From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sun, 6 Feb 2011 19:08:13 +0000 (+0000)
Subject: Tweak defaults. Document.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=b2b7dedad4852c166d11e7e8295391354c98435b;p=tomcat7.0

Tweak defaults. Document.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1067732 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/filters/RemoteIpFilter.java b/java/org/apache/catalina/filters/RemoteIpFilter.java
index ca833232e..da2a1bed5 100644
--- a/java/org/apache/catalina/filters/RemoteIpFilter.java
+++ b/java/org/apache/catalina/filters/RemoteIpFilter.java
@@ -41,6 +41,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.catalina.AccessLog;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 
@@ -698,6 +699,11 @@ public class RemoteIpFilter implements Filter {
     private String remoteIpHeader = "X-Forwarded-For";
     
     /**
+     * @see #setRequestAttributesEnabled(boolean)
+     */
+    private boolean requestAttributesEnabled = true;
+
+    /**
      * @see #setTrustedProxies(String)
      */
     private Pattern trustedProxies = null;
@@ -792,6 +798,16 @@ public class RemoteIpFilter implements Filter {
                         + xRequest.getScheme() + "', newSecure='" + xRequest.isSecure() + "', new[" + remoteIpHeader + "]='"
                         + xRequest.getHeader(remoteIpHeader) + "', new[" + proxiesHeader + "]='" + xRequest.getHeader(proxiesHeader) + "'");
             }
+            if (requestAttributesEnabled) {
+                request.setAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE,
+                        request.getRemoteAddr());
+                request.setAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE,
+                        request.getRemoteHost());
+                request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE,
+                        request.getProtocol());
+                request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE,
+                        Integer.valueOf(request.getServerPort()));
+            }
             chain.doFilter(xRequest, response);
         } else {
             if (log.isDebugEnabled()) {
@@ -839,6 +855,15 @@ public class RemoteIpFilter implements Filter {
         return remoteIpHeader;
     }
     
+    /**
+     * @see #setRequestAttributesEnabled(boolean)
+     * @return <code>true</code> if the attributes will be logged, otherwise
+     *         <code>false</code>
+     */
+    public boolean getRequestAttributesEnabled() {
+        return requestAttributesEnabled;
+    }
+
     public Pattern getTrustedProxies() {
         return trustedProxies;
     }
@@ -988,6 +1013,28 @@ public class RemoteIpFilter implements Filter {
     }
     
     /**
+     * Should this filter set request attributes for IP address, Hostname,
+     * protocol and port used for the request? This are typically used in
+     * conjunction with an {@link AccessLog} which will otherwise log the
+     * original values. Default is <code>true</code>.
+     * 
+     * The attributes set are:
+     * <ul>
+     * <li>org.apache.catalina.RemoteAddr</li>
+     * <li>org.apache.catalina.RemoteHost</li>
+     * <li>org.apache.catalina.Protocol</li>
+     * <li>org.apache.catalina.ServerPost</li>
+     * </ul>
+     * 
+     * @param requestAttributesEnabled  <code>true</code> causes the attributes
+     *                                  to be set, <code>false</code> disables
+     *                                  the setting of the attributes. 
+     */
+    public void setRequestAttributesEnabled(boolean requestAttributesEnabled) {
+        this.requestAttributesEnabled = requestAttributesEnabled;
+    }
+
+    /**
      * <p>
      * Regular expression defining proxies that are trusted when they appear in
      * the {@link #remoteIpHeader} header.
diff --git a/java/org/apache/catalina/valves/AccessLogValve.java b/java/org/apache/catalina/valves/AccessLogValve.java
index e72fdd1a0..78f92c575 100644
--- a/java/org/apache/catalina/valves/AccessLogValve.java
+++ b/java/org/apache/catalina/valves/AccessLogValve.java
@@ -296,7 +296,7 @@ public class AccessLogValve extends ValveBase implements AccessLog {
     /**
      * @see #setRequestAttributesEnabled(boolean)
      */
-    protected boolean requestAttributesEnabled = true;
+    protected boolean requestAttributesEnabled = false;
 
     // ------------------------------------------------------------- Properties
 
diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java
index 1ea461586..bb4b4e794 100644
--- a/java/org/apache/catalina/valves/RemoteIpValve.java
+++ b/java/org/apache/catalina/valves/RemoteIpValve.java
@@ -752,7 +752,7 @@ public class RemoteIpValve extends ValveBase {
     /**
      * Should this valve set request attributes for IP address, Hostname,
      * protocol and port used for the request? This are typically used in
-     * conjunction with the {@link AccessLogValve} which will otherwise log the
+     * conjunction with the {@link AccessLog} which will otherwise log the
      * original values. Default is <code>true</code>.
      * 
      * The attributes set are:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7db82d43e..813143d39 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -55,6 +55,11 @@
         When running under a security manager, user requests may fail with a
         security exception. (markt)
       </fix>
+      <add>
+        Enhance the RemoteIpFilter and RemoteIpValve so that the modified remote
+        address, remote host, protocol and server port may be used in an access
+        log if desired. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">
diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index 52319a71f..ad90b9772 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -119,6 +119,16 @@
         use a zero-length string.</p>
       </attribute>
 
+      <attribute name="requestAttributesEnabled" required="false">
+        <p>Set to <code>true</code> to check for the existance of request
+        attributes (typically set by the RemoteIpValve and similar) that should
+        be used to override the values returned by the request for remote
+        address, remote host, server port and protocol. If the attributes are
+        not set, or this attribute is set to <code>false</code> then the values 
+        from the request will be used. If not set, the default value of
+        <code>false</code> will be used.</p>
+      </attribute>
+
       <attribute name="resolveHosts" required="false">
         <p>Set to <code>true</code> to convert the IP address of the remote
         host into the corresponding host name via a DNS lookup.  Set to
@@ -820,6 +830,15 @@
         <code>x-forwarded-by</code> is used.</p>
       </attribute>
 
+      <attribute name="requestAttributesEnabled" required="false">
+        <p>Set to <code>true</code> to set the request attributes used by
+        AccessLog implementations to override the values returned by the
+        request for remote address, remote host, server port and protocol. If
+        the attributes are not set, or this attribute is set to
+        <code>false</code> then the values from the request will be used. If not
+        set, the default value of <code>true</code> will be used.</p>
+      </attribute>
+
       <attribute name="trustedProxies" required="false">
         <p>Regular expression (using <code>java.util.regex</code>) that a
         proxy&apos;s IP address must match to be considered an trusted proxy.