[FELIX-4420] [HTTP SSLFilter] Implement sendRedirect - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: http-2.2.1, http-2.2.2
Fix Version/s: http-2.3.2, http.sslfilter-0.2.0
Component/s: HTTP Service
Labels:
None

Description

The HTTP SSL Filter service implemented in ~~FELIX-3693~~ supports revealing the actual protocol used by the client side browser by inspecting a request header and exposing the proper scheme through its ServletRequest.getScheme() implementation if the actual server is operated behind an SSL terminating proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to server over plain HTTP)

The HttpServletRequest.sendRedirect() method is declared to set the Location header to the absolute redirect URL which includes the scheme. In an SSL terminating proxy situation, the servlet container does not know about this fact and hence uses the actual server scheme (HTTP) for the redirect instead of the scheme used by client.

To fix this situation the SSL filter response should implement the HttpServletResponse.sendRedirect() method to use use the client side scheme as extracted from the request instead of the actual server request.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FELIX-4420-jetty.patch
25/Jun/14 18:33
8 kB
Chetan Mehrotra
FELIX-4420.patch
21/May/14 09:07
29 kB
J.W. Janssen

Issue Links

breaks

FELIX-5309 SslFilter: sendRedirect does not support deliberate protocol changes on the current host

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 06/Feb/14 10:31

Updated:: 20/Jul/16 12:54

Resolved:: 30/Oct/14 12:09