use of javax.servlet.http.HttpServletRequest in project tomcat by apache.
the class TestRemoteIpFilter method testIncomingRequestIsSecuredButProtocolHeaderSaysItIsNotWithCustomValues.
@Test
public void testIncomingRequestIsSecuredButProtocolHeaderSaysItIsNotWithCustomValues() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("protocolHeader", "x-forwarded-proto");
filterDef.addInitParameter("remoteIpHeader", "x-my-forwarded-for");
filterDef.addInitParameter("httpServerPort", "8080");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("192.168.0.10");
request.setSecure(true);
request.setScheme("https");
request.setHeader("x-my-forwarded-for", "140.211.11.130");
request.setHeader("x-forwarded-proto", "http");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
boolean actualSecure = actualRequest.isSecure();
assertFalse("request must be unsecured as header x-forwarded-proto said it is http", actualSecure);
String actualScheme = actualRequest.getScheme();
assertEquals("scheme must be http as header x-forwarded-proto said it is http", "http", actualScheme);
int actualServerPort = actualRequest.getServerPort();
assertEquals("wrong http server port", 8080, actualServerPort);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
}
use of javax.servlet.http.HttpServletRequest in project tomcat by apache.
the class TestRemoteIpFilter method testInvokeNotAllowedRemoteAddr.
@Test
public void testInvokeNotAllowedRemoteAddr() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("not-allowed-internal-proxy");
request.setRemoteHost("not-allowed-internal-proxy-host");
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
String actualXForwardedFor = actualRequest.getHeader("x-forwarded-for");
assertEquals("x-forwarded-for must be unchanged", "140.211.11.130, proxy1, proxy2", actualXForwardedFor);
String actualXForwardedBy = actualRequest.getHeader("x-forwarded-by");
assertNull("x-forwarded-by must be null", actualXForwardedBy);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "not-allowed-internal-proxy", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "not-allowed-internal-proxy-host", actualRemoteHost);
}
use of javax.servlet.http.HttpServletRequest in project tomcat by apache.
the class TestRemoteIpFilter method testInvokeAllProxiesAreTrustedOrInternal.
@Test
public void testInvokeAllProxiesAreTrustedOrInternal() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2, 192.168.0.10, 192.168.0.11");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
String actualXForwardedFor = actualRequest.getHeader("x-forwarded-for");
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = actualRequest.getHeader("x-forwarded-by");
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
}
use of javax.servlet.http.HttpServletRequest in project tomcat by apache.
the class TestRemoteIpFilter method testInvokeAllowedRemoteAddrWithNullRemoteIpHeader.
@Test
public void testInvokeAllowedRemoteAddrWithNullRemoteIpHeader() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
String actualXForwardedFor = request.getHeader("x-forwarded-for");
assertNull("x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
assertNull("x-forwarded-by must be null", actualXForwardedBy);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "192.168.0.10", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "remote-host-original-value", actualRemoteHost);
}
use of javax.servlet.http.HttpServletRequest in project tomcat by apache.
the class TestCorsFilter method testCheckRequestTypeNull.
/*
* Tests for failure, when an invalid {@link HttpServletRequest} is
* encountered.
*/
@Test(expected = IllegalArgumentException.class)
public void testCheckRequestTypeNull() {
HttpServletRequest request = null;
CorsFilter corsFilter = new CorsFilter();
corsFilter.checkRequestType(request);
}
Aggregations