protected HttpServletRequest checkXForwardedHeaders(HttpServletRequest request) { if (useXForwardedHeaders) { String originalProtocol = request.getHeader(X_FORWARDED_PROTO_HEADER); String originalRemoteAddr = request.getHeader(X_FORWARDED_FOR_HEADER); String originalPrefix = request.getHeader(X_FORWARDED_PREFIX_HEADER); String originalHost = request.getHeader(X_FORWARDED_HOST_HEADER); String originalPort = request.getHeader(X_FORWARDED_PORT_HEADER); if (originalProtocol != null || originalRemoteAddr != null) { return new HttpServletRequestXForwardedFilter(request, originalProtocol, originalRemoteAddr, originalPrefix, originalHost, originalPort); } } return request; }
HttpServletRequestXForwardedFilter(HttpServletRequest request, String originalProto, String originalRemoteAddr, String originalPrefix, String originalHost, String originalPort) { super(request); this.newProtocol = originalProto; if (originalRemoteAddr != null) { newRemoteAddr = (originalRemoteAddr.split(",")[0]).trim(); } newRequestUri = calculateNewRequestUri(request, originalPrefix); // Although per Mozilla documentation // (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host) // it should contain one value, Apache's mod_proxy says the comma separated list could // be returned (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html). We don't need // more than 2 components. String outermostHost = originalHost != null ? (originalHost.split(",", 2)[0]).trim() : originalHost; newRequestUrl = calculateNewRequestUrl(request, originalProto, originalPrefix, outermostHost, originalPort); newContextPath = calculateNewContextPath(request, originalPrefix); newServletPath = calculateNewServletPath(request, originalPrefix); } private static String calculateNewContextPath(HttpServletRequest request, String originalPrefix) {
HttpServletRequestXForwardedFilter(HttpServletRequest request, String originalProto, String originalRemoteAddr, String originalPrefix, String originalHost, String originalPort) { super(request); this.newProtocol = originalProto; if (originalRemoteAddr != null) { newRemoteAddr = (originalRemoteAddr.split(",")[0]).trim(); } newRequestUri = calculateNewRequestUri(request, originalPrefix); // Although per Mozilla documentation // (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host) // it should contain one value, Apache's mod_proxy says the comma separated list could // be returned (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html). We don't need // more than 2 components. String outermostHost = originalHost != null ? (originalHost.split(",", 2)[0]).trim() : originalHost; newRequestUrl = calculateNewRequestUrl(request, originalProto, originalPrefix, outermostHost, originalPort); newContextPath = calculateNewContextPath(request, originalPrefix); newServletPath = calculateNewServletPath(request, originalPrefix); } private static String calculateNewContextPath(HttpServletRequest request, String originalPrefix) {
protected HttpServletRequest checkXForwardedHeaders(HttpServletRequest request) { if (useXForwardedHeaders) { String originalProtocol = request.getHeader(X_FORWARDED_PROTO_HEADER); String originalRemoteAddr = request.getHeader(X_FORWARDED_FOR_HEADER); String originalPrefix = request.getHeader(X_FORWARDED_PREFIX_HEADER); String originalHost = request.getHeader(X_FORWARDED_HOST_HEADER); String originalPort = request.getHeader(X_FORWARDED_PORT_HEADER); if (originalProtocol != null || originalRemoteAddr != null) { return new HttpServletRequestXForwardedFilter(request, originalProtocol, originalRemoteAddr, originalPrefix, originalHost, originalPort); } } return request; }