Search in sources :

Example 31 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testRequestForwardedForWithProxyPortNumber.

@Test
public void testRequestForwardedForWithProxyPortNumber() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    // remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    // remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    // Trust c.d
    remoteIpValve.setTrustedProxies("foo\\.bar:123");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234, foo.bar:123");
    // protocol
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    Assert.assertEquals("140.211.11.130:1234", remoteAddrAndHostTrackerValve.getRemoteAddr());
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 32 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestLoadBalancerDrainingValve method runValve.

@Test
public void runValve() throws Exception {
    IMocksControl control = EasyMock.createControl();
    ServletContext servletContext = control.createMock(ServletContext.class);
    Context ctx = control.createMock(Context.class);
    Request request = control.createMock(Request.class);
    Response response = control.createMock(Response.class);
    String sessionCookieName = "JSESSIONID";
    String sessionId = "cafebabe";
    String requestURI = "/test/path";
    SessionCookieConfig cookieConfig = new CookieConfig();
    cookieConfig.setDomain("example.com");
    cookieConfig.setName(sessionCookieName);
    cookieConfig.setPath("/");
    cookieConfig.setSecure(secureSessionConfig);
    // Valve.init requires all of this stuff
    EasyMock.expect(ctx.getMBeanKeyProperties()).andStubReturn("");
    EasyMock.expect(ctx.getName()).andStubReturn("");
    EasyMock.expect(ctx.getPipeline()).andStubReturn(new StandardPipeline());
    EasyMock.expect(ctx.getDomain()).andStubReturn("foo");
    EasyMock.expect(ctx.getLogger()).andStubReturn(org.apache.juli.logging.LogFactory.getLog(LoadBalancerDrainingValve.class));
    EasyMock.expect(ctx.getServletContext()).andStubReturn(servletContext);
    // Set up the actual test
    EasyMock.expect(request.getAttribute(LoadBalancerDrainingValve.ATTRIBUTE_KEY_JK_LB_ACTIVATION)).andStubReturn(jkActivation);
    EasyMock.expect(Boolean.valueOf(request.isRequestedSessionIdValid())).andStubReturn(Boolean.valueOf(validSessionId));
    ArrayList<Cookie> cookies = new ArrayList<>();
    if (enableIgnore) {
        cookies.add(new Cookie("ignore", "true"));
    }
    if (!validSessionId && jkActivation.equals("DIS")) {
        MyCookie cookie = new MyCookie(cookieConfig.getName(), sessionId);
        cookie.setPath(cookieConfig.getPath());
        cookie.setValue(sessionId);
        cookies.add(cookie);
        EasyMock.expect(request.getRequestedSessionId()).andStubReturn(sessionId);
        EasyMock.expect(request.getRequestURI()).andStubReturn(requestURI);
        EasyMock.expect(request.getCookies()).andStubReturn(cookies.toArray(new Cookie[0]));
        EasyMock.expect(request.getContext()).andStubReturn(ctx);
        EasyMock.expect(ctx.getSessionCookieName()).andStubReturn(sessionCookieName);
        EasyMock.expect(servletContext.getSessionCookieConfig()).andStubReturn(cookieConfig);
        EasyMock.expect(request.getQueryString()).andStubReturn(queryString);
        EasyMock.expect(ctx.getSessionCookiePath()).andStubReturn("/");
        if (!enableIgnore) {
            EasyMock.expect(Boolean.valueOf(ctx.getSessionCookiePathUsesTrailingSlash())).andStubReturn(Boolean.TRUE);
            EasyMock.expect(request.getQueryString()).andStubReturn(queryString);
            // Response will have cookie deleted
            MyCookie expectedCookie = new MyCookie(cookieConfig.getName(), "");
            expectedCookie.setPath(cookieConfig.getPath());
            expectedCookie.setMaxAge(0);
            EasyMock.expect(Boolean.valueOf(request.isSecure())).andReturn(secureRequest);
            // These two lines just mean EasyMock.expect(response.addCookie) but for a void method
            response.addCookie(expectedCookie);
            // Indirect call
            EasyMock.expect(ctx.getSessionCookieName()).andReturn(sessionCookieName);
            String expectedRequestURI = requestURI;
            if (null != queryString) {
                expectedRequestURI = expectedRequestURI + '?' + queryString;
            }
            response.setHeader("Location", expectedRequestURI);
            response.setStatus(307);
        }
    }
    Valve next = control.createMock(Valve.class);
    if (expectInvokeNext) {
        // Expect the "next" Valve to fire
        // Next 2 lines are basically EasyMock.expect(next.invoke(req,res)) but for a void method
        next.invoke(request, response);
        EasyMock.expectLastCall();
    }
    // Get set to actually test
    control.replay();
    LoadBalancerDrainingValve valve = new LoadBalancerDrainingValve();
    valve.setContainer(ctx);
    valve.init();
    valve.setNext(next);
    valve.setIgnoreCookieName("ignore");
    valve.setIgnoreCookieValue("true");
    valve.invoke(request, response);
    control.verify();
}
Also used : Context(org.apache.catalina.Context) ServletContext(jakarta.servlet.ServletContext) Cookie(jakarta.servlet.http.Cookie) Request(org.apache.catalina.connector.Request) ArrayList(java.util.ArrayList) SessionCookieConfig(jakarta.servlet.SessionCookieConfig) StandardPipeline(org.apache.catalina.core.StandardPipeline) IMocksControl(org.easymock.IMocksControl) Response(org.apache.catalina.connector.Response) ServletContext(jakarta.servlet.ServletContext) Valve(org.apache.catalina.Valve) SessionCookieConfig(jakarta.servlet.SessionCookieConfig) Test(org.junit.Test)

Example 33 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testInvokeXforwardedHostAndPort.

@Test
public void testInvokeXforwardedHostAndPort() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setHostHeader("x-forwarded-host");
    remoteIpValve.setPortHeader("x-forwarded-port");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    // protocol
    request.setSecure(false);
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");
    // host and port
    request.getCoyoteRequest().serverName().setString("10.0.0.1");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-host").setString("example.com");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-port").setString("8443");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    // protocol
    String actualServerName = remoteAddrAndHostTrackerValve.getServerName();
    Assert.assertEquals("tracked serverName", "example.com", actualServerName);
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("tracked scheme", "https", actualScheme);
    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    Assert.assertEquals("tracked serverPort", 8443, actualServerPort);
    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("tracked secure", actualSecure);
    String actualPostInvokeServerName = request.getServerName();
    Assert.assertEquals("postInvoke serverName", "10.0.0.1", actualPostInvokeServerName);
    boolean actualPostInvokeSecure = request.isSecure();
    Assert.assertFalse("postInvoke secure", actualPostInvokeSecure);
    int actualPostInvokeServerPort = request.getServerPort();
    Assert.assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort);
    String actualPostInvokeScheme = request.getScheme();
    Assert.assertEquals("postInvoke scheme", "http", actualPostInvokeScheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 34 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testRequestForwardedForWithPortNumber.

@Test
public void testRequestForwardedForWithPortNumber() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234");
    // protocol
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    Assert.assertEquals("140.211.11.130:1234", remoteAddrAndHostTrackerValve.getRemoteAddr());
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 35 with Request

use of org.apache.catalina.connector.Request in project tomcat by apache.

the class TestRemoteIpValve method testInvokeAllProxiesAreInternal.

@Test
public void testInvokeAllProxiesAreInternal() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProxiesHeader("x-forwarded-by");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, 192.168.0.10, 192.168.0.11");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertNull("all proxies are internal, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    Assert.assertNull("all proxies are internal, x-forwarded-by must be null", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Aggregations

Request (org.apache.catalina.connector.Request)80 Test (org.junit.Test)44 Response (org.apache.catalina.connector.Response)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)14 IOException (java.io.IOException)9 HttpSession (javax.servlet.http.HttpSession)9 Context (org.apache.catalina.Context)9 ServletRequest (javax.servlet.ServletRequest)8 Valve (org.apache.catalina.Valve)7 RequestFacade (org.apache.catalina.connector.RequestFacade)7 TesterContext (org.apache.tomcat.unittest.TesterContext)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 HttpSession (jakarta.servlet.http.HttpSession)5 ServletException (javax.servlet.ServletException)5 Connector (org.apache.catalina.connector.Connector)5 ServletRequest (jakarta.servlet.ServletRequest)4 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)4 ServletRequestWrapper (javax.servlet.ServletRequestWrapper)3 LifecycleException (org.apache.catalina.LifecycleException)3 ServletException (jakarta.servlet.ServletException)2