private void testRemoteIpValveConfigured() {
   TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
   this.properties.customize(container);
   assertThat(container.getEngineValves()).hasSize(1);
   Valve valve = container.getEngineValves().iterator().next();
   assertThat(valve).isInstanceOf(RemoteIpValve.class);
   RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
   assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("X-Forwarded-Proto");
   assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("https");
   assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("X-Forwarded-For");
   String expectedInternalProxies =
       "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8
           + "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" // 192.168/16
           + "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" // 169.254/16
           + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8
           + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
           + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|"
           + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
   assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
 }
Esempio n. 2
0
 private void customizeRemoteIpValve(
     ServerProperties properties, TomcatEmbeddedServletContainerFactory factory) {
   String protocolHeader = getProtocolHeader();
   String remoteIpHeader = getRemoteIpHeader();
   // For back compatibility the valve is also enabled if protocol-header is set
   if (StringUtils.hasText(protocolHeader)
       || StringUtils.hasText(remoteIpHeader)
       || properties.getOrDeduceUseForwardHeaders()) {
     RemoteIpValve valve = new RemoteIpValve();
     valve.setProtocolHeader(
         StringUtils.hasLength(protocolHeader) ? protocolHeader : "X-Forwarded-Proto");
     if (StringUtils.hasLength(remoteIpHeader)) {
       valve.setRemoteIpHeader(remoteIpHeader);
     }
     // The internal proxies default to a white list of "safe" internal IP
     // addresses
     valve.setInternalProxies(getInternalProxies());
     valve.setPortHeader(getPortHeader());
     valve.setProtocolHeaderHttpsValue(getProtocolHeaderHttpsValue());
     // ... so it's safe to add this valve by default.
     factory.addEngineValves(valve);
   }
 }
  @Test
  public void customTomcatRemoteIpValve() throws Exception {
    Map<String, String> map = new HashMap<String, String>();
    map.put("server.tomcat.remote_ip_header", "x-my-remote-ip-header");
    map.put("server.tomcat.protocol_header", "x-my-protocol-header");
    map.put("server.tomcat.internal_proxies", "192.168.0.1");
    map.put("server.tomcat.port-header", "x-my-forward-port");
    map.put("server.tomcat.protocol-header-https-value", "On");
    bindProperties(map);

    TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
    this.properties.customize(container);

    assertThat(container.getEngineValves()).hasSize(1);
    Valve valve = container.getEngineValves().iterator().next();
    assertThat(valve).isInstanceOf(RemoteIpValve.class);
    RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
    assertThat(remoteIpValve.getProtocolHeader()).isEqualTo("x-my-protocol-header");
    assertThat(remoteIpValve.getProtocolHeaderHttpsValue()).isEqualTo("On");
    assertThat(remoteIpValve.getRemoteIpHeader()).isEqualTo("x-my-remote-ip-header");
    assertThat(remoteIpValve.getPortHeader()).isEqualTo("x-my-forward-port");
    assertThat(remoteIpValve.getInternalProxies()).isEqualTo("192.168.0.1");
  }