root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Make RemoteIpValve's protocolHeaderHttpsValue configurable via the env 

Closes gh-3289
This commit is contained in:
Andy Wilkinson 2015-06-22 13:43:02 +01:00
parent 5f2ffdb9e2
commit 01ba0f7571
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -271,6 +271,11 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
*/
private String protocolHeader;
/**
* Value of the protocol header that indicates that the incoming request uses SSL.
*/
private String protocolHeaderHttpsValue = "https";
/**
* Name of the HTTP header used to override the original port value.
*/
@ -400,6 +405,14 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
this.protocolHeader = protocolHeader;
}
public String getProtocolHeaderHttpsValue() {
return this.protocolHeaderHttpsValue;
}
public void setProtocolHeaderHttpsValue(String protocolHeaderHttpsValue) {
this.protocolHeaderHttpsValue = protocolHeaderHttpsValue;
}
public String getPortHeader() {
return this.portHeader;
}
@ -445,6 +458,7 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
valve.setProtocolHeader(protocolHeader);
valve.setInternalProxies(getInternalProxies());
valve.setPortHeader(getPortHeader());
valve.setProtocolHeaderHttpsValue(getProtocolHeaderHttpsValue());
factory.addContextValves(valve);
}

3
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -165,6 +165,7 @@ public class ServerPropertiesTests {
assertThat(valve, instanceOf(RemoteIpValve.class));
RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
assertEquals("x-forwarded-proto", remoteIpValve.getProtocolHeader());
assertEquals("https", remoteIpValve.getProtocolHeaderHttpsValue());
assertEquals("x-forwarded-for", remoteIpValve.getRemoteIpHeader());
String expectedInternalProxies = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8
@ -182,6 +183,7 @@ public class ServerPropertiesTests {
map.put("server.tomcat.protocol_header", "x-my-protocol-header");
map.put("server.tomcat.internal_proxies", "192.168.0.1");
map.put("server.tomcat.port-header", "x-my-forward-port");
map.put("server.tomcat.protocol-header-https-value", "On");
bindProperties(map);
TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
@ -192,6 +194,7 @@ public class ServerPropertiesTests {
assertThat(valve, instanceOf(RemoteIpValve.class));
RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
assertEquals("x-my-protocol-header", remoteIpValve.getProtocolHeader());
assertEquals("On", remoteIpValve.getProtocolHeaderHttpsValue());
assertEquals("x-my-remote-ip-header", remoteIpValve.getRemoteIpHeader());
assertEquals("x-my-forward-port", remoteIpValve.getPortHeader());
assertEquals("192.168.0.1", remoteIpValve.getInternalProxies());

1
spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
View File

@ -81,6 +81,7 @@ content into your application; rather pick only the properties that you need.
169\\.254\\.\\d{1,3}\\.\\d{1,3}|\\
127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses
server.tomcat.protocol-header=x-forwarded-proto # front end proxy forward header
server.tomcat.protocol-header-https-value=https # value of the protocol header that indicates that the incoming request uses SSL
server.tomcat.port-header= # front end proxy port header
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.basedir=/tmp # base dir (usually not needed, defaults to tmp)