Commit dccfb00e authored by Georg Mittendorfer's avatar Georg Mittendorfer

Change default for remote ip in proxy mode to X-Real-IP. Improve handling of unset ssl/ip header.

parent 937f9ff1
......@@ -44,8 +44,8 @@ public class ClientSessionExtractor {
proxyEnabled = env.getProperty("piri.proxy.mode.enabled", Boolean.class, false);
String trustedIps = env.getProperty("piri.proxy.trusted.ip.regexp");
trustedProxies = StringUtils.isNotBlank(trustedIps) ? Pattern.compile(trustedIps) : null;
remoteIpHeader = env.getProperty("piri.proxy.remote-ip-header", "X-Forwarded-For");
remoteSslIdHeader = env.getProperty("piri.proxy.remote-ssl-id-header", "X-Real-SslId");
remoteIpHeader = StringUtils.stripToNull(env.getProperty("piri.proxy.remote-ip-header", "X-Real-IP"));
remoteSslIdHeader = StringUtils.stripToNull(env.getProperty("piri.proxy.remote-ssl-id-header"));
trustCheckEnabled = env.getProperty("piri.proxy.trust.check.enabled", Boolean.class, true);
Logger logger = LoggerFactory.getLogger(getClass());
if (proxyEnabled) {
......@@ -54,8 +54,8 @@ public class ClientSessionExtractor {
} else {
logger.warn("Proxy trust check disabled. Trusting all IPs.");
}
logger.info("Proxy remote IP Header: [{}]", remoteIpHeader);
logger.info("Proxy remote SslId Header: [{}]", remoteSslIdHeader);
logger.info("Proxy remote IP Header: [{}]", remoteIpHeader == null ? "not set" : remoteIpHeader);
logger.info("Proxy remote SslId Header: [{}]", remoteSslIdHeader == null ? "not set" : remoteSslIdHeader);
} else {
logger.info("Proxy mode not enabled.");
}
......@@ -76,7 +76,7 @@ public class ClientSessionExtractor {
}
private String getProxyClientSslSessionId(ServerHttpRequest request) {
return containsHeaderAndIsTrusted(request, remoteSslIdHeader)
return remoteSslIdHeader != null && containsHeaderAndIsTrusted(request, remoteSslIdHeader)
? request.getHeaders().getFirst(remoteSslIdHeader)
: null;
}
......@@ -86,7 +86,7 @@ public class ClientSessionExtractor {
}
private boolean containsHeader(ServerHttpRequest request, String header) {
boolean containsHeader = request.getHeaders().containsKey(header);
boolean containsHeader = header != null && request.getHeaders().containsKey(header);
if (!containsHeader) {
logger.debug("Header [{}] missing.", header);
}
......
......@@ -109,6 +109,13 @@ public class ClientSessionExtractorTest {
assertThat(session.getClientSslId(serverRequest)).isNull();
}
@Test
public void givenProxyModeButSslIdDisabledWhenGetSslIdThenReturnNull() {
enableProxyMode(null, null, null, false);
ClientSessionExtractor session = new ClientSessionExtractor(env);
assertThat(session.getClientSslId(serverRequest)).isNull();
}
@Test
public void givenTrustedSiteLocalAddressWhenGetClientIpThenReturnHeader() {
enableProxyMode("foo", null, null, true);
......@@ -178,8 +185,8 @@ public class ClientSessionExtractorTest {
when(env.getProperty("piri.proxy.mode.enabled", Boolean.class, false)).thenReturn(true);
when(env.getProperty("piri.proxy.trust.check.enabled", Boolean.class, true)).thenReturn(trustChecked);
when(env.getProperty("piri.proxy.trusted.ip.regexp")).thenReturn(trustedProxies);
when(env.getProperty("piri.proxy.remote-ip-header", "X-Forwarded-For")).thenReturn(remoteIpHeader);
when(env.getProperty("piri.proxy.remote-ssl-id-header", "X-Real-SslId")).thenReturn(remoteSslIdHeader);
when(env.getProperty("piri.proxy.remote-ip-header", "X-Real-IP")).thenReturn(remoteIpHeader);
when(env.getProperty("piri.proxy.remote-ssl-id-header")).thenReturn(remoteSslIdHeader);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment