Re: [FELIX-3693] HTTP SSLFilter

Mon, 29 Sep 2014 02:45:07 -0700 

Hi

Am 29.09.2014 um 11:34 schrieb Jan Willem Janssen 
<[email protected]>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 29/09/14 11:25, Felix Meschberger wrote:
>> While you are technically correct, the request.getServerPort()
>> should really reflect the port that the actual SSL terminating
>> server is running on.
>> 
>> If this is the default port (getServerPort may return -1) this
>> would still be 443 and not 80. So it should probably be checked
>> that we get the SSL terminator’s port right. And this is really the
>> bug: The current SslFilterRequest implementation does not implement
>> the getServerPort method to ensure this.
> 
> Still, this is all based on heuristics: the code assumes the SSL
> terminating server runs on the default https port.
> 
> Wouldn't it make a lot more sense to make the SslFilter configurable
> wrt what ports it should rewrite? While it requires explicit
> configuration, it makes the code a lot simpler and less bug-prone?

Actually we do port calculation in the response for the sendRedirect support. 
We should probably apply the same algorithm for the getServerPort method.

Regards
Felix


> 
> - -- 
> Met vriendelijke groeten | Kind regards
> 
> Jan Willem Janssen | Software Architect
> +31 631 765 814
> 
> /My world is revolving around INAETICS and Amdatu/
> 
> Luminis Technologies B.V.
> Churchillplein 1
> 7314 BZ   Apeldoorn
> +31 88 586 46 00
> 
> http://www.luminis-technologies.com
> http://www.luminis.eu
> 
> KvK (CoC) 09 16 28 93
> BTW (VAT) NL8169.78.566.B.01
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQIcBAEBAgAGBQJUKSeWAAoJEKF/mP2eHDc4+NIP/1DMT+7FZLLx8VDQAqxpRdFi
> 2t6fAaDR+a+0UeH0vCFgMtgMmIhdJJGUhYeIo979RNuIr7k10zhnmHVPHTx7fgGq
> 9kOkooD1Yw0aGBdrfxtekiUxrAXgS2zm6m1UxS+Tp3tNdwd1kNTJgUnhjFrhtnBv
> /hlaO1Qg7Eu0p9GvKZhbaa3AN1ZGmEmEgpDttNCsJzoYM9LG2gZ8FgAKh58Ojo6D
> 7va7kCa0RivLjGkoagdMM6LuSe7vTwl+yhzRgf6FjXxcHgRyTWyWPf5iqO7rVOFo
> zauQ1Rh3UJTB7dq8j2CCWA5b4KJnfgXK8mo0O0zDnHVRNETdGlDZu3KMPexwNjrC
> d03TtbiLZGx7XZA4x8jEWDeGMxMCg+pWa8VX59BNKq/JmxDgHfj+Pv8YSjuD3htT
> kUw5RNzCBM2SjLupCLqQKU5E5VQpaxjMAcpvGz/JaaamsEh5C7tdWIDuKFW1f2iS
> DWJ/alhE/xrF0wcQyZt+fdBeNA6vsIZ3CI26C+LPoUe4bc20fQMdUFbMtJDYNkqN
> kL0/TrKC5OkoLrgRCLqzg4r0RNQZbfA5wP7P784JfjXZclTUPIWeuyzaP0bodtt/
> 9AjawZvYcuGQBkHZMUUWr4QUJKffNosRVcwJzrBKFA/O2fAQZ7LIv0xaEAaMrxy2
> Xk/TaAfkzzrIgT8idD48
> =lRNe
> -----END PGP SIGNATURE-----

Reply via email to