Merge remote-tracking branch 'origin/jetty-9.3.x' into jetty-9.4.x

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2019-02-05 08:21:38 +11:00 · 2019-02-05 08:21:38 +11:00 · 051edc94d7
parent fda815cd56 25afa868da
commit 051edc94d7
2 changed files with 60 additions and 3 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
@ -29,7 +29,10 @@ import org.eclipse.jetty.http.HttpHeader;
 import org.eclipse.jetty.http.HttpScheme;
 import org.eclipse.jetty.http.QuotedCSV;
 import org.eclipse.jetty.server.HttpConfiguration.Customizer;
+import org.eclipse.jetty.util.HostPort;
 import org.eclipse.jetty.util.StringUtil;
+import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.log.Logger;


 /* ------------------------------------------------------------ */
@ -54,6 +57,8 @@ import org.eclipse.jetty.util.StringUtil;
 */
 public class ForwardedRequestCustomizer implements Customizer
 {
+    private static final Logger LOG = Log.getLogger(ForwardedRequestCustomizer.class);
+
    private HostPortHttpField _forcedHost;
    private String _forwardedHeader = HttpHeader.FORWARDED.toString();
    private String _forwardedHostHeader = HttpHeader.X_FORWARDED_HOST.toString();
@ -297,7 +302,7 @@ public class ForwardedRequestCustomizer implements Customizer
        RFC7239 rfc7239 = null;
        String forwardedHost = null;
        String forwardedServer = null;
-        String forwardedFor = null;
+        HostPort forwardedFor = null;
        String forwardedProto = null;
        String forwardedHttps = null;
        
@ -333,7 +338,7 @@ public class ForwardedRequestCustomizer implements Customizer
                forwardedServer = getLeftMost(field.getValue());
            
            if (forwardedFor==null && _forwardedForHeader!=null && _forwardedForHeader.equalsIgnoreCase(name))
-                forwardedFor = getLeftMost(field.getValue());
+                forwardedFor = getRemoteAddr(field.getValue());
            
            if (forwardedProto==null && _forwardedProtoHeader!=null && _forwardedProtoHeader.equalsIgnoreCase(name))
                forwardedProto = getLeftMost(field.getValue());
@ -389,7 +394,7 @@ public class ForwardedRequestCustomizer implements Customizer
        }
        else if (forwardedFor != null)
        {
-            request.setRemoteAddr(InetSocketAddress.createUnresolved(forwardedFor,request.getRemotePort()));
+            request.setRemoteAddr(InetSocketAddress.createUnresolved(forwardedFor.getHost(), (forwardedFor.getPort() > 0) ? forwardedFor.getPort() : request.getRemotePort()));
        }

        // handle protocol identifier
@ -430,6 +435,26 @@ public class ForwardedRequestCustomizer implements Customizer
        // The left-most value is the farthest downstream client
        return headerValue.substring(0,commaIndex).trim();
    }
+
+    protected HostPort getRemoteAddr(String headerValue)
+    {
+        String leftMost = getLeftMost(headerValue);
+        if (leftMost == null)
+        {
+            return null;
+        }
+
+        try
+        {
+            return new HostPort(leftMost);
+        }
+        catch (Exception e)
+        {
+            // failed to parse in host[:port] format
+            LOG.ignore(e);
+            return null;
+        }
+    }
    
    @Override
    public String toString()
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
@ -217,6 +217,38 @@ public class ForwardedRequestCustomizerTest
        assertEquals("0",_results.poll());
    }

+    @Test
+    public void testForIpv4WithPort() throws Exception
+    {
+        String response=_connector.getResponse(
+            "GET / HTTP/1.1\n"+
+                "Host: myhost\n"+
+                "X-Forwarded-For: 10.9.8.7:1111,6.5.4.3:2222\n"+
+                "\n");
+        assertThat(response, Matchers.containsString("200 OK"));
+        assertEquals("http",_results.poll());
+        assertEquals("myhost",_results.poll());
+        assertEquals("80",_results.poll());
+        assertEquals("10.9.8.7",_results.poll());
+        assertEquals("1111",_results.poll());
+    }
+
+    @Test
+    public void testForIpv6WithPort() throws Exception
+    {
+        String response=_connector.getResponse(
+            "GET / HTTP/1.1\n"+
+                "Host: myhost\n"+
+                "X-Forwarded-For: [2001:db8:cafe::17]:1111,6.5.4.3:2222\n"+
+                "\n");
+        assertThat(response, Matchers.containsString("200 OK"));
+        assertEquals("http",_results.poll());
+        assertEquals("myhost",_results.poll());
+        assertEquals("80",_results.poll());
+        assertEquals("[2001:db8:cafe::17]",_results.poll());
+        assertEquals("1111",_results.poll());
+    }
+
    @Test
    public void testLegacyProto() throws Exception
    {