root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Polish "Add configuration property for RemoteIpValve's trusted proxies" 

See gh-31576
This commit is contained in:
Stephane Nicoll 2022-07-18 11:58:05 +02:00
parent 7d6129547f
commit f5f3d7cc67
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -966,11 +966,6 @@ public class ServerProperties {
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+ "0:0:0:0:0:0:0:1|::1"; + "0:0:0:0:0:0:0:1|::1";
/**
* Regular expression defining proxies that are trusted when they appear in the remoteIpHeader header.
*/
private String trustedProxies;
/** /**
* Header that holds the incoming protocol, usually named "X-Forwarded-Proto". * Header that holds the incoming protocol, usually named "X-Forwarded-Proto".
*/ */
@ -998,6 +993,12 @@ public class ServerProperties {
*/ */
private String remoteIpHeader; private String remoteIpHeader;
/**
* Regular expression defining proxies that are trusted when they appear in
* the "remote-ip-header" header.
*/
private String trustedProxies;
public String getInternalProxies() { public String getInternalProxies() {
return this.internalProxies; return this.internalProxies;
} }
@ -1047,12 +1048,13 @@ public class ServerProperties {
} }
public String getTrustedProxies() { public String getTrustedProxies() {
return trustedProxies; return this.trustedProxies;
} }
public void setTrustedProxies(String trustedProxies) { public void setTrustedProxies(String trustedProxies) {
this.trustedProxies = trustedProxies; this.trustedProxies = trustedProxies;
} }
} }
} }

2
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View File

@ -227,9 +227,9 @@ public class TomcatWebServerFactoryCustomizer
if (StringUtils.hasLength(remoteIpHeader)) { if (StringUtils.hasLength(remoteIpHeader)) {
valve.setRemoteIpHeader(remoteIpHeader); valve.setRemoteIpHeader(remoteIpHeader);
} }
valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
// The internal proxies default to a list of "safe" internal IP addresses // The internal proxies default to a list of "safe" internal IP addresses
valve.setInternalProxies(remoteIpProperties.getInternalProxies()); valve.setInternalProxies(remoteIpProperties.getInternalProxies());
valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
try { try {
valve.setHostHeader(remoteIpProperties.getHostHeader()); valve.setHostHeader(remoteIpProperties.getHostHeader());
} }

4
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
View File

@ -224,10 +224,10 @@ class TomcatWebServerFactoryCustomizerTests {
bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header", bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header",
"server.tomcat.remoteip.protocol-header=x-my-protocol-header", "server.tomcat.remoteip.protocol-header=x-my-protocol-header",
"server.tomcat.remoteip.internal-proxies=192.168.0.1", "server.tomcat.remoteip.internal-proxies=192.168.0.1",
"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2",
"server.tomcat.remoteip.host-header=x-my-forward-host", "server.tomcat.remoteip.host-header=x-my-forward-host",
"server.tomcat.remoteip.port-header=x-my-forward-port", "server.tomcat.remoteip.port-header=x-my-forward-port",
"server.tomcat.remoteip.protocol-header-https-value=On"); "server.tomcat.remoteip.protocol-header-https-value=On",
"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2");
TomcatServletWebServerFactory factory = customizeAndGetFactory(); TomcatServletWebServerFactory factory = customizeAndGetFactory();
assertThat(factory.getEngineValves()).hasSize(1); assertThat(factory.getEngineValves()).hasSize(1);
Valve valve = factory.getEngineValves().iterator().next(); Valve valve = factory.getEngineValves().iterator().next();