svn commit: r1616562 - /tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java

Thu, 07 Aug 2014 11:32:38 -0700 

Author: fhanik
Date: Thu Aug  7 18:31:49 2014
New Revision: 1616562

URL: http://svn.apache.org/r1616562
Log:
Add in test for different possible configurations using the RemoteIpValve
More complex expressions like 172/12 can be supported


Modified:
    tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java

Modified: tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java?rev=1616562&r1=1616561&r2=1616562&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java 
(original)
+++ tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java Thu Aug 
 7 18:31:49 2014
@@ -319,6 +319,85 @@ public class TestRemoteIpValve {
     }
 
     @Test
+    public void test172dash12InternalProxies() throws Exception {
+
+        // PREPARE
+        RemoteIpValve remoteIpValve = new RemoteIpValve();
+        
remoteIpValve.setInternalProxies("172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
+        remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+        remoteIpValve.setProtocolHeader("x-forwarded-proto");
+        RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new 
RemoteAddrAndHostTrackerValve();
+        remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+        Request request = new MockRequest();
+        request.setCoyoteRequest(new org.apache.coyote.Request());
+        request.setRemoteAddr("172.16.0.5");
+        request.setRemoteHost("remote-host-original-value");
+        
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
+        
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
+
+        // TEST
+        remoteIpValve.invoke(request, null);
+
+        // VERIFY
+        String actualXForwardedFor = request.getHeader("x-forwarded-for");
+        assertNull("all proxies are trusted, x-forwarded-for must be null", 
actualXForwardedFor);
+
+        String actualRemoteAddr = 
remoteAddrAndHostTrackerValve.getRemoteAddr();
+        assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
+
+        String actualRemoteHost = 
remoteAddrAndHostTrackerValve.getRemoteHost();
+        assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
+
+        String actualPostInvokeRemoteAddr = 
remoteAddrAndHostTrackerValve.getRemoteAddr();
+        assertEquals("postInvoke remoteAddr", "209.244.0.3", 
actualPostInvokeRemoteAddr);
+
+        String actualPostInvokeRemoteHost = request.getRemoteHost();
+        assertEquals("postInvoke remoteAddr", "remote-host-original-value", 
actualPostInvokeRemoteHost);
+
+        boolean isSecure = remoteAddrAndHostTrackerValve.isSecure();
+        assertTrue("request from internal proxy should be marked secure", 
isSecure);
+
+        String scheme = remoteAddrAndHostTrackerValve.getScheme();
+        assertEquals("Scheme should be marked to https.","https",scheme);
+
+        request = new MockRequest();
+        request.setCoyoteRequest(new org.apache.coyote.Request());
+        request.setRemoteAddr("172.25.250.250");
+        request.setRemoteHost("remote-host-original-value");
+        
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("209.244.0.3");
+        
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
+
+        // TEST
+        remoteIpValve.invoke(request, null);
+
+        // VERIFY
+        actualXForwardedFor = request.getHeader("x-forwarded-for");
+        assertNull("all proxies are trusted, x-forwarded-for must be null", 
actualXForwardedFor);
+
+        actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
+        assertEquals("remoteAddr", "209.244.0.3", actualRemoteAddr);
+
+        actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
+        assertEquals("remoteHost", "209.244.0.3", actualRemoteHost);
+
+        actualPostInvokeRemoteAddr = 
remoteAddrAndHostTrackerValve.getRemoteAddr();
+        assertEquals("postInvoke remoteAddr", "209.244.0.3", 
actualPostInvokeRemoteAddr);
+
+        actualPostInvokeRemoteHost = request.getRemoteHost();
+        assertEquals("postInvoke remoteAddr", "remote-host-original-value", 
actualPostInvokeRemoteHost);
+
+        isSecure = remoteAddrAndHostTrackerValve.isSecure();
+        assertTrue("request from internal proxy should be marked secure", 
isSecure);
+
+        scheme = remoteAddrAndHostTrackerValve.getScheme();
+        assertEquals("Scheme should be marked to https.","https",scheme);
+
+
+    }
+
+
+    @Test
     public void testInvokeXforwardedProtoSaysHttpsForIncomingHttpRequest() 
throws Exception {
 
         // PREPARE



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to