Package org.jivesoftware.util.jetty
Class TrustedForwardedRequestCustomizer
java.lang.Object
org.jivesoftware.util.jetty.TrustedForwardedRequestCustomizer
- All Implemented Interfaces:
org.eclipse.jetty.server.HttpConfiguration.Customizer
public class TrustedForwardedRequestCustomizer
extends Object
implements org.eclipse.jetty.server.HttpConfiguration.Customizer
Wraps a ForwardedRequestCustomizer and only applies it to requests from trusted proxies.
The set of trusted proxies supports a mix of IPv4 and IPv6 addresses and ranges.
This guards against spoofed forwarded headers from untrusted network peers.
-
Constructor Summary
ConstructorsConstructorDescriptionTrustedForwardedRequestCustomizer(org.eclipse.jetty.server.ForwardedRequestCustomizer delegate, Set<String> trustedProxies) Applies forwarded-header processing only for requests that originate from a trusted proxy. -
Method Summary
Modifier and TypeMethodDescriptionorg.eclipse.jetty.server.Requestcustomize(org.eclipse.jetty.server.Request request, org.eclipse.jetty.http.HttpFields.Mutable responseHeaders) Applies the delegated forwarded-header customization only when the request source is trusted.
-
Constructor Details
-
TrustedForwardedRequestCustomizer
public TrustedForwardedRequestCustomizer(@Nonnull org.eclipse.jetty.server.ForwardedRequestCustomizer delegate, @Nonnull Set<String> trustedProxies) Applies forwarded-header processing only for requests that originate from a trusted proxy. This wrapper protects against spoofed forwarded headers by ignoring them when the direct peer address is not in the configured trusted proxy ranges.- Parameters:
delegate- the customizer to delegate to when the request source is trustedtrustedProxies- the set of trusted proxy IP ranges
-
-
Method Details
-
customize
public org.eclipse.jetty.server.Request customize(org.eclipse.jetty.server.Request request, org.eclipse.jetty.http.HttpFields.Mutable responseHeaders) Applies the delegated forwarded-header customization only when the request source is trusted.- Specified by:
customizein interfaceorg.eclipse.jetty.server.HttpConfiguration.Customizer- Parameters:
request- the request to potentially customizeresponseHeaders- mutable response headers available to customizers- Returns:
- the possibly customized request instance
-