@Test public void testIncomingRequestIsSecuredButProtocolHeaderSaysItIsNotWithDefaultValues() throws Exception { // PREPARE FilterDef filterDef = new FilterDef(); filterDef.addInitParameter("protocolHeader", "x-forwarded-proto"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRemoteAddr("192.168.0.10"); request.setSecure(true); request.setScheme("https"); request.setHeader("x-forwarded-for", "140.211.11.130"); request.setHeader("x-forwarded-proto", "http"); // TEST HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request); // VERIFY boolean actualSecure = actualRequest.isSecure(); assertFalse( "request must be unsecured as header x-forwarded-proto said it is http", actualSecure); String actualScheme = actualRequest.getScheme(); assertEquals( "scheme must be http as header x-forwarded-proto said it is http", "http", actualScheme); String actualRemoteAddr = actualRequest.getRemoteAddr(); assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr); String actualRemoteHost = actualRequest.getRemoteHost(); assertEquals("remoteHost", "140.211.11.130", actualRemoteHost); }