use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.
the class DefaultServletWebServerFactoryCustomizerTests method testRemoteIpValveConfigured.
private void testRemoteIpValveConfigured() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
this.customizer.customize(factory);
assertThat(factory.getEngineValves()).hasSize(1);
Valve valve = factory.getEngineValves().iterator().next();
assertThat(valve).isInstanceOf(RemoteIpValve.class);
RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("X-Forwarded-Proto");
assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("https");
assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("X-Forwarded-For");
String expectedInternalProxies = // 10/8
"10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 192.168/16
"192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + // 169.254/16
"169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + // 127/8
"127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 172.16/12
"172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
}
use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.
the class TomcatReactiveWebServerFactoryTests method useForwardedHeaders.
@Test
void useForwardedHeaders() {
TomcatReactiveWebServerFactory factory = getFactory();
RemoteIpValve valve = new RemoteIpValve();
valve.setProtocolHeader("X-Forwarded-Proto");
factory.addEngineValves(valve);
assertForwardHeaderIsUsed(factory);
}
use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.
the class TomcatWebServerFactoryCustomizerTests method testRemoteIpValveConfigured.
private void testRemoteIpValveConfigured() {
TomcatServletWebServerFactory factory = customizeAndGetFactory();
assertThat(factory.getEngineValves()).hasSize(1);
Valve valve = factory.getEngineValves().iterator().next();
assertThat(valve).isInstanceOf(RemoteIpValve.class);
RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("X-Forwarded-Proto");
assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("https");
assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("X-Forwarded-For");
assertThat(remoteIpValve.getHostHeader()).isEqualTo("X-Forwarded-Host");
assertThat(remoteIpValve.getPortHeader()).isEqualTo("X-Forwarded-Port");
String expectedInternalProxies = // 10/8
"10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 192.168/16
"192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + // 169.254/16
"169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + // 127/8
"127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + // 172.16/12
"172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + //
"172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "0:0:0:0:0:0:0:1|::1";
assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
}
use of org.apache.catalina.valves.RemoteIpValve in project spring-boot by spring-projects.
the class TomcatWebServerFactoryCustomizer method customizeRemoteIpValve.
private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory) {
Remoteip remoteIpProperties = this.serverProperties.getTomcat().getRemoteip();
String protocolHeader = remoteIpProperties.getProtocolHeader();
String remoteIpHeader = remoteIpProperties.getRemoteIpHeader();
// For back compatibility the valve is also enabled if protocol-header is set
if (StringUtils.hasText(protocolHeader) || StringUtils.hasText(remoteIpHeader) || getOrDeduceUseForwardHeaders()) {
RemoteIpValve valve = new RemoteIpValve();
valve.setProtocolHeader(StringUtils.hasLength(protocolHeader) ? protocolHeader : "X-Forwarded-Proto");
if (StringUtils.hasLength(remoteIpHeader)) {
valve.setRemoteIpHeader(remoteIpHeader);
}
// The internal proxies default to a list of "safe" internal IP addresses
valve.setInternalProxies(remoteIpProperties.getInternalProxies());
try {
valve.setHostHeader(remoteIpProperties.getHostHeader());
} catch (NoSuchMethodError ex) {
// Avoid failure with war deployments to Tomcat 8.5 before 8.5.44 and
// Tomcat 9 before 9.0.23
}
valve.setPortHeader(remoteIpProperties.getPortHeader());
valve.setProtocolHeaderHttpsValue(remoteIpProperties.getProtocolHeaderHttpsValue());
// ... so it's safe to add this valve by default.
factory.addEngineValves(valve);
}
}
use of org.apache.catalina.valves.RemoteIpValve in project tomcat by apache.
the class TestAuthInfoResponseHeaders method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
// Configure a context with digest auth and a single protected resource
Tomcat tomcat = getTomcatInstance();
tomcat.getHost().getPipeline().addValve(new RemoteIpValve());
// No file system docBase required
Context ctxt = tomcat.addContext(CONTEXT_PATH, null);
// Add protected servlet
Tomcat.addServlet(ctxt, "TesterServlet", new TesterServlet());
ctxt.addServletMappingDecoded(URI, "TesterServlet");
SecurityCollection collection = new SecurityCollection();
collection.addPatternDecoded(URI);
SecurityConstraint sc = new SecurityConstraint();
sc.addAuthRole(ROLE);
sc.addCollection(collection);
ctxt.addConstraint(sc);
// Configure the Realm
TesterMapRealm realm = new TesterMapRealm();
realm.addUser(USER, PWD);
realm.addUserRole(USER, ROLE);
ctxt.setRealm(realm);
// Configure the authenticator
LoginConfig lc = new LoginConfig();
lc.setAuthMethod(HttpServletRequest.BASIC_AUTH);
ctxt.setLoginConfig(lc);
ctxt.getPipeline().addValve(new BasicAuthenticator());
}
Aggregations