Example 16 with Request
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRemoteIpValve method test172dash12InternalProxies.
@Test
public void test172dash12InternalProxies() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setInternalProxies("172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProtocolHeader("x-forwarded-proto");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("172.16.0.5");
request.setRemoteHost("remote-host-original-value");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
String actualPostInvokeRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "209.244.0.3", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
boolean isSecure = remoteAddrAndHostTrackerValve.isSecure();
assertTrue("request from internal proxy should be marked secure", isSecure);
String scheme = remoteAddrAndHostTrackerValve.getScheme();
assertEquals("Scheme should be marked to https.", "https", scheme);
request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("172.25.250.250");
request.setRemoteHost("remote-host-original-value");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
actualPostInvokeRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "209.244.0.3", actualPostInvokeRemoteAddr);
actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
isSecure = remoteAddrAndHostTrackerValve.isSecure();
assertTrue("request from internal proxy should be marked secure", isSecure);
scheme = remoteAddrAndHostTrackerValve.getScheme();
assertEquals("Scheme should be marked to https.", "https", scheme);
}Example 17 with Request
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRemoteIpValve method testInvokeXforwardedProtoIsNullForIncomingHttpsRequest.
@Test
public void testInvokeXforwardedProtoIsNullForIncomingHttpsRequest() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProtocolHeader("x-forwarded-proto");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
// client ip
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("192.168.0.10");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
// protocol
// Don't declare "x-forwarded-proto"
request.setSecure(true);
request.setServerPort(8443);
request.getCoyoteRequest().scheme().setString("https");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
// client ip
String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
assertNull("no intermediate trusted proxy", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
// protocol
String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
assertEquals("x-forwarded-proto is null", "https", actualScheme);
int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
assertEquals("x-forwarded-proto is null", 8443, actualServerPort);
boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
assertTrue("x-forwarded-proto is null", actualSecure);
boolean actualPostInvokeSecure = request.isSecure();
assertTrue("postInvoke secure", actualPostInvokeSecure);
int actualPostInvokeServerPort = request.getServerPort();
assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort);
String actualPostInvokeScheme = request.getScheme();
assertEquals("postInvoke scheme", "https", actualPostInvokeScheme);
}Example 18 with Request
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRemoteIpValve method testInvokeAllProxiesAreTrusted.
@Test
public void testInvokeAllProxiesAreTrusted() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProxiesHeader("x-forwarded-by");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}Example 19 with Request
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class TestRealmBase method doRoleTest.
private void doRoleTest(List<String> userRoles, List<String> constraintOneRoles, List<String> constraintTwoRoles, List<String> applicationRoles, boolean expected) throws IOException {
TesterMapRealm mapRealm = new TesterMapRealm();
// Configure the security constraints for the resource
SecurityConstraint constraintOne = new SecurityConstraint();
if (constraintOneRoles != null) {
constraintOne.setAuthConstraint(true);
for (String constraintRole : constraintOneRoles) {
constraintOne.addAuthRole(constraintRole);
if (applicationRoles.contains(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
constraintOne.treatAllAuthenticatedUsersAsApplicationRole();
}
}
}
SecurityConstraint constraintTwo = new SecurityConstraint();
if (constraintTwoRoles != null) {
constraintTwo.setAuthConstraint(true);
for (String constraintRole : constraintTwoRoles) {
constraintTwo.addAuthRole(constraintRole);
if (applicationRoles.contains(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
constraintTwo.treatAllAuthenticatedUsersAsApplicationRole();
}
}
}
SecurityConstraint[] constraints = new SecurityConstraint[] { constraintOne, constraintTwo };
// Set up the mock request and response
Request request = new Request(null);
Response response = new TesterResponse();
Context context = new TesterContext();
for (String applicationRole : applicationRoles) {
context.addSecurityRole(applicationRole);
}
request.getMappingData().context = context;
// Configure the users in the Realm
if (userRoles != null) {
GenericPrincipal gp = new GenericPrincipal(USER1, PWD, userRoles);
request.setUserPrincipal(gp);
}
// Check if user meets constraints
boolean result = mapRealm.hasResourcePermission(request, response, constraints, null);
Assert.assertEquals(Boolean.valueOf(expected), Boolean.valueOf(result));
}
Also used :
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
Response(org.apache.catalina.connector.Response)
Context(org.apache.catalina.Context)
TesterContext(org.apache.tomcat.unittest.TesterContext)
TesterMapRealm(org.apache.catalina.startup.TesterMapRealm)
Request(org.apache.catalina.connector.Request)
TesterRequest(org.apache.tomcat.unittest.TesterRequest)
TesterResponse(org.apache.tomcat.unittest.TesterResponse)
TesterContext(org.apache.tomcat.unittest.TesterContext)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
Example 20 with Request
use of org.apache.catalina.connector.Request in project tomcat by apache.
the class ApplicationDispatcher method wrapRequest.
/**
* Create and return a request wrapper that has been inserted in the
* appropriate spot in the request chain.
*/
private ServletRequest wrapRequest(State state) {
// Locate the request we should insert in front of
ServletRequest previous = null;
ServletRequest current = state.outerRequest;
while (current != null) {
if (state.hrequest == null && (current instanceof HttpServletRequest))
state.hrequest = (HttpServletRequest) current;
if (!(current instanceof ServletRequestWrapper))
break;
if (current instanceof ApplicationHttpRequest)
break;
if (current instanceof ApplicationRequest)
break;
previous = current;
current = ((ServletRequestWrapper) current).getRequest();
}
// Instantiate a new wrapper at this point and insert it in the chain
ServletRequest wrapper = null;
if ((current instanceof ApplicationHttpRequest) || (current instanceof Request) || (current instanceof HttpServletRequest)) {
// Compute a crossContext flag
HttpServletRequest hcurrent = (HttpServletRequest) current;
boolean crossContext = false;
if ((state.outerRequest instanceof ApplicationHttpRequest) || (state.outerRequest instanceof Request) || (state.outerRequest instanceof HttpServletRequest)) {
HttpServletRequest houterRequest = (HttpServletRequest) state.outerRequest;
Object contextPath = houterRequest.getAttribute(RequestDispatcher.INCLUDE_CONTEXT_PATH);
if (contextPath == null) {
// Forward
contextPath = houterRequest.getContextPath();
}
crossContext = !(context.getPath().equals(contextPath));
}
wrapper = new ApplicationHttpRequest(hcurrent, context, crossContext);
} else {
wrapper = new ApplicationRequest(current);
}
if (previous == null)
state.outerRequest = wrapper;
else
((ServletRequestWrapper) previous).setRequest(wrapper);
state.wrapRequest = wrapper;
return (wrapper);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
ServletRequestWrapper(javax.servlet.ServletRequestWrapper)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Request(org.apache.catalina.connector.Request)
ServletRequest(javax.servlet.ServletRequest)
Aggregations
Request (org.apache.catalina.connector.Request)24
Test (org.junit.Test)15
ServletRequest (javax.servlet.ServletRequest)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
Context (org.apache.catalina.Context)3
Response (org.apache.catalina.connector.Response)3
TesterContext (org.apache.tomcat.unittest.TesterContext)3
IOException (java.io.IOException)2
ServletException (javax.servlet.ServletException)2
ServletRequestWrapper (javax.servlet.ServletRequestWrapper)2
RequestFacade (org.apache.catalina.connector.RequestFacade)2
TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)2
TesterRequest (org.apache.tomcat.unittest.TesterRequest)2
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)2
URISyntaxException (java.net.URISyntaxException)1
HashSet (java.util.HashSet)1
AsyncContext (javax.servlet.AsyncContext)1
AsyncEvent (javax.servlet.AsyncEvent)1
AsyncListener (javax.servlet.AsyncListener)1
DispatcherType (javax.servlet.DispatcherType)1
