Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.wicket.protocol.http.servlet
Class SecuredRemoteAddressRequestWrapperFactory

java.lang.Object
  extended by org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
      extended by org.apache.wicket.protocol.http.servlet.SecuredRemoteAddressRequestWrapperFactory

public class SecuredRemoteAddressRequestWrapperFactory
extends AbstractRequestWrapperFactory

Sets ServletRequest.isSecure() to true if ServletRequest.getRemoteAddr() matches one of the securedRemoteAddresses of this filter.

This filter is often used in combination with XForwardedRequestWrapperFactory to get the remote address of the client even if the request goes through load balancers (e.g. F5 Big IP, Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)

Configuration parameters:

XForwardedFilter property Description Format Default value
securedRemoteAddresses IP addresses for which ServletRequest.isSecure() must return true Comma delimited list of regular expressions (in the syntax supported by the Pattern library) Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}
Note : the default configuration is can usually be used as internal servers are often trusted.

Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11

SecuredRemoteAddressFilter configuration sample : 

 <filter>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
    <init-param>
       <param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
    </init-param>
 </filter>
 
 <filter-mapping>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
 </filter-mapping>

A request with ServletRequest.getRemoteAddr() = 192.168.0.10 or 192.168.0.11 will be seen as ServletRequest.isSecure() == true even if ServletRequest.getScheme() == "http".

Author:
Cyrille Le Clerc, Juergen Donnerstag

Nested Class Summary
static class SecuredRemoteAddressRequestWrapperFactory.Config
           
 
Constructor Summary
SecuredRemoteAddressRequestWrapperFactory()
          Construct.
 
Method Summary
 SecuredRemoteAddressRequestWrapperFactory.Config getConfig()
           
 javax.servlet.http.HttpServletRequest getWrapper(javax.servlet.http.HttpServletRequest request)
          
 void init(javax.servlet.FilterConfig filterConfig)
           
 boolean needsWrapper(javax.servlet.http.HttpServletRequest request)
          
 javax.servlet.http.HttpServletRequest newRequestWrapper(javax.servlet.http.HttpServletRequest request)
          If incoming remote address matches one of the declared IP pattern, wraps the incoming HttpServletRequest to override ServletRequest.isSecure() to set it to true.
 void setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)
          The Wicket application might want to provide its own config
 
Methods inherited from class org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
commaDelimitedListToPatternArray, commaDelimitedListToStringArray, isEnabled, listToCommaDelimitedString, matchesOne, setEnabled
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecuredRemoteAddressRequestWrapperFactory

public SecuredRemoteAddressRequestWrapperFactory()
Construct.

Method Detail

getConfig

public final SecuredRemoteAddressRequestWrapperFactory.Config getConfig()
Returns:
SecuredRemoteAddress and XForwarded filter specific config

setConfig

public final void setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)
The Wicket application might want to provide its own config

Parameters:
config -

getWrapper

public javax.servlet.http.HttpServletRequest getWrapper(javax.servlet.http.HttpServletRequest request)

Overrides:
getWrapper in class AbstractRequestWrapperFactory
Returns:
Either return the request itself, or if needed a wrapper for the request

needsWrapper

public boolean needsWrapper(javax.servlet.http.HttpServletRequest request)

Returns:
True, if a wrapper is needed

newRequestWrapper

public javax.servlet.http.HttpServletRequest newRequestWrapper(javax.servlet.http.HttpServletRequest request)
If incoming remote address matches one of the declared IP pattern, wraps the incoming HttpServletRequest to override ServletRequest.isSecure() to set it to true.

Specified by:
newRequestWrapper in class AbstractRequestWrapperFactory
Returns:
Create a wrapper for the request

init

public void init(javax.servlet.FilterConfig filterConfig)
Parameters:
filterConfig -
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2011 Apache Software Foundation. All Rights Reserved.