Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing #4144 - handle wrapped requests better 

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2019-10-01 17:49:30 -05:00
parent 6fc42d8ba2
commit e9ac2c8c97
No known key found for this signature in database
GPG Key ID: 2D0E1FB8FE4B68B4
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jetty-rewrite/src/main/java/org/eclipse/jetty/rewrite/handler/ForwardedSchemeHeaderRule.java
View File

@ -46,7 +46,8 @@ public class ForwardedSchemeHeaderRule extends HeaderRule
@Override
protected String apply(String target, String value, HttpServletRequest request, HttpServletResponse response)
{
((Request)request).setScheme(_scheme);
Request baseRequest = Request.getBaseRequest(request);
baseRequest.setScheme(_scheme);
return target;
}
}

6
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/DigestAuthenticator.java
View File

@ -121,6 +121,8 @@ public class DigestAuthenticator extends LoginAuthenticator
try
{
Request baseRequest = Request.getBaseRequest(request);
boolean stale = false;
if (credentials != null)
{
@ -173,7 +175,7 @@ public class DigestAuthenticator extends LoginAuthenticator
}
}
int n = checkNonce(digest, (Request)request);
int n = checkNonce(digest, baseRequest);
if (n > 0)
{
@ -195,7 +197,7 @@ public class DigestAuthenticator extends LoginAuthenticator
domain = "/";
response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Digest realm=\"" + _loginService.getName() +
"\", domain=\"" + domain +
"\", nonce=\"" + newNonce((Request)request) +
"\", nonce=\"" + newNonce(baseRequest) +
"\", algorithm=MD5" +
", qop=\"auth\"" +
", stale=" + stale);