Search in sources :

Example 76 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testInvokeXforwardedProtoSaysHttpsForIncomingHttpRequest.

@Test
public void testInvokeXforwardedProtoSaysHttpsForIncomingHttpRequest() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
    request.setSecure(false);
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    // client ip
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
    // protocol
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("x-forwarded-proto says https", "https", actualScheme);
    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    Assert.assertEquals("x-forwarded-proto says https", 443, actualServerPort);
    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("x-forwarded-proto says https", actualSecure);
    boolean actualPostInvokeSecure = request.isSecure();
    Assert.assertFalse("postInvoke secure", actualPostInvokeSecure);
    int actualPostInvokeServerPort = request.getServerPort();
    Assert.assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort);
    String actualPostInvokeScheme = request.getScheme();
    Assert.assertEquals("postInvoke scheme", "http", actualPostInvokeScheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 77 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testInvokeXforwardedProtoSaysHttpForIncomingHttpsRequest.

@Test
public void testInvokeXforwardedProtoSaysHttpForIncomingHttpsRequest() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("http");
    request.setSecure(true);
    request.setServerPort(8443);
    request.getCoyoteRequest().scheme().setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    // client ip
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
    Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
    // protocol
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("x-forwarded-proto says http", "http", actualScheme);
    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    Assert.assertEquals("x-forwarded-proto says http", 80, actualServerPort);
    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertFalse("x-forwarded-proto says http", actualSecure);
    boolean actualPostInvokeSecure = request.isSecure();
    Assert.assertTrue("postInvoke secure", actualPostInvokeSecure);
    int actualPostInvokeServerPort = request.getServerPort();
    Assert.assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort);
    String actualPostInvokeScheme = request.getScheme();
    Assert.assertEquals("postInvoke scheme", "https", actualPostInvokeScheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 78 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testRequestAttributesForAccessLog.

@Test
public void testRequestAttributesForAccessLog() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    Assert.assertEquals("org.apache.catalina.AccessLog.ServerPort", Integer.valueOf(8080), request.getAttribute(AccessLog.SERVER_PORT_ATTRIBUTE));
    Assert.assertEquals("org.apache.catalina.AccessLog.RemoteAddr", "140.211.11.130", request.getAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE));
    Assert.assertEquals("org.apache.catalina.AccessLog.RemoteHost", "140.211.11.130", request.getAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE));
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 79 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method test172dash12InternalProxies.

@Test
public void test172dash12InternalProxies() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("172.16.0.5");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
    String actualPostInvokeRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "209.244.0.3", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
    boolean isSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("request from internal proxy should be marked secure", isSecure);
    String scheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("Scheme should be marked to https.", "https", scheme);
    request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("172.25.250.250");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
    actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
    actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
    actualPostInvokeRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "209.244.0.3", actualPostInvokeRemoteAddr);
    actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
    isSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("request from internal proxy should be marked secure", isSecure);
    scheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("Scheme should be marked to https.", "https", scheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 80 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testInvokeXforwardedProtoIsNullForIncomingHttpsRequest.

@Test
public void testInvokeXforwardedProtoIsNullForIncomingHttpsRequest() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    // Don't declare "x-forwarded-proto"
    request.setSecure(true);
    request.setServerPort(8443);
    request.getCoyoteRequest().scheme().setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    // client ip
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
    // protocol
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("x-forwarded-proto is null", "https", actualScheme);
    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    Assert.assertEquals("x-forwarded-proto is null", 8443, actualServerPort);
    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("x-forwarded-proto is null", actualSecure);
    boolean actualPostInvokeSecure = request.isSecure();
    Assert.assertTrue("postInvoke secure", actualPostInvokeSecure);
    int actualPostInvokeServerPort = request.getServerPort();
    Assert.assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort);
    String actualPostInvokeScheme = request.getScheme();
    Assert.assertEquals("postInvoke scheme", "https", actualPostInvokeScheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Aggregations

Request (org.apache.catalina.connector.Request)80 Test (org.junit.Test)44 Response (org.apache.catalina.connector.Response)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)14 IOException (java.io.IOException)9 HttpSession (javax.servlet.http.HttpSession)9 Context (org.apache.catalina.Context)9 ServletRequest (javax.servlet.ServletRequest)8 Valve (org.apache.catalina.Valve)7 RequestFacade (org.apache.catalina.connector.RequestFacade)7 TesterContext (org.apache.tomcat.unittest.TesterContext)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 HttpSession (jakarta.servlet.http.HttpSession)5 ServletException (javax.servlet.ServletException)5 Connector (org.apache.catalina.connector.Connector)5 ServletRequest (jakarta.servlet.ServletRequest)4 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)4 ServletRequestWrapper (javax.servlet.ServletRequestWrapper)3 LifecycleException (org.apache.catalina.LifecycleException)3 ServletException (jakarta.servlet.ServletException)2