This is an automated email from the ASF dual-hosted git repository. dsoumis pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 5fde94d2a69b10be1a709eec346a94a3cf86a3a3 Author: Dimitris Soumis <[email protected]> AuthorDate: Thu Feb 19 16:16:33 2026 +0200 Make things more transparent --- .../tomcat/integration/httpd/HttpdIntegrationBaseTest.java | 7 +++++-- .../org/apache/tomcat/integration/httpd/TestBasicProxy.java | 13 +++++++------ .../integration/httpd/TestRemoteIpValveWithProxy.java | 8 ++++---- .../tomcat/integration/httpd/TestSSLValveWithProxy01.java | 6 +++--- .../tomcat/integration/httpd/TestSSLValveWithProxy02.java | 10 +++++----- 5 files changed, 24 insertions(+), 20 deletions(-) diff --git a/test/org/apache/tomcat/integration/httpd/HttpdIntegrationBaseTest.java b/test/org/apache/tomcat/integration/httpd/HttpdIntegrationBaseTest.java index 160f5da401..84b88562ba 100644 --- a/test/org/apache/tomcat/integration/httpd/HttpdIntegrationBaseTest.java +++ b/test/org/apache/tomcat/integration/httpd/HttpdIntegrationBaseTest.java @@ -66,6 +66,8 @@ public abstract class HttpdIntegrationBaseTest extends TomcatBaseTest { ServerName localhost:%{HTTPD_PORT} """; + private static final String SERVLET_NAME = "snoop"; + private static final File lockFile = new File("test/org/apache/tomcat/integration/httpd/httpd-binary.lock"); private static FileLock lock = null; @@ -116,8 +118,8 @@ public abstract class HttpdIntegrationBaseTest extends TomcatBaseTest { for (Valve valve : getValveConfig()) { ctx.getPipeline().addValve(valve); } - Tomcat.addServlet(ctx, "snoop", new SnoopServlet()); - ctx.addServletMappingDecoded("/snoop", "snoop"); + Tomcat.addServlet(ctx, SERVLET_NAME, new SnoopServlet()); + ctx.addServletMappingDecoded("/" + SERVLET_NAME, SERVLET_NAME); tomcat.start(); tomcatPort = getPort(); } @@ -152,6 +154,7 @@ public abstract class HttpdIntegrationBaseTest extends TomcatBaseTest { httpdConf = httpdConf.replace("%{HTTPD_PORT}", Integer.toString(httpdPort)) .replace("%{TOMCAT_PORT}", Integer.toString(tomcatPort)) + .replace("%{SERVLET_NAME}", SERVLET_NAME) .replace("%{CONF_DIR}", httpdConfDir.getAbsolutePath()) .replace("%{HTTPD_SSL_PORT}", Integer.toString(httpdSslPort)) .replace("%{SSL_CERT_FILE}", new File(TesterSupport.LOCALHOST_RSA_CERT_PEM).getAbsolutePath()) diff --git a/test/org/apache/tomcat/integration/httpd/TestBasicProxy.java b/test/org/apache/tomcat/integration/httpd/TestBasicProxy.java index d3eddbda16..e27c73b79d 100644 --- a/test/org/apache/tomcat/integration/httpd/TestBasicProxy.java +++ b/test/org/apache/tomcat/integration/httpd/TestBasicProxy.java @@ -36,10 +36,10 @@ public class TestBasicProxy extends HttpdIntegrationBaseTest { LoadModule headers_module modules/mod_headers.so ProxyRequests Off ProxyPreserveHost On - ProxyPass /snoop http://localhost:%{TOMCAT_PORT}/snoop - ProxyPassReverse /snoop http://localhost:%{TOMCAT_PORT}/snoop - RequestHeader set X-Forwarded-For 140.211.11.130 \s - RequestHeader set X-Forwarded-Proto "http" + ProxyPass /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} + ProxyPassReverse /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} + RequestHeader set X-Forwarded-For 140.211.11.130 + RequestHeader set X-Forwarded-Proto "https" """; @Override @@ -55,7 +55,7 @@ public class TestBasicProxy extends HttpdIntegrationBaseTest { @Test public void testBasicProxying() throws Exception { ByteChunk res = new ByteChunk(); - int rc = getUrl("http://localhost:"; + getHttpdPort() + "/snoop", res, false); + int rc = getUrl("http://localhost:"; + getHttpdPort() + "/endpoint", res, false); Assert.assertEquals(HttpServletResponse.SC_OK, rc); RequestDescriptor requestDesc = SnoopResult.parse(res.toString()); @@ -63,10 +63,11 @@ public class TestBasicProxy extends HttpdIntegrationBaseTest { Assert.assertEquals("127.0.0.1", requestDesc.getRequestInfo("REQUEST-REMOTE-ADDR")); Assert.assertEquals(getHttpdPort(), Integer.valueOf(requestDesc.getRequestInfo("REQUEST-SERVER-PORT")).intValue()); Assert.assertEquals(getPort(), Integer.valueOf(requestDesc.getRequestInfo("REQUEST-LOCAL-PORT")).intValue()); + // httpd sets X-Forwarded-Proto: https, but without RemoteIpValve Tomcat does not process it. Assert.assertEquals("http", requestDesc.getRequestInfo("REQUEST-SCHEME")); Assert.assertEquals("false", requestDesc.getRequestInfo("REQUEST-IS-SECURE")); Assert.assertNotNull(requestDesc.getHeaders()); Assert.assertNotNull(requestDesc.getHeader("X-Forwarded-For")); - Assert.assertEquals("http", requestDesc.getHeader("X-Forwarded-Proto")); + Assert.assertEquals("https", requestDesc.getHeader("X-Forwarded-Proto")); } } diff --git a/test/org/apache/tomcat/integration/httpd/TestRemoteIpValveWithProxy.java b/test/org/apache/tomcat/integration/httpd/TestRemoteIpValveWithProxy.java index 85d805c3fe..24dfe2fc1c 100644 --- a/test/org/apache/tomcat/integration/httpd/TestRemoteIpValveWithProxy.java +++ b/test/org/apache/tomcat/integration/httpd/TestRemoteIpValveWithProxy.java @@ -36,10 +36,10 @@ public class TestRemoteIpValveWithProxy extends HttpdIntegrationBaseTest { LoadModule headers_module modules/mod_headers.so ProxyRequests Off ProxyPreserveHost On - ProxyPass /snoop http://localhost:%{TOMCAT_PORT}/snoop - ProxyPassReverse /snoop http://localhost:%{TOMCAT_PORT}/snoop + ProxyPass /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} + ProxyPassReverse /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} ProxyAddHeaders Off - RequestHeader set X-Forwarded-For 140.211.11.130 \s + RequestHeader set X-Forwarded-For 140.211.11.130 RequestHeader set X-Forwarded-Proto https RequestHeader set X-Forwarded-Host whoamI.tomcat """; @@ -63,7 +63,7 @@ public class TestRemoteIpValveWithProxy extends HttpdIntegrationBaseTest { @Test public void testRemoteIpValveProxying() throws Exception { ByteChunk res = new ByteChunk(); - int rc = getUrl("http://localhost:"; + getHttpdPort() + "/snoop", res, false); + int rc = getUrl("http://localhost:"; + getHttpdPort() + "/endpoint", res, false); Assert.assertEquals(HttpServletResponse.SC_OK, rc); RequestDescriptor requestDesc = SnoopResult.parse(res.toString()); diff --git a/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy01.java b/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy01.java index 5fa8dd8b15..65e2b883d9 100644 --- a/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy01.java +++ b/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy01.java @@ -45,8 +45,8 @@ public class TestSSLValveWithProxy01 extends HttpdIntegrationBaseTest { SSLCertificateFile "%{SSL_CERT_FILE}" SSLCertificateKeyFile "%{SSL_KEY_FILE}" ProxyRequests Off - ProxyPass /snoop http://localhost:%{TOMCAT_PORT}/snoop - ProxyPassReverse /snoop http://localhost:%{TOMCAT_PORT}/snoop + ProxyPass /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} + ProxyPassReverse /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s" RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s" @@ -74,7 +74,7 @@ public class TestSSLValveWithProxy01 extends HttpdIntegrationBaseTest { TesterSupport.configureClientSsl(); ByteChunk res = new ByteChunk(); - int rc = getUrl("https://localhost:"; + getHttpdSslPort() + "/snoop", res, false); + int rc = getUrl("https://localhost:"; + getHttpdSslPort() + "/endpoint", res, false); Assert.assertEquals(HttpServletResponse.SC_OK, rc); RequestDescriptor requestDesc = SnoopResult.parse(res.toString()); diff --git a/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy02.java b/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy02.java index af9a7a2444..b1ee23803f 100644 --- a/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy02.java +++ b/test/org/apache/tomcat/integration/httpd/TestSSLValveWithProxy02.java @@ -45,14 +45,14 @@ public class TestSSLValveWithProxy02 extends HttpdIntegrationBaseTest { SSLCertificateFile "%{SSL_CERT_FILE}" SSLCertificateKeyFile "%{SSL_KEY_FILE}" ProxyRequests Off - ProxyPass /snoop http://localhost:%{TOMCAT_PORT}/snoop - ProxyPassReverse /snoop http://localhost:%{TOMCAT_PORT}/snoop + ProxyPass /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} + ProxyPassReverse /endpoint http://localhost:%{TOMCAT_PORT}/%{SERVLET_NAME} RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" RequestHeader set SSL_CIPHER "%{SSL_CIPHER}s" RequestHeader set SSL_SESSION_ID "%{SSL_SESSION_ID}s" RequestHeader set SSL_CIPHER_USEKEYSIZE "%{SSL_CIPHER_USEKEYSIZE}s" - SSLVerifyClient optional \s - SSLCACertificateFile "%{SSL_CA_CERT_FILE}" \s + SSLVerifyClient optional + SSLCACertificateFile "%{SSL_CA_CERT_FILE}" SSLOptions +ExportCertData </VirtualHost> """; @@ -77,7 +77,7 @@ public class TestSSLValveWithProxy02 extends HttpdIntegrationBaseTest { TesterSupport.configureClientSsl(); ByteChunk res = new ByteChunk(); - int rc = getUrl("https://localhost:"; + getHttpdSslPort() + "/snoop", res, false); + int rc = getUrl("https://localhost:"; + getHttpdSslPort() + "/endpoint", res, false); Assert.assertEquals(HttpServletResponse.SC_OK, rc); RequestDescriptor requestDesc = SnoopResult.parse(res.toString()); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
