Package org.frankframework.lifecycle.servlets

Class CustomizedForwardedHeaderFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.frankframework.lifecycle.servlets.CustomizedForwardedHeaderFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class CustomizedForwardedHeaderFilter extends org.springframework.web.filter.OncePerRequestFilter
Customized version of the original class ForwardedHeaderFilter in Spring Framework. Extract values from "Forwarded" and "X-Forwarded-*" headers, wrap the request and response, and make them reflect the client-originated protocol and address in the following methods:
  • getServerName()
  • getServerPort()
  • getScheme()
  • isSecure()
  • sendRedirect(String).

There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client. This is why a proxy at the boundary of trust should be configured to remove untrusted Forwarded headers that come from the outside.

Since:
4.3
Author:
Rossen Stoyanchev, EddĂș MelĂ©ndez, Rob Winch, Brian Clozel
See Also:

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    CustomizedForwardedHeaderFilter(boolean allowForwardedHeadersPassthrough)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
     
    protected void
    doFilterNestedErrorDispatch(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
     
    protected String
    formatRequest(jakarta.servlet.http.HttpServletRequest request)
    Format the request for logging purposes including HTTP method and URL.
    protected boolean
    shouldNotFilter(jakarta.servlet.http.HttpServletRequest request)
     
    protected boolean
    shouldNotFilterAsyncDispatch()
     
    protected boolean
    shouldNotFilterErrorDispatch()
     

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CustomizedForwardedHeaderFilter

      public CustomizedForwardedHeaderFilter(boolean allowForwardedHeadersPassthrough)

  • Method Details

    • shouldNotFilter

      protected boolean shouldNotFilter(@Nonnull jakarta.servlet.http.HttpServletRequest request)
      Overrides:
      shouldNotFilter in class org.springframework.web.filter.OncePerRequestFilter

    • shouldNotFilterAsyncDispatch

      protected boolean shouldNotFilterAsyncDispatch()
      Overrides:
      shouldNotFilterAsyncDispatch in class org.springframework.web.filter.OncePerRequestFilter

    • shouldNotFilterErrorDispatch

      protected boolean shouldNotFilterErrorDispatch()
      Overrides:
      shouldNotFilterErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter

    • doFilterInternal

      protected void doFilterInternal(@Nonnull jakarta.servlet.http.HttpServletRequest request, @Nonnull jakarta.servlet.http.HttpServletResponse response, @Nonnull jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • formatRequest

      protected String formatRequest(jakarta.servlet.http.HttpServletRequest request)
      Format the request for logging purposes including HTTP method and URL.
      Parameters:
      request - the request to format
      Returns:
      the String to display, never empty or null

    • doFilterNestedErrorDispatch

      protected void doFilterNestedErrorDispatch(@Nonnull jakarta.servlet.http.HttpServletRequest request, @Nonnull jakarta.servlet.http.HttpServletResponse response, @Nonnull jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Overrides:
      doFilterNestedErrorDispatch in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException