This is an automated email from the ASF dual-hosted git repository.
sureshanaparti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new fe8f3c8eeb5 get forward header for proxies and apply it in Jetty
(#11386)
fe8f3c8eeb5 is described below
commit fe8f3c8eeb573da3e95843ea459ebfd58f6f562a
Author: dahn <[email protected]>
AuthorDate: Thu Aug 7 14:45:16 2025 +0200
get forward header for proxies and apply it in Jetty (#11386)
* get forward header and apply it fro proxies
Co-authored-by: Daan Hoogland <[email protected]>
---
.../main/java/org/apache/cloudstack/ServerDaemon.java | 19 +++++++++++++++++++
server/src/main/java/com/cloud/api/ApiServer.java | 4 ++--
.../java/com/cloud/utils/ConstantTimeComparator.java | 5 +----
3 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index 259a99330df..e5ad3d43b2f 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -24,12 +24,15 @@ import java.io.IOException;
import java.io.InputStream;
import java.lang.management.ManagementFactory;
import java.net.URL;
+import java.util.Arrays;
import java.util.Properties;
+import com.cloud.api.ApiServer;
import org.apache.commons.daemon.Daemon;
import org.apache.commons.daemon.DaemonContext;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jetty.jmx.MBeanContainer;
+import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.RequestLog;
@@ -184,6 +187,7 @@ public class ServerDaemon implements Daemon {
httpConfig.setResponseHeaderSize(8192);
httpConfig.setSendServerVersion(false);
httpConfig.setSendDateHeader(false);
+ addForwardingCustomiser(httpConfig);
// HTTP Connector
createHttpConnector(httpConfig);
@@ -206,6 +210,21 @@ public class ServerDaemon implements Daemon {
server.join();
}
+ /**
+ * Adds a ForwardedRequestCustomizer to the HTTP configuration to handle
forwarded headers.
+ * The header used for forwarding is determined by the
ApiServer.listOfForwardHeaders property.
+ * Only non empty headers are considered and only the first of the
comma-separated list is used.
+ * @param httpConfig the HTTP configuration to which the customizer will
be added
+ */
+ private static void addForwardingCustomiser(HttpConfiguration httpConfig) {
+ ForwardedRequestCustomizer customiser = new
ForwardedRequestCustomizer();
+ String header =
Arrays.stream(ApiServer.listOfForwardHeaders.value().split(",")).findFirst().orElse(null);
+ if (com.cloud.utils.StringUtils.isNotEmpty(header)) {
+ customiser.setForwardedForHeader(header);
+ }
+ httpConfig.addCustomizer(customiser);
+ }
+
@Override
public void stop() throws Exception {
server.stop();
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java
b/server/src/main/java/com/cloud/api/ApiServer.java
index e0737a6891d..c78ac05102f 100644
--- a/server/src/main/java/com/cloud/api/ApiServer.java
+++ b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -315,14 +315,14 @@ public class ApiServer extends ManagerBase implements
HttpRequestHandler, ApiSer
, "enables/disables checking of ipaddresses from a proxy set
header. See \"proxy.header.names\" for the headers to allow."
, true
, ConfigKey.Scope.Global);
- static final ConfigKey<String> listOfForwardHeaders = new
ConfigKey<>(ConfigKey.CATEGORY_NETWORK
+ public static final ConfigKey<String> listOfForwardHeaders = new
ConfigKey<>(ConfigKey.CATEGORY_NETWORK
, String.class
, "proxy.header.names"
, "X-Forwarded-For,HTTP_CLIENT_IP,HTTP_X_FORWARDED_FOR"
, "a list of names to check for allowed ipaddresses from a proxy
set header. See \"proxy.cidr\" for the proxies allowed to set these headers."
, true
, ConfigKey.Scope.Global);
- static final ConfigKey<String> proxyForwardList = new
ConfigKey<>(ConfigKey.CATEGORY_NETWORK
+ public static final ConfigKey<String> proxyForwardList = new
ConfigKey<>(ConfigKey.CATEGORY_NETWORK
, String.class
, "proxy.cidr"
, ""
diff --git a/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java
b/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java
index baf2bc2738f..48925097f70 100644
--- a/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java
+++ b/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java
@@ -19,8 +19,6 @@
package com.cloud.utils;
-import java.nio.charset.Charset;
-
public class ConstantTimeComparator {
public static boolean compareBytes(byte[] b1, byte[] b2) {
@@ -36,7 +34,6 @@ public class ConstantTimeComparator {
}
public static boolean compareStrings(String s1, String s2) {
- final Charset encoding = Charset.forName("UTF-8");
- return compareBytes(s1.getBytes(encoding), s2.getBytes(encoding));
+ return compareBytes(s1.getBytes(StringUtils.getPreferredCharset()),
s2.getBytes(StringUtils.getPreferredCharset()));
}
}
