[
https://issues.apache.org/jira/browse/FELIX-4420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chetan Mehrotra updated FELIX-4420:
-----------------------------------
Attachment: FELIX-4420-jetty.patch
[~jajans] Testcase in attached patch fails if I comment out the new logic added
in SslRequest.
SslRequest is updated with a possible fix for Jetty case where it checks if the
underlying request is from Jetty then it changes the scheme. With that fix the
testcase passes.
Kindly have a look at the patch!.
/cc [~fmeschbe]
> [HTTP SSLFilter] Implement sendRedirect
> ---------------------------------------
>
> Key: FELIX-4420
> URL: https://issues.apache.org/jira/browse/FELIX-4420
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Affects Versions: http-2.2.1, http-2.2.2
> Reporter: Felix Meschberger
> Fix For: http-2.3.0, http-sslfilter-0.1.0
>
> Attachments: FELIX-4420-jetty.patch, FELIX-4420.patch
>
>
> The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the
> actual protocol used by the client side browser by inspecting a request
> header and exposing the proper scheme through its ServletRequest.getScheme()
> implementation if the actual server is operated behind an SSL terminating
> proxy (i.e. client connects with HTTPS to proxy, proxy forwards request to
> server over plain HTTP)
> The HttpServletRequest.sendRedirect() method is declared to set the Location
> header to the absolute redirect URL which includes the scheme. In an SSL
> terminating proxy situation, the servlet container does not know about this
> fact and hence uses the actual server scheme (HTTP) for the redirect instead
> of the scheme used by client.
> To fix this situation the SSL filter response should implement the
> HttpServletResponse.sendRedirect() method to use use the client side scheme
> as extracted from the request instead of the actual server request.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
