracted from the request instead of the actual server request.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
