HttpConfiguration.Customizer
public class ForwardedRequestCustomizer extends java.lang.Object implements HttpConfiguration.Customizer
This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are
Forwarded
, as defined by rfc7239
X-Forwarded-Host
X-Forwarded-Server
X-Forwarded-For
X-Forwarded-Proto
X-Proxied-Https
If these headers are present, then the Request
object is updated
so that the proxy is not seen as the other end point of the connection on which
the request came
Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised
Constructor | Description |
---|---|
ForwardedRequestCustomizer() |
Modifier and Type | Method | Description |
---|---|---|
void |
customize(Connector connector,
HttpConfiguration config,
Request request) |
|
java.lang.String |
getForcedHost() |
|
java.lang.String |
getForwardedCipherSuiteHeader() |
|
java.lang.String |
getForwardedForHeader() |
|
java.lang.String |
getForwardedHeader() |
|
java.lang.String |
getForwardedHostHeader() |
|
java.lang.String |
getForwardedHttpsHeader() |
|
java.lang.String |
getForwardedProtoHeader() |
Get the forwardedProtoHeader.
|
java.lang.String |
getForwardedServerHeader() |
|
java.lang.String |
getForwardedSslSessionIdHeader() |
|
java.lang.String |
getHostHeader() |
Deprecated.
|
protected java.lang.String |
getLeftMost(java.lang.String headerValue) |
|
boolean |
getProxyAsAuthority() |
|
boolean |
isSslIsSecure() |
|
void |
setForcedHost(java.lang.String hostAndPort) |
Set a forced valued for the host header to control what is returned by
ServletRequest.getServerName() and ServletRequest.getServerPort() . |
void |
setForwardedCipherSuiteHeader(java.lang.String forwardedCipherSuite) |
|
void |
setForwardedForHeader(java.lang.String forwardedRemoteAddressHeader) |
|
void |
setForwardedHeader(java.lang.String forwardedHeader) |
|
void |
setForwardedHostHeader(java.lang.String forwardedHostHeader) |
|
void |
setForwardedHttpsHeader(java.lang.String forwardedHttpsHeader) |
|
void |
setForwardedOnly(boolean rfc7239only) |
|
void |
setForwardedProtoHeader(java.lang.String forwardedProtoHeader) |
Set the forwardedProtoHeader.
|
void |
setForwardedServerHeader(java.lang.String forwardedServerHeader) |
|
void |
setForwardedSslSessionIdHeader(java.lang.String forwardedSslSessionId) |
|
void |
setHostHeader(java.lang.String hostHeader) |
Deprecated.
|
void |
setProxyAsAuthority(boolean proxyAsAuthority) |
|
void |
setSslIsSecure(boolean sslIsSecure) |
|
java.lang.String |
toString() |
public boolean getProxyAsAuthority()
X-Forwarded-Server
or RFC7239 "by" is used as
the request authority. Default falsepublic void setProxyAsAuthority(boolean proxyAsAuthority)
proxyAsAuthority
- if true, use the proxy address obtained via
X-Forwarded-Server
or RFC7239 "by" as the request authority.public void setForwardedOnly(boolean rfc7239only)
rfc7239only
- Configure to only support the RFC7239 Forwarded header and to
not support any X-Forwarded-
headers. This convenience method
clears all the non RFC headers if passed true and sets them to
the default values (if not already set) if passed false.public java.lang.String getForcedHost()
public void setForcedHost(java.lang.String hostAndPort)
ServletRequest.getServerName()
and ServletRequest.getServerPort()
.hostAndPort
- The value of the host header to force.public java.lang.String getForwardedHeader()
public void setForwardedHeader(java.lang.String forwardedHeader)
forwardedHeader
- The header name for RFC forwarded (default Forwarded)public java.lang.String getForwardedHostHeader()
public void setForwardedHostHeader(java.lang.String forwardedHostHeader)
forwardedHostHeader
- The header name for forwarded hosts (default X-Forwarded-Host
)public java.lang.String getForwardedServerHeader()
public void setForwardedServerHeader(java.lang.String forwardedServerHeader)
forwardedServerHeader
- The header name for forwarded server (default X-Forwarded-Server
)public java.lang.String getForwardedForHeader()
public void setForwardedForHeader(java.lang.String forwardedRemoteAddressHeader)
forwardedRemoteAddressHeader
- The header name for forwarded for (default X-Forwarded-For
)public java.lang.String getForwardedProtoHeader()
X-Forwarded-Proto
)public void setForwardedProtoHeader(java.lang.String forwardedProtoHeader)
forwardedProtoHeader
- the forwardedProtoHeader to set (default X-Forwarded-Proto
)public java.lang.String getForwardedCipherSuiteHeader()
Proxy-auth-cert
)public void setForwardedCipherSuiteHeader(java.lang.String forwardedCipherSuite)
forwardedCipherSuite
- The header name holding a forwarded cipher suite (default Proxy-auth-cert
)public java.lang.String getForwardedSslSessionIdHeader()
Proxy-ssl-id
)public void setForwardedSslSessionIdHeader(java.lang.String forwardedSslSessionId)
forwardedSslSessionId
- The header name holding a forwarded SSL Session ID (default Proxy-ssl-id
)public java.lang.String getForwardedHttpsHeader()
X-Proxied-Https
)public void setForwardedHttpsHeader(java.lang.String forwardedHttpsHeader)
forwardedHttpsHeader
- the header name holding a forwarded Https status indicator(default X-Proxied-Https
)public boolean isSslIsSecure()
public void setSslIsSecure(boolean sslIsSecure)
sslIsSecure
- true if the presence of a SSL session or certificate header is sufficient
to indicate a secure request (default is true)public void customize(Connector connector, HttpConfiguration config, Request request)
customize
in interface HttpConfiguration.Customizer
protected java.lang.String getLeftMost(java.lang.String headerValue)
public java.lang.String toString()
toString
in class java.lang.Object
@Deprecated public java.lang.String getHostHeader()
@Deprecated public void setHostHeader(java.lang.String hostHeader)
ServletRequest.getServerName()
and ServletRequest.getServerPort()
.hostHeader
- The value of the host header to force.Copyright © 1995–2018 Webtide. All rights reserved.