public class SecuredRemoteAddressRequestWrapperFactory extends AbstractRequestWrapperFactory
ServletRequest.isSecure()
to true
if
ServletRequest.getRemoteAddr()
matches one of the securedRemoteAddresses
of
this filter.
This filter is often used in combination with XForwardedRequestWrapperFactory
to get the
remote address of the client even if the request goes through load balancers (e.g. F5 Big IP,
Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)
Configuration parameters:
XForwardedFilter property | Description | Format | Default value |
---|---|---|---|
securedRemoteAddresses | IP addresses for which ServletRequest.isSecure() must return true |
Comma delimited list of regular expressions (in the syntax supported by the
Pattern library) |
Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} |
Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11
SecuredRemoteAddressFilter configuration sample :
<filter>
<filter-name>SecuredRemoteAddressFilter</filter-name>
<filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
<init-param>
<param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecuredRemoteAddressFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
A request with
will be seen as ServletRequest.getRemoteAddr()
= 192.168.0.10 or 192.168.0.11
even if
ServletRequest.isSecure()
== true
.
ServletRequest.getScheme()
== "http"
Modifier and Type | Class and Description |
---|---|
static class |
SecuredRemoteAddressRequestWrapperFactory.Config |
Constructor and Description |
---|
SecuredRemoteAddressRequestWrapperFactory()
Construct.
|
Modifier and Type | Method and Description |
---|---|
SecuredRemoteAddressRequestWrapperFactory.Config |
getConfig() |
javax.servlet.http.HttpServletRequest |
getWrapper(javax.servlet.http.HttpServletRequest request)
Wrap the given request.
|
void |
init(javax.servlet.FilterConfig filterConfig) |
boolean |
needsWrapper(javax.servlet.http.HttpServletRequest request) |
javax.servlet.http.HttpServletRequest |
newRequestWrapper(javax.servlet.http.HttpServletRequest request)
If incoming remote address matches one of the declared IP pattern, wraps the incoming
HttpServletRequest to override ServletRequest.isSecure() to set it to
true . |
void |
setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)
The Wicket application might want to provide its own config
|
commaDelimitedListToPatternArray, commaDelimitedListToStringArray, isEnabled, listToCommaDelimitedString, matchesOne, setEnabled
public SecuredRemoteAddressRequestWrapperFactory()
public final SecuredRemoteAddressRequestWrapperFactory.Config getConfig()
public final void setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)
config
- public javax.servlet.http.HttpServletRequest getWrapper(javax.servlet.http.HttpServletRequest request)
getWrapper
in class AbstractRequestWrapperFactory
request
- request to wrappublic boolean needsWrapper(javax.servlet.http.HttpServletRequest request)
needsWrapper
in class AbstractRequestWrapperFactory
public javax.servlet.http.HttpServletRequest newRequestWrapper(javax.servlet.http.HttpServletRequest request)
HttpServletRequest
to override ServletRequest.isSecure()
to set it to
true
.newRequestWrapper
in class AbstractRequestWrapperFactory
public void init(javax.servlet.FilterConfig filterConfig)
filterConfig
- Copyright © 2006–2017 Apache Software Foundation. All rights reserved.