<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">@WebServlet(name = "test", urlPatterns = "/test")<br class=""><div class="">public class TestServlet extends javax.servlet.http.HttpServlet {<br class=""><br class=""> @Override<br class=""> protected void doGet(HttpServletRequest req,<br class=""> HttpServletResponse resp) throws ServletException, IOException {<br class=""> System.err.println("REQUEST URL : " + req.getRequestURL());<br class=""> System.err.println("REMOTE HOST: " + req.getRemoteHost());<br class=""> Enumeration<String> headers = req.getHeaderNames();<br class=""> while (headers.hasMoreElements()) {<br class=""> String header = headers.nextElement();<br class=""> System.err.println(header + ": " + req.getHeader(header));<br class=""><br class=""> }<br class=""> }<br class="">}</div><div class=""><br class=""></div><div class="">/wildfly-10.0.0.Final/standalone/configuration$ grep http-listener standalone.xml <br class=""> <http-listener name="default" proxy-address-forwarding="true" socket-binding="http" redirect-socket="https"/></div><div class=""><br class=""></div><div class="">/wildfly-10.0.0.Final/standalone/configuration$ curl -v --header "X-Forwarded-For: 10.0.0.1:8888" --header "X-Forwarded-Proto: http" <a href="http://localhost:8080/proxytest_war_exploded/test" class="">http://localhost:8080/proxytest_war_exploded/test</a></div><div class=""><br class=""></div><div class=""><div class="">08:47:32,511 ERROR [stderr] (default task-2) REQUEST URL : <a href="http://localhost:8080/proxytest_war_exploded/test" class="">http://localhost:8080/proxytest_war_exploded/test</a></div><div class="">08:47:32,511 ERROR [stderr] (default task-2) REMOTE HOST: 10.0.0.1:8888</div><div class="">08:47:32,511 ERROR [stderr] (default task-2) Accept: */*</div><div class="">08:47:32,511 ERROR [stderr] (default task-2) X-Forwarded-Proto: http</div><div class="">08:47:32,512 ERROR [stderr] (default task-2) User-Agent: curl/7.43.0</div><div class="">08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1</div><div class="">08:47:32,512 ERROR [stderr] (default task-2) Host: localhost:8080</div></div><div class=""><br class=""></div><div class="">I've also looked at the code of Undertow/Wildfly and as far as I can tell, the proxy-address-forwarding affects only HttpServletRequest#getRemoteHost() etc. values.</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 23.05.2016, at 08:16, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" class="">sthorger@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Take a look at <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding" class="">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding</a>. proxy-address-forwarding=true does set <span style="font-size:12.8px" class="">HttpServletRequest#</span><span style="font-size:12.8px" class="">getRequestURL(), but only if http is used. If you're using ajp then you need to use ProxyPeerAddressHandler.</span></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On 22 May 2016 at 10:10, Christian Bauer <span dir="ltr" class=""><<a href="mailto:christian.bauer@gmail.com" target="_blank" class="">christian.bauer@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">A workaround/solution is to set the Host header on the proxy.<br class="">
<br class="">
This is equivalent to setting ProxyPreserveHost On if you'd be using Apache mod_proxy. It requires some ugly hacks however customizing this header with my Resteasy/ApacheHttpClient proxy.<br class="">
<div class="HOEnZb"><div class="h5"><br class="">
> On 22.05.2016, at 00:18, Christian Bauer <<a href="mailto:christian.bauer@gmail.com" class="">christian.bauer@gmail.com</a>> wrote:<br class="">
><br class="">
> Already done. I don't think that affects HttpServletRequest#getRequestURL(), which is what Resteasy is using to populate UriInfo#getBaseUri()?<br class="">
><br class="">
>> set the proxy-address-forwarding="true" for the http-listener.<br class="">
>><br class="">
>>><br class="">
>>> The proxy makes a call to Keycloak with a Bearer token and the correct X-Forwarded-* headers. Keycloak/Wildfly is configured with proxy-address-forwarding=true.<br class="">
><br class="">
><br class="">
> _______________________________________________<br class="">
> keycloak-user mailing list<br class="">
> <a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class="">
</div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>