Package org.eclipse.jetty.server
Class ForwardedRequestCustomizer
- java.lang.Object
-
- org.eclipse.jetty.server.ForwardedRequestCustomizer
-
- All Implemented Interfaces:
HttpConfiguration.Customizer
public class ForwardedRequestCustomizer extends java.lang.Object implements HttpConfiguration.Customizer
Customize Requests for Proxy Forwarding.This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are
Forwarded
, as defined by rfc7239X-Forwarded-Host
X-Forwarded-Server
X-Forwarded-For
X-Forwarded-Proto
X-Proxied-Https
If these headers are present, then the
Request
object is updated so that the proxy is not seen as the other end point of the connection on which the request cameHeaders can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised
The Authority (host and port) is updated on the
Request
object based on the host / port information in the following search order.Request Authority Search Order # Value Origin Host Port Protocol Notes 1 Forwarded
Header" host=<host>
" param (Required)" host=<host>:<port>
param (Implied)" proto=<value>
" param (Optional)From left-most relevant parameter (see rfc7239) 2 X-Forwarded-Host
HeaderRequired Implied n/a left-most value 3 X-Forwarded-Port
Headern/a Required n/a left-most value (only if getForwardedPortAsAuthority()
is true)4 X-Forwarded-Server
HeaderRequired Optional n/a left-most value 5 X-Forwarded-Proto
Headern/a Implied from value Required left-most value becomes protocol.
- Value of "
http
" means port=80. - Value of "
HttpConfiguration.getSecureScheme()
" means port=HttpConfiguration.getSecurePort()
.
6 X-Proxied-Https
Headern/a Implied from value boolean left-most value determines protocol and port.
- Value of "
on
" means port=HttpConfiguration.getSecurePort()
, and protocol=HttpConfiguration.getSecureScheme()
). - Value of "
off
" means port=80, and protocol=http.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
ForwardedRequestCustomizer.Source
Ordered Source Enum.
-
Constructor Summary
Constructors Constructor Description ForwardedRequestCustomizer()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
customize(Connector connector, HttpConfiguration config, Request request)
java.lang.String
getForcedHost()
java.lang.String
getForwardedCipherSuiteHeader()
java.lang.String
getForwardedForHeader()
java.lang.String
getForwardedHeader()
java.lang.String
getForwardedHostHeader()
java.lang.String
getForwardedHttpsHeader()
boolean
getForwardedPortAsAuthority()
java.lang.String
getForwardedPortHeader()
java.lang.String
getForwardedProtoHeader()
Get the forwardedProtoHeader.java.lang.String
getForwardedServerHeader()
java.lang.String
getForwardedSslSessionIdHeader()
java.lang.String
getHostHeader()
Deprecated.protected static java.lang.String
getLeftMost(java.lang.String headerValue)
boolean
getProxyAsAuthority()
protected static int
getSecurePort(HttpConfiguration config)
boolean
isSslIsSecure()
protected void
onError(HttpField field, java.lang.Throwable t)
void
setForcedHost(java.lang.String hostAndPort)
Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.void
setForwardedCipherSuiteHeader(java.lang.String forwardedCipherSuiteHeader)
void
setForwardedForHeader(java.lang.String forwardedRemoteAddressHeader)
void
setForwardedHeader(java.lang.String forwardedHeader)
void
setForwardedHostHeader(java.lang.String forwardedHostHeader)
void
setForwardedHttpsHeader(java.lang.String forwardedHttpsHeader)
void
setForwardedOnly(boolean rfc7239only)
void
setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)
Set if the X-Forwarded-Port header will be used for Authorityvoid
setForwardedPortHeader(java.lang.String forwardedPortHeader)
void
setForwardedProtoHeader(java.lang.String forwardedProtoHeader)
Set the forwardedProtoHeader.void
setForwardedServerHeader(java.lang.String forwardedServerHeader)
void
setForwardedSslSessionIdHeader(java.lang.String forwardedSslSessionIdHeader)
void
setHostHeader(java.lang.String hostHeader)
Deprecated.void
setProxyAsAuthority(boolean proxyAsAuthority)
void
setSslIsSecure(boolean sslIsSecure)
java.lang.String
toString()
-
-
-
Method Detail
-
getProxyAsAuthority
public boolean getProxyAsAuthority()
- Returns:
- true if the proxy address obtained via
X-Forwarded-Server
or RFC7239 "by" is used as the request authority. Default false
-
setProxyAsAuthority
public void setProxyAsAuthority(boolean proxyAsAuthority)
- Parameters:
proxyAsAuthority
- if true, use the proxy address obtained viaX-Forwarded-Server
or RFC7239 "by" as the request authority.
-
setForwardedOnly
public void setForwardedOnly(boolean rfc7239only)
- Parameters:
rfc7239only
- Configure to only support the RFC7239 Forwarded header and to not support anyX-Forwarded-
headers. This convenience method clears all the non RFC headers if passed true and sets them to the default values (if not already set) if passed false.
-
getForcedHost
public java.lang.String getForcedHost()
-
setForcedHost
public void setForcedHost(java.lang.String hostAndPort)
Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.- Parameters:
hostAndPort
- The value of the host header to force.
-
getForwardedHeader
public java.lang.String getForwardedHeader()
- Returns:
- The header name for RFC forwarded (default Forwarded)
-
setForwardedHeader
public void setForwardedHeader(java.lang.String forwardedHeader)
- Parameters:
forwardedHeader
- The header name for RFC forwarded (default Forwarded)
-
getForwardedHostHeader
public java.lang.String getForwardedHostHeader()
-
setForwardedHostHeader
public void setForwardedHostHeader(java.lang.String forwardedHostHeader)
- Parameters:
forwardedHostHeader
- The header name for forwarded hosts (defaultX-Forwarded-Host
)
-
getForwardedServerHeader
public java.lang.String getForwardedServerHeader()
- Returns:
- the header name for forwarded server.
-
setForwardedServerHeader
public void setForwardedServerHeader(java.lang.String forwardedServerHeader)
- Parameters:
forwardedServerHeader
- The header name for forwarded server (defaultX-Forwarded-Server
)
-
getForwardedForHeader
public java.lang.String getForwardedForHeader()
- Returns:
- the forwarded for header
-
setForwardedForHeader
public void setForwardedForHeader(java.lang.String forwardedRemoteAddressHeader)
- Parameters:
forwardedRemoteAddressHeader
- The header name for forwarded for (defaultX-Forwarded-For
)
-
getForwardedPortHeader
public java.lang.String getForwardedPortHeader()
-
setForwardedPortHeader
public void setForwardedPortHeader(java.lang.String forwardedPortHeader)
- Parameters:
forwardedPortHeader
- The header name for forwarded hosts (defaultX-Forwarded-Port
)
-
getForwardedPortAsAuthority
public boolean getForwardedPortAsAuthority()
- Returns:
- if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
-
setForwardedPortAsAuthority
public void setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)
Set if the X-Forwarded-Port header will be used for Authority- Parameters:
forwardedPortAsAuthority
- if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
-
getForwardedProtoHeader
public java.lang.String getForwardedProtoHeader()
Get the forwardedProtoHeader.- Returns:
- the forwardedProtoHeader (default
X-Forwarded-Proto
)
-
setForwardedProtoHeader
public void setForwardedProtoHeader(java.lang.String forwardedProtoHeader)
Set the forwardedProtoHeader.- Parameters:
forwardedProtoHeader
- the forwardedProtoHeader to set (defaultX-Forwarded-Proto
)
-
getForwardedCipherSuiteHeader
public java.lang.String getForwardedCipherSuiteHeader()
- Returns:
- The header name holding a forwarded cipher suite (default
Proxy-auth-cert
)
-
setForwardedCipherSuiteHeader
public void setForwardedCipherSuiteHeader(java.lang.String forwardedCipherSuiteHeader)
- Parameters:
forwardedCipherSuiteHeader
- The header name holding a forwarded cipher suite (defaultProxy-auth-cert
)
-
getForwardedSslSessionIdHeader
public java.lang.String getForwardedSslSessionIdHeader()
- Returns:
- The header name holding a forwarded SSL Session ID (default
Proxy-ssl-id
)
-
setForwardedSslSessionIdHeader
public void setForwardedSslSessionIdHeader(java.lang.String forwardedSslSessionIdHeader)
- Parameters:
forwardedSslSessionIdHeader
- The header name holding a forwarded SSL Session ID (defaultProxy-ssl-id
)
-
getForwardedHttpsHeader
public java.lang.String getForwardedHttpsHeader()
- Returns:
- The header name holding a forwarded Https status indicator (on|off true|false) (default
X-Proxied-Https
)
-
setForwardedHttpsHeader
public void setForwardedHttpsHeader(java.lang.String forwardedHttpsHeader)
- Parameters:
forwardedHttpsHeader
- the header name holding a forwarded Https status indicator(defaultX-Proxied-Https
)
-
isSslIsSecure
public boolean isSslIsSecure()
- Returns:
- true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
-
setSslIsSecure
public void setSslIsSecure(boolean sslIsSecure)
- Parameters:
sslIsSecure
- true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
-
customize
public void customize(Connector connector, HttpConfiguration config, Request request)
- Specified by:
customize
in interfaceHttpConfiguration.Customizer
-
getSecurePort
protected static int getSecurePort(HttpConfiguration config)
-
onError
protected void onError(HttpField field, java.lang.Throwable t)
-
getLeftMost
protected static java.lang.String getLeftMost(java.lang.String headerValue)
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
getHostHeader
@Deprecated public java.lang.String getHostHeader()
Deprecated.
-
setHostHeader
@Deprecated public void setHostHeader(java.lang.String hostHeader)
Deprecated.Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.- Parameters:
hostHeader
- The value of the host header to force.
-
-