@Override public boolean isSecure() { return request.isSecure(); }
@Override public boolean isSecure() { return request.isSecure(); }
private boolean isSecureCookie(HttpServletRequest request) { if (this.useSecureCookie == null) { return request.isSecure(); } return this.useSecureCookie; }
@Override public boolean isSecure() { return getRequest().isSecure(); }
/** * Force always the http-only flag and depending on the request, put also the secure flag. */ private void secureCookie(Cookie cookie, HttpServletRequest request){ // if we can mark the cookie HTTP only, do so to protect this cookie even in case of XSS vulnerability. if (SET_HTTP_ONLY!=null) { try { SET_HTTP_ONLY.invoke(cookie,true); } catch (IllegalAccessException e) { // ignore } catch (InvocationTargetException e) { // ignore } } // if the user is running Jenkins over HTTPS, we also want to prevent the cookie from leaking in HTTP. // whether the login is done over HTTPS or not would be a good enough approximation of whether Jenkins runs in // HTTPS or not, so use that. cookie.setSecure(request.isSecure()); }
/** * @return true if the current request.scheme = HTTPS or if the request.isSecure value is true. */ protected boolean isRequestSecure(HttpServletRequest request) { return ("HTTPS".equalsIgnoreCase(request.getScheme()) || request.isSecure()); }
public boolean isSecure() { boolean secure = false; if (request != null) { secure = ("HTTPS".equalsIgnoreCase(request.getScheme()) || request.isSecure()); } return secure; }
public boolean isSecure(HttpServletRequest request) { boolean secure = false; if (request != null) { secure = ("HTTPS".equalsIgnoreCase(request.getScheme()) || request.isSecure()); } return secure; }
public boolean isSecure(HttpServletRequest request) { boolean secure = false; if (request != null) { secure = ("HTTPS".equalsIgnoreCase(request.getScheme()) || request.isSecure()); } return secure; }
@Override public boolean isSecure() { return getRequest().isSecure(); }
@Override public boolean isSecure() { return isNotNoOps() ? b.request.isSecure() : b.isSecure; }
public static RequestData from( HttpServletRequest req ) { return new RequestData( req.getRemoteAddr(), req.isSecure(), req.getRemotePort(), req.getLocalName(), req.getLocalAddr(), req.getLocalPort(), req.getAuthType() == null ? "" : req.getAuthType() ); } }
public RequestDTOImpl(HttpServletRequest request) { requestURI = request.getRequestURI(); fullUrlWithQueryString = request.getRequestURL().toString(); if (StringUtils.isNotEmpty(request.getQueryString())) { fullUrlWithQueryString += "?" + request.getQueryString(); } secure = ("HTTPS".equalsIgnoreCase(request.getScheme()) || request.isSecure()); for(Object key : request.getParameterMap().keySet()) { String paramKey = key.toString(); requestContextAttributes.put(paramKey, request.getParameter(paramKey)); } }
private RequestContext createRequestContext(HttpServletRequest request, String endpointPath, HttpHeaders headers) { RequestContext context = RequestContext.Builder.create() .requestURI(URI.create(endpointPath)) .userPrincipal(request.getUserPrincipal()) .secure(request.isSecure()) .remoteAddr(request.getRemoteAddr()) .build(); headers.forEach((header, value) -> context.getHeaders().put(header, value)); return context; }
@Override public Authentication attemptAuthentication(final HttpServletRequest request) { // only suppport x509 login when running securely if (!request.isSecure()) { return null; } // look for a client certificate final X509Certificate[] certificates = certificateExtractor.extractClientCertificate(request); if (certificates == null) { return null; } return new X509AuthenticationRequestToken(request.getHeader(ProxiedEntitiesUtils.PROXY_ENTITIES_CHAIN), principalExtractor, certificates, request.getRemoteAddr()); }
@RequestMapping(path = "/", produces = "text/html") public String home(HttpServletRequest request, Map<String, Object> model) { if (isForceSsl() && !request.isSecure()) { String securedUrl = ServletUriComponentsBuilder.fromCurrentRequest() .scheme("https").build().toUriString(); return "redirect:" + securedUrl; } renderHome(model); return "home"; }
@Test public void forwardedRequest() throws Exception { this.request.setRequestURI("/mvc-showcase"); this.request.addHeader(X_FORWARDED_PROTO, "https"); this.request.addHeader(X_FORWARDED_HOST, "84.198.58.199"); this.request.addHeader(X_FORWARDED_PORT, "443"); this.request.addHeader("foo", "bar"); this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain); HttpServletRequest actual = (HttpServletRequest) this.filterChain.getRequest(); assertEquals("https://84.198.58.199/mvc-showcase", actual.getRequestURL().toString()); assertEquals("https", actual.getScheme()); assertEquals("84.198.58.199", actual.getServerName()); assertEquals(443, actual.getServerPort()); assertTrue(actual.isSecure()); assertNull(actual.getHeader(X_FORWARDED_PROTO)); assertNull(actual.getHeader(X_FORWARDED_HOST)); assertNull(actual.getHeader(X_FORWARDED_PORT)); assertEquals("bar", actual.getHeader("foo")); }
@Test public void forwardedRequestWithSsl() throws Exception { this.request.setRequestURI("/mvc-showcase"); this.request.addHeader(X_FORWARDED_SSL, "on"); this.request.addHeader(X_FORWARDED_HOST, "84.198.58.199"); this.request.addHeader(X_FORWARDED_PORT, "443"); this.request.addHeader("foo", "bar"); this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain); HttpServletRequest actual = (HttpServletRequest) this.filterChain.getRequest(); assertEquals("https://84.198.58.199/mvc-showcase", actual.getRequestURL().toString()); assertEquals("https", actual.getScheme()); assertEquals("84.198.58.199", actual.getServerName()); assertEquals(443, actual.getServerPort()); assertTrue(actual.isSecure()); assertNull(actual.getHeader(X_FORWARDED_SSL)); assertNull(actual.getHeader(X_FORWARDED_HOST)); assertNull(actual.getHeader(X_FORWARDED_PORT)); assertEquals("bar", actual.getHeader("foo")); }
@Test public void forwardedRequestInRemoveOnlyMode() throws Exception { this.request.setRequestURI("/mvc-showcase"); this.request.addHeader(X_FORWARDED_PROTO, "https"); this.request.addHeader(X_FORWARDED_HOST, "84.198.58.199"); this.request.addHeader(X_FORWARDED_PORT, "443"); this.request.addHeader(X_FORWARDED_SSL, "on"); this.request.addHeader("foo", "bar"); this.filter.setRemoveOnly(true); this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain); HttpServletRequest actual = (HttpServletRequest) this.filterChain.getRequest(); assertEquals("http://localhost/mvc-showcase", actual.getRequestURL().toString()); assertEquals("http", actual.getScheme()); assertEquals("localhost", actual.getServerName()); assertEquals(80, actual.getServerPort()); assertFalse(actual.isSecure()); assertNull(actual.getHeader(X_FORWARDED_PROTO)); assertNull(actual.getHeader(X_FORWARDED_HOST)); assertNull(actual.getHeader(X_FORWARDED_PORT)); assertNull(actual.getHeader(X_FORWARDED_SSL)); assertEquals("bar", actual.getHeader("foo")); }
public HttpRequest mapHttpServletRequestToMockServerRequest(HttpServletRequest httpServletRequest) { HttpRequest request = new HttpRequest(); setMethod(request, httpServletRequest); setPath(request, httpServletRequest); setQueryString(request, httpServletRequest); setBody(request, httpServletRequest); setHeaders(request, httpServletRequest); setCookies(request, httpServletRequest); request.withKeepAlive(isKeepAlive(httpServletRequest)); request.withSecure(httpServletRequest.isSecure()); return request; }