Re: [FELIX-3693] HTTP SSLFilter

Mon, 29 Sep 2014 02:35:14 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 29/09/14 11:25, Felix Meschberger wrote:
> While you are technically correct, the request.getServerPort()
> should really reflect the port that the actual SSL terminating
> server is running on.
> 
> If this is the default port (getServerPort may return -1) this
> would still be 443 and not 80. So it should probably be checked
> that we get the SSL terminator’s port right. And this is really the
> bug: The current SslFilterRequest implementation does not implement
> the getServerPort method to ensure this.

Still, this is all based on heuristics: the code assumes the SSL
terminating server runs on the default https port.

Wouldn't it make a lot more sense to make the SslFilter configurable
wrt what ports it should rewrite? While it requires explicit
configuration, it makes the code a lot simpler and less bug-prone?

- -- 
Met vriendelijke groeten | Kind regards

Jan Willem Janssen | Software Architect
+31 631 765 814

/My world is revolving around INAETICS and Amdatu/

Luminis Technologies B.V.
Churchillplein 1
7314 BZ   Apeldoorn
+31 88 586 46 00

http://www.luminis-technologies.com
http://www.luminis.eu

KvK (CoC) 09 16 28 93
BTW (VAT) NL8169.78.566.B.01
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUKSeWAAoJEKF/mP2eHDc4+NIP/1DMT+7FZLLx8VDQAqxpRdFi
2t6fAaDR+a+0UeH0vCFgMtgMmIhdJJGUhYeIo979RNuIr7k10zhnmHVPHTx7fgGq
9kOkooD1Yw0aGBdrfxtekiUxrAXgS2zm6m1UxS+Tp3tNdwd1kNTJgUnhjFrhtnBv
/hlaO1Qg7Eu0p9GvKZhbaa3AN1ZGmEmEgpDttNCsJzoYM9LG2gZ8FgAKh58Ojo6D
7va7kCa0RivLjGkoagdMM6LuSe7vTwl+yhzRgf6FjXxcHgRyTWyWPf5iqO7rVOFo
zauQ1Rh3UJTB7dq8j2CCWA5b4KJnfgXK8mo0O0zDnHVRNETdGlDZu3KMPexwNjrC
d03TtbiLZGx7XZA4x8jEWDeGMxMCg+pWa8VX59BNKq/JmxDgHfj+Pv8YSjuD3htT
kUw5RNzCBM2SjLupCLqQKU5E5VQpaxjMAcpvGz/JaaamsEh5C7tdWIDuKFW1f2iS
DWJ/alhE/xrF0wcQyZt+fdBeNA6vsIZ3CI26C+LPoUe4bc20fQMdUFbMtJDYNkqN
kL0/TrKC5OkoLrgRCLqzg4r0RNQZbfA5wP7P784JfjXZclTUPIWeuyzaP0bodtt/
9AjawZvYcuGQBkHZMUUWr4QUJKffNosRVcwJzrBKFA/O2fAQZ7LIv0xaEAaMrxy2
Xk/TaAfkzzrIgT8idD48
=lRNe
-----END PGP SIGNATURE-----

Reply via email to