Class SecuredRemoteAddressRequestWrapperFactory

java.lang.Object
org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
org.apache.wicket.protocol.http.servlet.SecuredRemoteAddressRequestWrapperFactory

Sets ServletRequest.isSecure() to true if ServletRequest.getRemoteAddr() matches one of the securedRemoteAddresses of this filter.

This filter is often used in combination with XForwardedRequestWrapperFactory to get the remote address of the client even if the request goes through load balancers (e.g. F5 Big IP, Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)

Configuration parameters:

Configuration parameters
XForwardedFilter property Description Format Default value
securedRemoteAddresses IP addresses for which ServletRequest.isSecure() must return true Comma delimited list of regular expressions (in the syntax supported by the Pattern library) Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}
Note : the default configuration is can usually be used as internal servers are often trusted.

Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11

SecuredRemoteAddressFilter configuration sample :

 <filter>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
    <init-param>
       <param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
    </init-param>
 </filter>
 
 <filter-mapping>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
 </filter-mapping>

A request with ServletRequest.getRemoteAddr() = 192.168.0.10 or 192.168.0.11 will be seen as ServletRequest.isSecure() == true even if ServletRequest.getScheme() == "http".

Author:
Cyrille Le Clerc, Juergen Donnerstag