Module org.apache.wicket.core
Class SecuredRemoteAddressRequestWrapperFactory
java.lang.Object
org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
org.apache.wicket.protocol.http.servlet.SecuredRemoteAddressRequestWrapperFactory
Sets
Note : the default configuration is can usually be used as internal servers are often trusted.
ServletRequest.isSecure()
to true
if
ServletRequest.getRemoteAddr()
matches one of the securedRemoteAddresses
of
this filter.
This filter is often used in combination with XForwardedRequestWrapperFactory
to get the
remote address of the client even if the request goes through load balancers (e.g. F5 Big IP,
Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)
Configuration parameters:
XForwardedFilter property | Description | Format | Default value |
---|---|---|---|
securedRemoteAddresses | IP addresses for which ServletRequest.isSecure() must return true |
Comma delimited list of regular expressions (in the syntax supported by the
Pattern library) |
Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} |
Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11
SecuredRemoteAddressFilter configuration sample :
<filter>
<filter-name>SecuredRemoteAddressFilter</filter-name>
<filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
<init-param>
<param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecuredRemoteAddressFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
A request with
will be seen as ServletRequest.getRemoteAddr()
= 192.168.0.10 or 192.168.0.11
even if
ServletRequest.isSecure()
== true
.
ServletRequest.getScheme()
== "http"
- Author:
- Cyrille Le Clerc, Juergen Donnerstag
-
Nested Class Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionjakarta.servlet.http.HttpServletRequest
getWrapper
(jakarta.servlet.http.HttpServletRequest request) Wrap the given request.void
init
(jakarta.servlet.FilterConfig filterConfig) boolean
needsWrapper
(jakarta.servlet.http.HttpServletRequest request) jakarta.servlet.http.HttpServletRequest
newRequestWrapper
(jakarta.servlet.http.HttpServletRequest request) If incoming remote address matches one of the declared IP pattern, wraps the incomingHttpServletRequest
to overrideServletRequest.isSecure()
to set it totrue
.final void
The Wicket application might want to provide its own configMethods inherited from class org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
commaDelimitedListToPatternArray, commaDelimitedListToStringArray, isEnabled, listToCommaDelimitedString, matchesOne, setEnabled
-
Constructor Details
-
SecuredRemoteAddressRequestWrapperFactory
Construct.
-
-
Method Details
-
getConfig
- Returns:
- SecuredRemoteAddress and XForwarded filter specific config
-
setConfig
The Wicket application might want to provide its own config- Parameters:
config
-
-
getWrapper
public jakarta.servlet.http.HttpServletRequest getWrapper(jakarta.servlet.http.HttpServletRequest request) Description copied from class:AbstractRequestWrapperFactory
Wrap the given request.- Overrides:
getWrapper
in classAbstractRequestWrapperFactory
- Parameters:
request
- request to wrap- Returns:
- Either return the request itself, or if needed a wrapper for the request
-
needsWrapper
- Specified by:
needsWrapper
in classAbstractRequestWrapperFactory
- Returns:
- True, if a wrapper is needed
-
newRequestWrapper
public jakarta.servlet.http.HttpServletRequest newRequestWrapper(jakarta.servlet.http.HttpServletRequest request) If incoming remote address matches one of the declared IP pattern, wraps the incomingHttpServletRequest
to overrideServletRequest.isSecure()
to set it totrue
.- Specified by:
newRequestWrapper
in classAbstractRequestWrapperFactory
- Returns:
- Create a wrapper for the request
-
init
- Parameters:
filterConfig
-
-