Search in sources :

Example 1 with RemoteIpValve

use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.

the class DefaultServletWebServerFactoryCustomizerTests method testRemoteIpValveConfigured.

private void testRemoteIpValveConfigured() {
    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
    this.customizer.customize(factory);
    assertThat(factory.getEngineValves()).hasSize(1);
    Valve valve = factory.getEngineValves().iterator().next();
    assertThat(valve).isInstanceOf(RemoteIpValve.class);
    RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
    assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("X-Forwarded-Proto");
    assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("https");
    assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("X-Forwarded-For");
    String expectedInternalProxies = // 10/8
    "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 192.168/16
    "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + // 169.254/16
    "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + // 127/8
    "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 172.16/12
    "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
    assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
}
Also used : TomcatServletWebServerFactory(org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory) Valve(org.apache.catalina.Valve) AccessLogValve(org.apache.catalina.valves.AccessLogValve) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve)

Example 2 with RemoteIpValve

use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.

the class TomcatReactiveWebServerFactoryTests method useForwardedHeaders.

@Test
void useForwardedHeaders() {
    TomcatReactiveWebServerFactory factory = getFactory();
    RemoteIpValve valve = new RemoteIpValve();
    valve.setProtocolHeader("X-Forwarded-Proto");
    factory.addEngineValves(valve);
    assertForwardHeaderIsUsed(factory);
}
Also used : RemoteIpValve(org.apache.catalina.valves.RemoteIpValve) Test(org.junit.jupiter.api.Test)

Example 3 with RemoteIpValve

use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.

the class TomcatWebServerFactoryCustomizerTests method testRemoteIpValveConfigured.

private void testRemoteIpValveConfigured() {
    TomcatServletWebServerFactory factory = customizeAndGetFactory();
    assertThat(factory.getEngineValves()).hasSize(1);
    Valve valve = factory.getEngineValves().iterator().next();
    assertThat(valve).isInstanceOf(RemoteIpValve.class);
    RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
    assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("X-Forwarded-Proto");
    assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("https");
    assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("X-Forwarded-For");
    assertThat(remoteIpValve.getHostHeader()).isEqualTo("X-Forwarded-Host");
    assertThat(remoteIpValve.getPortHeader()).isEqualTo("X-Forwarded-Port");
    String expectedInternalProxies = // 10/8
    "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 192.168/16
    "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + // 169.254/16
    "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + // 127/8
    "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 172.16/12
    "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + // 
    "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "0:0:0:0:0:0:0:1|::1";
    assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
}
Also used : TomcatServletWebServerFactory(org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory) ErrorReportValve(org.apache.catalina.valves.ErrorReportValve) Valve(org.apache.catalina.Valve) AccessLogValve(org.apache.catalina.valves.AccessLogValve) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve)

Example 4 with RemoteIpValve

use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.

the class TomcatWebServerFactoryCustomizer method customizeRemoteIpValve.

private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory) {
    Remoteip remoteIpProperties = this.serverProperties.getTomcat().getRemoteip();
    String protocolHeader = remoteIpProperties.getProtocolHeader();
    String remoteIpHeader = remoteIpProperties.getRemoteIpHeader();
    // For back compatibility the valve is also enabled if protocol-header is set
    if (StringUtils.hasText(protocolHeader) || StringUtils.hasText(remoteIpHeader) || getOrDeduceUseForwardHeaders()) {
        RemoteIpValve valve = new RemoteIpValve();
        valve.setProtocolHeader(StringUtils.hasLength(protocolHeader) ? protocolHeader : "X-Forwarded-Proto");
        if (StringUtils.hasLength(remoteIpHeader)) {
            valve.setRemoteIpHeader(remoteIpHeader);
        }
        // The internal proxies default to a list of "safe" internal IP addresses
        valve.setInternalProxies(remoteIpProperties.getInternalProxies());
        try {
            valve.setHostHeader(remoteIpProperties.getHostHeader());
        } catch (NoSuchMethodError ex) {
        // Avoid failure with war deployments to Tomcat 8.5 before 8.5.44 and
        // Tomcat 9 before 9.0.23
        }
        valve.setPortHeader(remoteIpProperties.getPortHeader());
        valve.setProtocolHeaderHttpsValue(remoteIpProperties.getProtocolHeaderHttpsValue());
        // ... so it's safe to add this valve by default.
        factory.addEngineValves(valve);
    }
}
Also used : Remoteip(org.springframework.boot.autoconfigure.web.ServerProperties.Tomcat.Remoteip) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve)

Example 5 with RemoteIpValve

use of org.apache.catalina.valves.RemoteIpValve in project tomcat by apache.

the class TestAuthInfoResponseHeaders method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    // Configure a context with digest auth and a single protected resource
    Tomcat tomcat = getTomcatInstance();
    tomcat.getHost().getPipeline().addValve(new RemoteIpValve());
    // No file system docBase required
    Context ctxt = tomcat.addContext(CONTEXT_PATH, null);
    // Add protected servlet
    Tomcat.addServlet(ctxt, "TesterServlet", new TesterServlet());
    ctxt.addServletMappingDecoded(URI, "TesterServlet");
    SecurityCollection collection = new SecurityCollection();
    collection.addPatternDecoded(URI);
    SecurityConstraint sc = new SecurityConstraint();
    sc.addAuthRole(ROLE);
    sc.addCollection(collection);
    ctxt.addConstraint(sc);
    // Configure the Realm
    TesterMapRealm realm = new TesterMapRealm();
    realm.addUser(USER, PWD);
    realm.addUserRole(USER, ROLE);
    ctxt.setRealm(realm);
    // Configure the authenticator
    LoginConfig lc = new LoginConfig();
    lc.setAuthMethod(HttpServletRequest.BASIC_AUTH);
    ctxt.setLoginConfig(lc);
    ctxt.getPipeline().addValve(new BasicAuthenticator());
}
Also used : Context(org.apache.catalina.Context) Tomcat(org.apache.catalina.startup.Tomcat) TesterMapRealm(org.apache.catalina.startup.TesterMapRealm) LoginConfig(org.apache.tomcat.util.descriptor.web.LoginConfig) TesterServlet(org.apache.catalina.startup.TesterServlet) RemoteIpValve(org.apache.catalina.valves.RemoteIpValve) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)

Aggregations

RemoteIpValve (org.apache.catalina.valves.RemoteIpValve)8 Valve (org.apache.catalina.Valve)4 AccessLogValve (org.apache.catalina.valves.AccessLogValve)4 TomcatServletWebServerFactory (org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory)4 Test (org.junit.jupiter.api.Test)3 ErrorReportValve (org.apache.catalina.valves.ErrorReportValve)2 HashMap (java.util.HashMap)1 Context (org.apache.catalina.Context)1 TesterMapRealm (org.apache.catalina.startup.TesterMapRealm)1 TesterServlet (org.apache.catalina.startup.TesterServlet)1 Tomcat (org.apache.catalina.startup.Tomcat)1 LoginConfig (org.apache.tomcat.util.descriptor.web.LoginConfig)1 SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)1 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)1 Test (org.junit.Test)1 Remoteip (org.springframework.boot.autoconfigure.web.ServerProperties.Tomcat.Remoteip)1