[jira] [Commented] (FELIX-4420) [HTTP SSLFilter] Implement sendRedirect

[Chetan Mehrotra (JIRA)]

    [ 
https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14043129#comment-14043129
 ] 

Chetan Mehrotra commented on FELIX-4420:
----------------------------------------

Also I am not sure if the approach used would work. When using 
HttpServletResponseWrapper the original response is decorated. However if the 
actual  implementation of the HttpServletResponse internally invokes setHeader 
on sendRedirect that call would not be passed to the wrapper class. So probably 
setHeader would not be called in any case.

Now for Jetty case sendRedirect [1] internally calls setHeader(HttpHeader name, 
String value) so this solution would not work for Jetty case. The solution used 
are mostly server specific. For Jetty case [2] we can possibly do that via a 
custom HandlerCollection or 
org.eclipse.jetty.server.HttpConfiguration.Customizer.

[1] 
https://github.com/eclipse/jetty.project/blob/master/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java#L671
[2] http://comments.gmane.org/gmane.comp.java.jetty.support/14561

> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>
>                 Key: FELIX-4420
>                 URL: https://issues.apache.org/jira/browse/FELIX-4420
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http-2.2.1, http-2.2.2
>            Reporter: Felix Meschberger
>             Fix For: http-2.3.0, http-sslfilter-0.1.0
>
>         Attachments: FELIX-4420.patch
>
>
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the 
> actual protocol used by the client side browser by inspecting a request 
> header and exposing the proper scheme through its ServletRequest.getScheme() 
> implementation if the actual server is operated behind an SSL terminating 
> proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to 
> server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location 
> header to the absolute redirect URL which includes the scheme. In an SSL 
> terminating proxy situation, the servlet container does not know about this 
> fact and hence uses the actual server scheme (HTTP) for the redirect instead 
> of the scheme used by client.
> To fix this situation the SSL filter response should implement the 
> HttpServletResponse.sendRedirect() method to use use the client side scheme 
> as extracted from the request instead of the actual server request.



--
This message was sent by Atlassian JIRA
(v6.2#6252)