From: markt Date: Mon, 9 May 2011 10:09:44 +0000 (+0000) Subject: Add additional configuration options to the RemoteIpValve to control ports. X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=fbd370858d04ada1238765b59f9d3f5c9f8db094;p=tomcat7.0 Add additional configuration options to the RemoteIpValve to control ports. These are required by my TCK test environment since I have multiple connectors (with different ports) configured all using the one Valve. If this has the desired effect, I'll port the changes to the RemoteIpFilter. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1100940 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/valves/LocalStrings.properties b/java/org/apache/catalina/valves/LocalStrings.properties index bb2398bfa..24bfee485 100644 --- a/java/org/apache/catalina/valves/LocalStrings.properties +++ b/java/org/apache/catalina/valves/LocalStrings.properties @@ -40,6 +40,7 @@ errorReportValve.rootCauseInLogs=The full stack trace of the root cause is avail # Remote IP valve remoteIpValve.syntax=Invalid regular expressions [{0}] provided. +remoteIpValve.invalidPortHeader=Invalid value [{0}] found for port in HTP header [{1}] sslValve.certError=Failed to process certificate string [{0}] to create a java.security.cert.X509Certificate object sslValve.invalidProvider=The SSL provider specified on the connector associated with this request of [{0}] is invalid. The certificate data could not be processed. diff --git a/java/org/apache/catalina/valves/RemoteIpValve.java b/java/org/apache/catalina/valves/RemoteIpValve.java index 7b8a825ed..bbb619541 100644 --- a/java/org/apache/catalina/valves/RemoteIpValve.java +++ b/java/org/apache/catalina/valves/RemoteIpValve.java @@ -403,6 +403,8 @@ public class RemoteIpValve extends ValveBase { */ private int httpsServerPort = 443; + private boolean changeLocalPort = false; + /** * @see #setInternalProxies(String) */ @@ -422,6 +424,8 @@ public class RemoteIpValve extends ValveBase { */ private String protocolHeaderHttpsValue = "https"; + private String portHeader = null; + /** * @see #setProxiesHeader(String) */ @@ -461,6 +465,36 @@ public class RemoteIpValve extends ValveBase { return httpServerPort; } + public boolean isChangeLocalPort() { + return changeLocalPort; + } + + public void setChangeLocalPort(boolean changeLocalPort) { + this.changeLocalPort = changeLocalPort; + } + + /** + * Obtain the name of the HTTP header used to override the value returned + * by {@link Request#getServerPort()} and (optionally depending on {link + * {@link #isChangeLocalPort()} {@link Request#getLocalPort()}. + * + * @return The HTTP header name + */ + public String getPortHeader() { + return portHeader; + } + + /** + * Set the name of the HTTP header used to override the value returned + * by {@link Request#getServerPort()} and (optionally depending on {link + * {@link #isChangeLocalPort()} {@link Request#getLocalPort()}. + * + * @param portHeader The HTTP header name + */ + public void setPortHeader(String portHeader) { + this.portHeader = portHeader; + } + /** * Return descriptive information about this Valve implementation. */ @@ -611,13 +645,13 @@ public class RemoteIpValve extends ValveBase { // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0 request.getCoyoteRequest().scheme().setString("https"); - request.setServerPort(httpsServerPort); + setPorts(request, httpsServerPort); } else { request.setSecure(false); // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0 request.getCoyoteRequest().scheme().setString("http"); - request.setServerPort(httpServerPort); + setPorts(request, httpServerPort); } } @@ -657,6 +691,26 @@ public class RemoteIpValve extends ValveBase { request.setServerPort(originalServerPort); } } + + private void setPorts(Request request, int defaultPort) { + int port = defaultPort; + if (portHeader != null) { + String portHeaderValue = request.getHeader(portHeader); + if (portHeaderValue != null) { + try { + port = Integer.parseInt(portHeaderValue); + } catch (NumberFormatException nfe) { + log.debug(sm.getString( + "remoteIpValve.invalidPortHeader", + portHeaderValue, portHeader), nfe); + } + } + } + request.setServerPort(port); + if (changeLocalPort) { + request.getCoyoteRequest().setLocalPort(port); + } + } /** *

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index d52d6676b..7c62d243e 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -65,6 +65,12 @@ Use correct class loader when loading Servlet classes in StandardWrapper. (markt) + + Provide additional configuration options for the RemoteIpValve to allow + greater control over the values returned by + ServletRequest#getServerPort() and ServletRequest#getLocalPort() when + using this valve. (markt) + diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml index 4fe4ad4ec..06f945dd0 100644 --- a/webapps/docs/config/valve.xml +++ b/webapps/docs/config/valve.xml @@ -1024,6 +1024,12 @@ default of null is used.

+ +

Name of the HTTP Header read by this valve that holds the port + used by the client to connect to the proxy. If not specified, the + default of null is used.

+ +

Value of the protocolHeader to indicate that it is an HTTPS request. If not specified, the default of https is @@ -1033,17 +1039,24 @@

Value returned by ServletRequest.getServerPort() when the protocolHeader indicates http - protocol. If not specified, the default of 80 is - used.

+ protocol and no portHeader is present. If not + specified, the default of 80 is used.

Value returned by ServletRequest.getServerPort() when the protocolHeader indicates https - protocol. If not specified, the default of 443 is - used.

+ protocol and no portHeader is present. If not + specified, the default of 443 is used.

 + +

If true, the value returned by + ServletRequest.getLocalPort() and + ServletRequest.getServerPort() is modified by the this + valve. If not specified, the default of false is used.

+ +