Support X-Forwarded-Ssl

rstoyanchev · rstoyanchev · commit 3eac2dd31e0e · 2018-05-24T16:14:12.000-04:00
Issue: SPR-16863
diff --git a/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java b/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
@@ -743,6 +743,10 @@ UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
 					scheme(matcher.group(1).trim());
 					port(null);
 				}
+				else if (isForwardedSslOn(headers)) {
+					scheme("https");
+					port(null);
+				}
 				matcher = FORWARDED_HOST_PATTERN.matcher(forwardedToUse);
 				if (matcher.find()) {
 					adaptForwardedHost(matcher.group(1).trim());
@@ -754,6 +758,10 @@ UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
 					scheme(StringUtils.tokenizeToStringArray(protocolHeader, ",")[0]);
 					port(null);
 				}
+				else if (isForwardedSslOn(headers)) {
+					scheme("https");
+					port(null);
+				}
 
 				String hostHeader = headers.getFirst("X-Forwarded-Host");
 				if (StringUtils.hasText(hostHeader)) {
@@ -780,6 +788,11 @@ UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
 		return this;
 	}
 
+	private boolean isForwardedSslOn(HttpHeaders headers) {
+		String forwardedSsl = headers.getFirst("X-Forwarded-Ssl");
+		return StringUtils.hasText(forwardedSsl) && forwardedSsl.equalsIgnoreCase("on");
+	}
+
 	private void adaptForwardedHost(String hostToUse) {
 		int portSeparatorIdx = hostToUse.lastIndexOf(':');
 		if (portSeparatorIdx > hostToUse.lastIndexOf(']')) {
diff --git a/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java b/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java
@@ -33,6 +33,7 @@
 import org.springframework.mock.web.test.MockHttpServletResponse;
 
 import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
 
 /**
  * Unit tests for {@link ForwardedHeaderFilter}.
@@ -458,7 +459,7 @@ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
 		};
 
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		FilterChain filterChain = new MockFilterChain(new HttpServlet() {}, this.filter, filter);
+		FilterChain filterChain = new MockFilterChain(mock(HttpServlet.class), this.filter, filter);
 		filterChain.doFilter(request, response);
 
 		return response.getRedirectedUrl();
diff --git a/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java b/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java
@@ -426,6 +426,21 @@ public void fromHttpRequestWithForwardedProtoWithDefaultPort() {
 		assertEquals(-1, result.getPort());
 	}
 
+	@Test  // SPR-16863
+	public void fromHttpRequestWithForwardedSsl() {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setScheme("http");
+		request.setServerName("example.org");
+		request.setServerPort(10080);
+		request.addHeader("X-Forwarded-Ssl", "on");
+
+		HttpRequest httpRequest = new ServletServerHttpRequest(request);
+		UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build();
+
+		assertEquals("https", result.getScheme());
+		assertEquals("example.org", result.getHost());
+		assertEquals(-1, result.getPort());
+	}
 
 	@Test
 	public void fromHttpRequestWithForwardedHostWithForwardedScheme() {
