@WebServlet(name = "test", urlPatterns = "/test")
public class TestServlet extends javax.servlet.http.HttpServlet {
@Override
protected void doGet(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
System.err.println("REQUEST URL : " + req.getRequestURL());
System.err.println("REMOTE HOST: " + req.getRemoteHost());
Enumeration<String> headers = req.getHeaderNames();
while (headers.hasMoreElements()) {
String header = headers.nextElement();
System.err.println(header + ": " + req.getHeader(header));
}
}
}
/wildfly-10.0.0.Final/standalone/configuration$ grep http-listener standalone.xml
<http-listener name="default"
proxy-address-forwarding="true" socket-binding="http"
redirect-socket="https"/>
/wildfly-10.0.0.Final/standalone/configuration$ curl -v --header "X-Forwarded-For:
10.0.0.1:8888" --header "X-Forwarded-Proto: http"
http://localhost:8080/proxytest_war_exploded/test
08:47:32,511 ERROR [stderr] (default task-2) REQUEST URL :
http://localhost:8080/proxytest_war_exploded/test
08:47:32,511 ERROR [stderr] (default task-2) REMOTE HOST: 10.0.0.1:8888
08:47:32,511 ERROR [stderr] (default task-2) Accept: */*
08:47:32,511 ERROR [stderr] (default task-2) X-Forwarded-Proto: http
08:47:32,512 ERROR [stderr] (default task-2) User-Agent: curl/7.43.0
08:47:32,512 ERROR [stderr] (default task-2) X-Forwarded-For: 10.0.0.1
08:47:32,512 ERROR [stderr] (default task-2) Host: localhost:8080
I've also looked at the code of Undertow/Wildfly and as far as I can tell, the
proxy-address-forwarding affects only HttpServletRequest#getRemoteHost() etc. values.
On 23.05.2016, at 08:16, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Take a look at
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
<
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...;.
proxy-address-forwarding=true does set HttpServletRequest#getRequestURL(), but only if
http is used. If you're using ajp then you need to use ProxyPeerAddressHandler.
On 22 May 2016 at 10:10, Christian Bauer <christian.bauer(a)gmail.com
<mailto:christian.bauer@gmail.com>> wrote:
A workaround/solution is to set the Host header on the proxy.
This is equivalent to setting ProxyPreserveHost On if you'd be using Apache
mod_proxy. It requires some ugly hacks however customizing this header with my
Resteasy/ApacheHttpClient proxy.
> On 22.05.2016, at 00:18, Christian Bauer <christian.bauer(a)gmail.com
<mailto:christian.bauer@gmail.com>> wrote:
>
> Already done. I don't think that affects HttpServletRequest#getRequestURL(),
which is what Resteasy is using to populate UriInfo#getBaseUri()?
>
>> set the proxy-address-forwarding="true" for the http-listener.
>>
>>>
>>> The proxy makes a call to Keycloak with a Bearer token and the correct
X-Forwarded-* headers. Keycloak/Wildfly is configured with proxy-address-forwarding=true.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>