ForwardedHeaderExtractingRequest(HttpServletRequest request, UrlPathHelper pathHelper) { super(request); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents uriComponents = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); int port = uriComponents.getPort(); this.scheme = uriComponents.getScheme(); this.secure = "https".equals(this.scheme); this.host = uriComponents.getHost(); this.port = (port == -1 ? (this.secure ? 443 : 80) : port); String baseUrl = this.scheme + "://" + this.host + (port == -1 ? "" : ":" + port); Supplier<HttpServletRequest> delegateRequest = () -> (HttpServletRequest) getRequest(); this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, pathHelper, baseUrl); }
/** * Check if the request is a same-origin one, based on {@code Origin}, and * {@code Host} headers. * * <p><strong>Note:</strong> as of 5.1 this method ignores * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the * client-originated address. Consider using the {@code ForwardedHeaderFilter} * to extract and use, or to discard such headers. * * @return {@code true} if the request is a same-origin one, {@code false} in case * of a cross-origin request */ public static boolean isSameOrigin(ServerHttpRequest request) { String origin = request.getHeaders().getOrigin(); if (origin == null) { return true; } URI uri = request.getURI(); String actualScheme = uri.getScheme(); String actualHost = uri.getHost(); int actualPort = getPort(uri.getScheme(), uri.getPort()); Assert.notNull(actualScheme, "Actual request scheme must not be null"); Assert.notNull(actualHost, "Actual request host must not be null"); Assert.isTrue(actualPort != -1, "Actual request port must not be undefined"); UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build(); return (actualScheme.equals(originUrl.getScheme()) && actualHost.equals(originUrl.getHost()) && actualPort == getPort(originUrl.getScheme(), originUrl.getPort())); }
return (ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) && getPort(scheme, port) == getPort(originUrl.getScheme(), originUrl.getPort()));
private void ports(UriComponents uriComponents, MockHttpServletRequest request) { int serverPort = uriComponents.getPort(); request.setServerPort(serverPort); if (serverPort == -1) { int portConnection = this.webRequest.getUrl().getDefaultPort(); request.setLocalPort(serverPort); request.setRemotePort(portConnection); } else { request.setRemotePort(serverPort); } }
ForwardedHeaderExtractingRequest(HttpServletRequest request, UrlPathHelper pathHelper) { super(request); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents uriComponents = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); int port = uriComponents.getPort(); this.scheme = uriComponents.getScheme(); this.secure = "https".equals(this.scheme); this.host = uriComponents.getHost(); this.port = (port == -1 ? (this.secure ? 443 : 80) : port); String baseUrl = this.scheme + "://" + this.host + (port == -1 ? "" : ":" + port); Supplier<HttpServletRequest> delegateRequest = () -> (HttpServletRequest) getRequest(); this.forwardedPrefixExtractor = new ForwardedPrefixExtractor(delegateRequest, pathHelper, baseUrl); }
@Test // SPR-12123 public void port() { UriComponents uri1 = fromUriString("http://example.com:8080/bar").build(); UriComponents uri2 = fromUriString("http://example.com/bar").port(8080).build(); UriComponents uri3 = fromUriString("http://example.com/bar").port("{port}").build().expand(8080); UriComponents uri4 = fromUriString("http://example.com/bar").port("808{digit}").build().expand(0); assertEquals(8080, uri1.getPort()); assertEquals("http://example.com:8080/bar", uri1.toUriString()); assertEquals(8080, uri2.getPort()); assertEquals("http://example.com:8080/bar", uri2.toUriString()); assertEquals(8080, uri3.getPort()); assertEquals("http://example.com:8080/bar", uri3.toUriString()); assertEquals(8080, uri4.getPort()); assertEquals("http://example.com:8080/bar", uri4.toUriString()); }
@Test // SPR-11140 public void fromHttpRequestWithForwardedHostMultiValuedHeader() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(-1); request.addHeader("X-Forwarded-Host", "a.example.org, b.example.org, c.example.org"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("a.example.org", result.getHost()); assertEquals(-1, result.getPort()); }
@Test // SPR-11872 public void fromHttpRequestWithForwardedHostWithDefaultPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(10080); request.addHeader("X-Forwarded-Host", "example.org"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("example.org", result.getHost()); assertEquals(-1, result.getPort()); }
@Test // SPR-10701 public void fromHttpRequestWithForwardedHostIncludingPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(-1); request.setRequestURI("/mvc-showcase"); request.addHeader("X-Forwarded-Host", "webtest.foo.bar.com:443"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("webtest.foo.bar.com", result.getHost()); assertEquals(443, result.getPort()); }
@Test // SPR-11855 public void fromHttpRequestWithForwardedHostAndPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); request.addHeader("X-Forwarded-Host", "foobarhost"); request.addHeader("X-Forwarded-Port", "9090"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("foobarhost", result.getHost()); assertEquals(9090, result.getPort()); }
@Test // SPR-16863 public void fromHttpRequestWithForwardedSsl() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("example.org"); request.setServerPort(10080); request.addHeader("X-Forwarded-Ssl", "on"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("example.org", result.getHost()); assertEquals(-1, result.getPort()); }
@Test // SPR-16262 public void fromHttpRequestWithForwardedProtoWithDefaultPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("example.org"); request.setServerPort(10080); request.addHeader("X-Forwarded-Proto", "https"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("example.org", result.getHost()); assertEquals(-1, result.getPort()); }
@Test public void fromHttpRequestWithForwardedHostWithForwardedScheme() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(10080); request.addHeader("X-Forwarded-Host", "example.org"); request.addHeader("X-Forwarded-Proto", "https"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("example.org", result.getHost()); assertEquals("https", result.getScheme()); assertEquals(-1, result.getPort()); }
@Test public void fromHttpRequestForwardedHeaderWithHostPortAndWithoutServerPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Forwarded", "proto=https; host=84.198.58.199:9090"); request.setScheme("http"); request.setServerName("example.com"); request.setRequestURI("/rest/mobile/users/1"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("84.198.58.199", result.getHost()); assertEquals("/rest/mobile/users/1", result.getPath()); assertEquals(9090, result.getPort()); assertEquals("https://84.198.58.199:9090/rest/mobile/users/1", result.toUriString()); }
@Test public void fromHttpRequestForwardedHeaderWithHostPortAndServerPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Forwarded", "proto=https; host=84.198.58.199:9090"); request.setScheme("http"); request.setServerPort(8080); request.setServerName("example.com"); request.setRequestURI("/rest/mobile/users/1"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("84.198.58.199", result.getHost()); assertEquals("/rest/mobile/users/1", result.getPath()); assertEquals(9090, result.getPort()); assertEquals("https://84.198.58.199:9090/rest/mobile/users/1", result.toUriString()); }
@Test // SPR-16262 public void fromHttpRequestForwardedHeaderWithProtoAndServerPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Forwarded", "proto=https"); request.setScheme("http"); request.setServerPort(8080); request.setServerName("example.com"); request.setRequestURI("/rest/mobile/users/1"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("example.com", result.getHost()); assertEquals("/rest/mobile/users/1", result.getPath()); assertEquals(-1, result.getPort()); assertEquals("https://example.com/rest/mobile/users/1", result.toUriString()); }
@Test public void fromHttpRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(-1); request.setRequestURI("/path"); request.setQueryString("a=1"); UriComponents result = UriComponentsBuilder.fromHttpRequest(new ServletServerHttpRequest(request)).build(); assertEquals("http", result.getScheme()); assertEquals("localhost", result.getHost()); assertEquals(-1, result.getPort()); assertEquals("/path", result.getPath()); assertEquals("a=1", result.getQuery()); }
@Test public void fromHttpRequestForwardedHeaderWithoutHostPortAndWithServerPort() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Forwarded", "proto=https; host=84.198.58.199"); request.setScheme("http"); request.setServerPort(8080); request.setServerName("example.com"); request.setRequestURI("/rest/mobile/users/1"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("84.198.58.199", result.getHost()); assertEquals("/rest/mobile/users/1", result.getPath()); assertEquals(-1, result.getPort()); assertEquals("https://84.198.58.199/rest/mobile/users/1", result.toUriString()); }
@Test // SPR-12771 public void fromHttpRequestResetsPortBeforeSettingIt() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("X-Forwarded-Proto", "https"); request.addHeader("X-Forwarded-Host", "84.198.58.199"); request.addHeader("X-Forwarded-Port", 443); request.setScheme("http"); request.setServerName("example.com"); request.setServerPort(80); request.setRequestURI("/rest/mobile/users/1"); HttpRequest httpRequest = new ServletServerHttpRequest(request); UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build(); assertEquals("https", result.getScheme()); assertEquals("84.198.58.199", result.getHost()); assertEquals(-1, result.getPort()); assertEquals("/rest/mobile/users/1", result.getPath()); }
assertNull(result.getUserInfo()); assertEquals("www.ietf.org", result.getHost()); assertEquals(-1, result.getPort()); assertEquals("/rfc/rfc3986.txt", result.getPath()); assertEquals(Arrays.asList("rfc", "rfc3986.txt"), result.getPathSegments()); assertEquals("arjen:foobar", result.getUserInfo()); assertEquals("java.sun.com", result.getHost()); assertEquals(80, result.getPort()); assertEquals("/javase/6/docs/api/java/util/BitSet.html", result.getPath()); assertEquals("foo=bar", result.getQuery()); assertNull(result.getUserInfo()); assertNull(result.getHost()); assertEquals(-1, result.getPort()); assertEquals("java-net@java.sun.com", result.getSchemeSpecificPart()); assertNull(result.getPath()); assertNull(result.getUserInfo()); assertNull(result.getHost()); assertEquals(-1, result.getPort()); assertEquals("docs/guide/collections/designfaq.html", result.getPath()); assertNull(result.getQuery());