[Apiman-user] Proxy headers missing for processing policies
Stephen Henrie
stephen at saasindustries.com
Mon Aug 28 20:38:09 EDT 2017
Hi Marc,
Sorry that it took me so long to respond. I was traveling last week and
only now getting back to this.
Per your request, I removed all policies and I still see the same issue
where only the proxy related errors are missing. Here are the two examples,
the first going though Apiman and the second hitting the service API
directly:
*wget --header="Content-Type: application/json" -S -nv -O -
--no-check-certificate --content-on-error --header="Authorization: Bearer
$T"
https://api.dev1.saasforge.com/apiman-gateway/chassi-services/greeting/1.0/greeting/help
<https://api.dev1.saasforge.com/apiman-gateway/chassi-services/greeting/1.0/greeting/help>*
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : HEADERS:
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : user-agent: Wget/1.19.1
(darwin15.6.0)
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : content-type: application/json
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : accept-encoding: identity
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : connection: Keep-Alive
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1bVJaV1ctckJrVnZGUTNyNlhCWkVCNGZwamxGV2FBcTBLWU1qZThEZnNjIn0.eyJqdGkiOiI2MTkwODk2My03YmNmLTQ1MTctYjI3NS03ZGNlMWJmMmM0MTUiLCJleHAiOjE1MDM5NjY2MjEsIm5iZiI6MCwiaWF0IjoxNTAzOTY2MzIxLCJpc3MiOiJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9hdXRoL3JlYWxtcy9jaGFzc2kiLCJhdWQiOiJjaGFzc2ktd2ViLWFwcCIsInN1YiI6ImI0ZGIxZmU5LTNmYzUtNDJjMy04NTg0LWQwZWJlMzRhM2U5MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNoYXNzaS13ZWItYXBwIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiODY4YWQzNmEtNjFhNy00NjAxLTgzZDEtMDFhNTIzNjU0NWE3IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vY2hhc3NpLWF1dGgtcHJveHktdXNlci1kZXYucm91dGVyLmRldjIuc2Fhc2ZvcmdlLmNvbTo3ODg4IiwiaHR0cDovL2F1dGguZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXV0aC11c2VyLWRldi5yb3V0ZXIuZGV2MS5zYWFzZm9yZ2UuY29tIiwiaHR0cDovL2FwcC5kZXYxLnNhYXNmb3JnZS5jb20vKiIsImh0dHA6Ly9kZXYxLWFwcHMuczMtd2Vic2l0ZS11cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9kYXNoYm9hcmQiLCJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbTo4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiaHR0cHM6Ly9hcGkuZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9kYXNoYm9hcmQvKiIsImh0dHA6Ly9hcHAuZGV2MS5zYWFzZm9yZ2UuY29tL2JvYi1zbW9rZS10ZXN0IiwiaHR0cHM6Ly9hdXRoLmRldjEuc2Fhc2ZvcmdlLmNvbS8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJiaWxsaW5nLWFkbWluaXN0cmF0b3IiLCJ0ZW5hbnQtb3duZXIiLCJkZXZlbG9wZXIiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdGVwaGVuIEhlbnJpZSIsInByZWZlcnJlZF91c2VybmFtZSI6InNoZW5yaWVAY2hhc3NpLmNvbSIsImdpdmVuX25hbWUiOiJTdGVwaGVuIiwiZmFtaWx5X25hbWUiOiJIZW5yaWUiLCJlbWFpbCI6InNoZW5yaWVAY2hhc3NpLmNvbSJ9.fwnBfL6dVGBx_pQqNzIyZEEQvzNB7nNuZULqX03fx6huY15u8Hm2f_doX40qX5Qbic_j_sC9Ho4P2N4jJEkq51swwzlzGa4jPGUo9se1UXFBsjJrDCTX9ayyr9EHmV-eUa6m6YYmMHph6gUNkmidP1BKu5aHGJajfylOSMK8inPrnY5Y9Rt7MFj1oJY2lHAFAVyyiz6JNiEg87Zy8Rlfp5D-vVkQofnjumOBj74CDSHX9d0YHUI1hNBmPMLgYtFZsK9REg3EsQ3QPr4NEuMiFg25FD9-sZ7mm4_oA9uXeJlGPRrLKzwiC5_JCoWpWqm49vpwAon3TCFQVSuJQ5j9nw
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : accept: */*
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : host:
spring-boot-oauth-demo.user-dev.svc:8080
2017-08-29 00:25:24.577 DEBUG 1 --- [io-8080-exec-10]
com.saas.controller.ApiRestController : RemoteAddr: 172.17.0.6
*curl -v
http://spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com/greeting/help
<http://spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com/greeting/help>
-H "Content-Type: application/json" -H "Authorization: Bearer $T"*
2017-08-29 00:25:57.429 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : HEADERS:
2017-08-29 00:25:57.429 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : host:
spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com
2017-08-29 00:25:57.429 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : user-agent: curl/7.43.0
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : accept: */*
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : content-type: application/json
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1bVJaV1ctckJrVnZGUTNyNlhCWkVCNGZwamxGV2FBcTBLWU1qZThEZnNjIn0.eyJqdGkiOiI2MTkwODk2My03YmNmLTQ1MTctYjI3NS03ZGNlMWJmMmM0MTUiLCJleHAiOjE1MDM5NjY2MjEsIm5iZiI6MCwiaWF0IjoxNTAzOTY2MzIxLCJpc3MiOiJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9hdXRoL3JlYWxtcy9jaGFzc2kiLCJhdWQiOiJjaGFzc2ktd2ViLWFwcCIsInN1YiI6ImI0ZGIxZmU5LTNmYzUtNDJjMy04NTg0LWQwZWJlMzRhM2U5MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNoYXNzaS13ZWItYXBwIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiODY4YWQzNmEtNjFhNy00NjAxLTgzZDEtMDFhNTIzNjU0NWE3IiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vY2hhc3NpLWF1dGgtcHJveHktdXNlci1kZXYucm91dGVyLmRldjIuc2Fhc2ZvcmdlLmNvbTo3ODg4IiwiaHR0cDovL2F1dGguZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXV0aC11c2VyLWRldi5yb3V0ZXIuZGV2MS5zYWFzZm9yZ2UuY29tIiwiaHR0cDovL2FwcC5kZXYxLnNhYXNmb3JnZS5jb20vKiIsImh0dHA6Ly9kZXYxLWFwcHMuczMtd2Vic2l0ZS11cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9kYXNoYm9hcmQiLCJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbTo4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiaHR0cHM6Ly9hcGkuZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9kYXNoYm9hcmQvKiIsImh0dHA6Ly9hcHAuZGV2MS5zYWFzZm9yZ2UuY29tL2JvYi1zbW9rZS10ZXN0IiwiaHR0cHM6Ly9hdXRoLmRldjEuc2Fhc2ZvcmdlLmNvbS8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJiaWxsaW5nLWFkbWluaXN0cmF0b3IiLCJ0ZW5hbnQtb3duZXIiLCJkZXZlbG9wZXIiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdGVwaGVuIEhlbnJpZSIsInByZWZlcnJlZF91c2VybmFtZSI6InNoZW5yaWVAY2hhc3NpLmNvbSIsImdpdmVuX25hbWUiOiJTdGVwaGVuIiwiZmFtaWx5X25hbWUiOiJIZW5yaWUiLCJlbWFpbCI6InNoZW5yaWVAY2hhc3NpLmNvbSJ9.fwnBfL6dVGBx_pQqNzIyZEEQvzNB7nNuZULqX03fx6huY15u8Hm2f_doX40qX5Qbic_j_sC9Ho4P2N4jJEkq51swwzlzGa4jPGUo9se1UXFBsjJrDCTX9ayyr9EHmV-eUa6m6YYmMHph6gUNkmidP1BKu5aHGJajfylOSMK8inPrnY5Y9Rt7MFj1oJY2lHAFAVyyiz6JNiEg87Zy8Rlfp5D-vVkQofnjumOBj74CDSHX9d0YHUI1hNBmPMLgYtFZsK9REg3EsQ3QPr4NEuMiFg25FD9-sZ7mm4_oA9uXeJlGPRrLKzwiC5_JCoWpWqm49vpwAon3TCFQVSuJQ5j9nw
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : x-forwarded-host:
spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : x-forwarded-port: 80
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : x-forwarded-proto: http
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : forwarded:
for=70.162.10.131;host=
spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com;proto=http
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : x-forwarded-for: 70.162.10.131
2017-08-29 00:25:57.430 DEBUG 1 --- [nio-8080-exec-1]
com.saas.controller.ApiRestController : RemoteAddr: 172.17.0.1
You can see where the proxy headers are not being passed.
Per your request, I also added the simple header policy and added two
headers (highlighted below) and they were passed on properly as you can
see.
I still think that something is stripping the proxy headers before they are
passed into the ApiRequest object for policy processing.
*wget --header="Content-Type: application/json" -S -nv -O -
--no-check-certificate --content-on-error --header="Authorization: Bearer
$T"
https://api.dev1.saasforge.com/apiman-gateway/chassi-services/greeting/1.0/greeting/help
<https://api.dev1.saasforge.com/apiman-gateway/chassi-services/greeting/1.0/greeting/help>*2017-08-29
00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : HEADERS:
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : user-agent: Wget/1.19.1
(darwin15.6.0)
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : hello: world
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : x-forwarded-for: 0.0.0.0
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : content-type: application/json
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : accept-encoding: identity
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : connection: Keep-Alive
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1bVJaV1ctckJrVnZGUTNyNlhCWkVCNGZwamxGV2FBcTBLWU1qZThEZnNjIn0.eyJqdGkiOiJlNTAxNGU3Ni1iY2Y4LTQxMTAtYmQyNC01OWQyN2E3Mjg1MzkiLCJleHAiOjE1MDM5NjcxMjQsIm5iZiI6MCwiaWF0IjoxNTAzOTY2ODI0LCJpc3MiOiJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9hdXRoL3JlYWxtcy9jaGFzc2kiLCJhdWQiOiJjaGFzc2ktd2ViLWFwcCIsInN1YiI6ImI0ZGIxZmU5LTNmYzUtNDJjMy04NTg0LWQwZWJlMzRhM2U5MyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNoYXNzaS13ZWItYXBwIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiNTgxNGZmMjktNzRiYS00ZDNhLTlkMWUtZDg1NDY0MTNiZTVjIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vY2hhc3NpLWF1dGgtcHJveHktdXNlci1kZXYucm91dGVyLmRldjIuc2Fhc2ZvcmdlLmNvbTo3ODg4IiwiaHR0cDovL2F1dGguZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXV0aC11c2VyLWRldi5yb3V0ZXIuZGV2MS5zYWFzZm9yZ2UuY29tIiwiaHR0cDovL2FwcC5kZXYxLnNhYXNmb3JnZS5jb20vKiIsImh0dHA6Ly9kZXYxLWFwcHMuczMtd2Vic2l0ZS11cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9kYXNoYm9hcmQiLCJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbTo4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiaHR0cHM6Ly9hcGkuZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9kYXNoYm9hcmQvKiIsImh0dHA6Ly9hcHAuZGV2MS5zYWFzZm9yZ2UuY29tL2JvYi1zbW9rZS10ZXN0IiwiaHR0cHM6Ly9hdXRoLmRldjEuc2Fhc2ZvcmdlLmNvbS8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJiaWxsaW5nLWFkbWluaXN0cmF0b3IiLCJ0ZW5hbnQtb3duZXIiLCJkZXZlbG9wZXIiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJTdGVwaGVuIEhlbnJpZSIsInByZWZlcnJlZF91c2VybmFtZSI6InNoZW5yaWVAY2hhc3NpLmNvbSIsImdpdmVuX25hbWUiOiJTdGVwaGVuIiwiZmFtaWx5X25hbWUiOiJIZW5yaWUiLCJlbWFpbCI6InNoZW5yaWVAY2hhc3NpLmNvbSJ9.A0H18cUglTdr-SyqV-olCaGAtWI9U_ohhPkNsXStC8k4uQJTYdxQ_ehulcDMOyIeOt7ETsMH_7FLdRureSssxpgrRQhRHrnri9lCXjQATkKeRPnkC1EvHA5t_RG3LZ5f8akwgjnTeVaEkzX0nsODYvKYAGJ8s9DRWzUu0TqwDsnC-L9z0014fNFw2r7qAC0Ga1N4DhswtAlUGo_H1ljNdZbwMC0AlNE-GugigBn6OWk9kfmfK02UdX23_qS3t8WOaVjpYiNE0vqbbj_jLy40lOTo4fMXqqaRF_wWttnE73kcPgP1U1Er0vpBoxeKzqgmV1hOqM1_OGsuYOAsGU26Fw
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : accept: */*
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : host:
spring-boot-oauth-demo.user-dev.svc:8080
2017-08-29 00:33:49.631 DEBUG 1 --- [nio-8080-exec-4]
com.saas.controller.ApiRestController : RemoteAddr: 172.17.0.6
Thanks!
Stephen
On Wed, Aug 23, 2017 at 6:59 AM, Marc Savy <marc.savy at redhat.com> wrote:
> Hi Stephen,
>
> Out of interest: can you replicate your setup, but with no policies in
> the chain to see what happens?
>
> Second, perhaps you can try the simple-header-policy
> (https://apiman.gitbooks.io/apiman-user-guide/user-guide/
> gateway/policies.html#_simple_header_policy)
> and let me know what happens (just put some dummy config in and see
> whether the headers still disappear).
>
> I'll try to replicate your setup soon.
>
> Regards,
> Marc
>
> On 22 August 2017 at 17:13, Stephen Henrie <stephen at saasindustries.com>
> wrote:
> > FWIW, it is in the policy code where I am not seeing these headers being
> set
> > correctly:
> >
> > https://github.com/apiman/apiman/blob/master/gateway/
> engine/policies/src/main/java/io/apiman/gateway/engine/
> policies/IPWhitelistPolicy.java#L55
> >
> >
> >
> > On Tue, Aug 22, 2017 at 11:01 AM, Stephen Henrie
> > <stephen at saasindustries.com> wrote:
> >>
> >> Eric, thanks for the response.
> >>
> >> I had reviewed that code as well, so I believe you when you say that it
> >> should be passing all of those proxy headers along. However, check out
> below
> >> what I am seeing when posting a request to a test service that I am
> running.
> >> It simply dumps the headers The first request is made directly to the
> >> service without going through apiman and the second request is made
> through
> >> apiman.
> >>
> >> I don't think that the issue is in the servlet code, but when these
> >> headers are passed into where policies applied, like somewhere where the
> >> ApiRequest class is created.
> >>
> >> Thanks
> >> Stephen
> >>
> >>
> >> 2017-08-22 15:55:21.063 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : HEADERS:
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : user-agent: Wget/1.19.1
> >> (darwin15.6.0)
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : accept: */*
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : accept-encoding: identity
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : host:
> >> spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : authorization: Bearer
> >> eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1bVJaV1ct
> ckJrVnZGUTNyNlhCWkVCNGZwamxGV2FBcTBLWU1qZThEZnNjIn0.
> eyJqdGkiOiI5ZWQ0YTQwOC05ZGM3LTRlMzMtOTkxNy1mNjdkYWU1YjJjM2Yi
> LCJleHAiOjE1MDM0MTc1NDAsIm5iZiI6MCwiaWF0IjoxNTAzNDE3MjQwLCJp
> c3MiOiJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9hdXRoL3JlYWxt
> cy9jaGFzc2kiLCJhdWQiOiJjaGFzc2ktd2ViLWFwcCIsInN1YiI6ImI0ZGIx
> ZmU5LTNmYzUtNDJjMy04NTg0LWQwZWJlMzRhM2U5MyIsInR5cCI6IkJlYXJl
> ciIsImF6cCI6ImNoYXNzaS13ZWItYXBwIiwiYXV0aF90aW1lIjowLCJzZXNz
> aW9uX3N0YXRlIjoiN2NmZjVhZDEtNjE3NC00YzY1LTk5NGQtYzk4ZTdkNWFl
> YzNhIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vY2hh
> c3NpLWF1dGgtcHJveHktdXNlci1kZXYucm91dGVyLmRldjIuc2Fhc2Zvcmdl
> LmNvbTo3ODg4IiwiaHR0cDovL2F1dGguZGV2MS5zYWFzZm9yZ2UuY29tLyoi
> LCJodHRwOi8vYXV0aC11c2VyLWRldi5yb3V0ZXIuZGV2MS5zYWFzZm9yZ2Uu
> Y29tIiwiaHR0cDovL2FwcC5kZXYxLnNhYXNmb3JnZS5jb20vKiIsImh0dHA6
> Ly9kZXYxLWFwcHMuczMtd2Vic2l0ZS11cy1lYXN0LTEuYW1hem9uYXdzLmNv
> bS9kYXNoYm9hcmQiLCJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJodHRwOi8v
> YXBwLmRldjEuc2Fhc2ZvcmdlLmNvbTo4MC8qIiwiaHR0cDovL2xvY2FsaG9z
> dDozMDAwIiwiaHR0cHM6Ly9hcGkuZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJo
> dHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9kYXNoYm9hcmQvKiIsImh0
> dHA6Ly9hcHAuZGV2MS5zYWFzZm9yZ2UuY29tL2JvYi1zbW9rZS10ZXN0Iiwi
> aHR0cHM6Ly9hdXRoLmRldjEuc2Fhc2ZvcmdlLmNvbS8qIl0sInJlYWxtX2Fj
> Y2VzcyI6eyJyb2xlcyI6WyJiaWxsaW5nLWFkbWluaXN0cmF0b3IiLCJ0ZW5h
> bnQtb3duZXIiLCJkZXZlbG9wZXIiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwi
> cmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdl
> LWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmls
> ZSJdfX0sIm5hbWUiOiJTdGVwaGVuIEhlbnJpZSIsInByZWZlcnJlZF91c2Vy
> bmFtZSI6InNoZW5yaWVAY2hhc3NpLmNvbSIsImdpdmVuX25hbWUiOiJTdGVw
> aGVuIiwiZmFtaWx5X25hbWUiOiJIZW5yaWUiLCJlbWFpbCI6InNoZW5yaWVA
> Y2hhc3NpLmNvbSJ9.AxhMpP3gMbh96BI7HNqLwZNjmUAiifzGhouoLpHwjggWDf6YX-
> 6geJb7yhkWTg4b7i5wYBC7OQpstgmfg01RIjQ_BJsJz8jxEwouvIufEDwWkmbtp9z0VP
> egRYi8y405RQya18W2-m7lbi7LsBrK4cAJ-kgQ_-k5R_vxQFuAgmgZC-NYYtpvP0swrTNxHO-
> DHJEolYb9wXjk_hFYEY9MBTqLeILvFEyjpkA_66WEWWE_
> zA6RTw6ZU1uiwEDOCsDMHjejVDaZzXA78chQRAhlUcgQSG7ATZNKcU5hnDu2
> bhQ79hugOdCa83Snl0RZUWXYoIB9vgapJosAP5rBUbTdJA
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : x-forwarded-host:
> >> spring-boot-oauth-demo-user-dev.router.dev1.saasforge.com
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : x-forwarded-port: 80
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : x-forwarded-proto: http
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : forwarded:
> >> for=71.86.141.114;host=spring-boot-oauth-demo-user-dev.
> router.dev1.saasforge.com;proto=http
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : x-forwarded-for:
> 71.86.141.114
> >> 2017-08-22 15:55:21.065 DEBUG 1 --- [nio-8080-exec-7]
> >> com.saas.controller.ApiRestController : RemoteAddr: 172.17.0.1
> >>
> >>
> >>
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : HEADERS:
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : user-agent: Wget/1.19.1
> >> (darwin15.6.0)
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : accept-encoding: identity
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : connection: Keep-Alive
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : authorization: Bearer
> >> eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ1bVJaV1ct
> ckJrVnZGUTNyNlhCWkVCNGZwamxGV2FBcTBLWU1qZThEZnNjIn0.
> eyJqdGkiOiI5ZWQ0YTQwOC05ZGM3LTRlMzMtOTkxNy1mNjdkYWU1YjJjM2Yi
> LCJleHAiOjE1MDM0MTc1NDAsIm5iZiI6MCwiaWF0IjoxNTAzNDE3MjQwLCJp
> c3MiOiJodHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9hdXRoL3JlYWxt
> cy9jaGFzc2kiLCJhdWQiOiJjaGFzc2ktd2ViLWFwcCIsInN1YiI6ImI0ZGIx
> ZmU5LTNmYzUtNDJjMy04NTg0LWQwZWJlMzRhM2U5MyIsInR5cCI6IkJlYXJl
> ciIsImF6cCI6ImNoYXNzaS13ZWItYXBwIiwiYXV0aF90aW1lIjowLCJzZXNz
> aW9uX3N0YXRlIjoiN2NmZjVhZDEtNjE3NC00YzY1LTk5NGQtYzk4ZTdkNWFl
> YzNhIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vY2hh
> c3NpLWF1dGgtcHJveHktdXNlci1kZXYucm91dGVyLmRldjIuc2Fhc2Zvcmdl
> LmNvbTo3ODg4IiwiaHR0cDovL2F1dGguZGV2MS5zYWFzZm9yZ2UuY29tLyoi
> LCJodHRwOi8vYXV0aC11c2VyLWRldi5yb3V0ZXIuZGV2MS5zYWFzZm9yZ2Uu
> Y29tIiwiaHR0cDovL2FwcC5kZXYxLnNhYXNmb3JnZS5jb20vKiIsImh0dHA6
> Ly9kZXYxLWFwcHMuczMtd2Vic2l0ZS11cy1lYXN0LTEuYW1hem9uYXdzLmNv
> bS9kYXNoYm9hcmQiLCJodHRwOi8vbG9jYWxob3N0OjMwMDEiLCJodHRwOi8v
> YXBwLmRldjEuc2Fhc2ZvcmdlLmNvbTo4MC8qIiwiaHR0cDovL2xvY2FsaG9z
> dDozMDAwIiwiaHR0cHM6Ly9hcGkuZGV2MS5zYWFzZm9yZ2UuY29tLyoiLCJo
> dHRwOi8vYXBwLmRldjEuc2Fhc2ZvcmdlLmNvbS9kYXNoYm9hcmQvKiIsImh0
> dHA6Ly9hcHAuZGV2MS5zYWFzZm9yZ2UuY29tL2JvYi1zbW9rZS10ZXN0Iiwi
> aHR0cHM6Ly9hdXRoLmRldjEuc2Fhc2ZvcmdlLmNvbS8qIl0sInJlYWxtX2Fj
> Y2VzcyI6eyJyb2xlcyI6WyJiaWxsaW5nLWFkbWluaXN0cmF0b3IiLCJ0ZW5h
> bnQtb3duZXIiLCJkZXZlbG9wZXIiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwi
> cmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdl
> LWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmls
> ZSJdfX0sIm5hbWUiOiJTdGVwaGVuIEhlbnJpZSIsInByZWZlcnJlZF91c2Vy
> bmFtZSI6InNoZW5yaWVAY2hhc3NpLmNvbSIsImdpdmVuX25hbWUiOiJTdGVw
> aGVuIiwiZmFtaWx5X25hbWUiOiJIZW5yaWUiLCJlbWFpbCI6InNoZW5yaWVA
> Y2hhc3NpLmNvbSJ9.AxhMpP3gMbh96BI7HNqLwZNjmUAiifzGhouoLpHwjggWDf6YX-
> 6geJb7yhkWTg4b7i5wYBC7OQpstgmfg01RIjQ_BJsJz8jxEwouvIufEDwWkmbtp9z0VP
> egRYi8y405RQya18W2-m7lbi7LsBrK4cAJ-kgQ_-k5R_vxQFuAgmgZC-NYYtpvP0swrTNxHO-
> DHJEolYb9wXjk_hFYEY9MBTqLeILvFEyjpkA_66WEWWE_
> zA6RTw6ZU1uiwEDOCsDMHjejVDaZzXA78chQRAhlUcgQSG7ATZNKcU5hnDu2
> bhQ79hugOdCa83Snl0RZUWXYoIB9vgapJosAP5rBUbTdJA
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : accept: */*
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : host:
> >> spring-boot-oauth-demo.user-dev.svc:8080
> >> 2017-08-22 15:55:38.561 DEBUG 1 --- [nio-8080-exec-9]
> >> com.saas.controller.ApiRestController : RemoteAddr: 172.17.0.6
> >>
> >>
> >> On Mon, Aug 21, 2017 at 9:50 AM, Eric Wittmann <
> eric.wittmann at redhat.com>
> >> wrote:
> >>>
> >>> GitHub is back up. Here is the code (when running the servlet version
> of
> >>> the gateway, not the vert.x version) that reads the inbound HTTP
> request
> >>> headers, copying them into the ApiRequest bean:
> >>>
> >>>
> >>> https://github.com/apiman/apiman/blob/master/gateway/
> platforms/servlet/src/main/java/io/apiman/gateway/platforms/servlet/
> GatewayServlet.java#L263-L280
> >>>
> >>> The only header that gets skipped is X-API-Version.
> >>>
> >>> -Eric
> >>>
> >>>
> >>> On Mon, Aug 21, 2017 at 10:04 AM, Eric Wittmann
> >>> <eric.wittmann at redhat.com> wrote:
> >>>>
> >>>> That's very interesting because I don't believe Apiman is stripping
> out
> >>>> any headers from the request (at any point). If that's happening I
> can't
> >>>> think of what the root cause might be. IIRC we just copy all request
> >>>> headers from the inbound HttpServletRequest into the ApiRequest bean.
> >>>>
> >>>> GitHub is currently down so I can't send a link to the relevant
> code....
> >>>>
> >>>> On Fri, Aug 18, 2017 at 11:16 PM, Stephen Henrie
> >>>> <stephen at saasindustries.com> wrote:
> >>>>>
> >>>>>
> >>>>> I have Apiman running in an openshift environment, which is
> essentially
> >>>>> a similar configuration to running in kubernetes. Each container/pod
> is
> >>>>> always receiving http/s requests through an HA Proxy server, so that
> the
> >>>>> x-forwarded-* set of headers get added to each request by the proxy
> server.
> >>>>>
> >>>>> Unfortunately, it appears that the headers which are provided in the
> >>>>> ApiRequet bean when the policy chain processor doApply() method is
> called
> >>>>> does not include these proxy related headers. This means that the
> standard
> >>>>> policies for the IP white and black listing policies do not work
> when the
> >>>>> apiman gateway is behind a proxy server. The
> request.getRemoteAddr() method
> >>>>> returns the ip address to the proxy server, so there is no way to
> get the ip
> >>>>> address of the originator since the x-forwarded-for header ( and
> related
> >>>>> headers ) are not found.
> >>>>>
> >>>>> Has anyone else experienced this? If so, is this by design?
> >>>>>
> >>>>> Thanks!
> >>>>>
> >>>>> Stephen
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Apiman-user mailing list
> >>>>> Apiman-user at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>>>
> >>>>
> >>>
> >>
> >
> >
> > _______________________________________________
> > Apiman-user mailing list
> > Apiman-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/apiman-user
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20170828/c8f722e9/attachment-0001.html
More information about the Apiman-user
mailing list