diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java index 259a99330df..e5ad3d43b2f 100644 --- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java +++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java @@ -24,12 +24,15 @@ import java.io.IOException; import java.io.InputStream; import java.lang.management.ManagementFactory; import java.net.URL; +import java.util.Arrays; import java.util.Properties; +import com.cloud.api.ApiServer; import org.apache.commons.daemon.Daemon; import org.apache.commons.daemon.DaemonContext; import org.apache.commons.lang3.StringUtils; import org.eclipse.jetty.jmx.MBeanContainer; +import org.eclipse.jetty.server.ForwardedRequestCustomizer; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.RequestLog; @@ -184,6 +187,7 @@ public class ServerDaemon implements Daemon { httpConfig.setResponseHeaderSize(8192); httpConfig.setSendServerVersion(false); httpConfig.setSendDateHeader(false); + addForwardingCustomiser(httpConfig); // HTTP Connector createHttpConnector(httpConfig); @@ -206,6 +210,21 @@ public class ServerDaemon implements Daemon { server.join(); } + /** + * Adds a ForwardedRequestCustomizer to the HTTP configuration to handle forwarded headers. + * The header used for forwarding is determined by the ApiServer.listOfForwardHeaders property. + * Only non empty headers are considered and only the first of the comma-separated list is used. + * @param httpConfig the HTTP configuration to which the customizer will be added + */ + private static void addForwardingCustomiser(HttpConfiguration httpConfig) { + ForwardedRequestCustomizer customiser = new ForwardedRequestCustomizer(); + String header = Arrays.stream(ApiServer.listOfForwardHeaders.value().split(",")).findFirst().orElse(null); + if (com.cloud.utils.StringUtils.isNotEmpty(header)) { + customiser.setForwardedForHeader(header); + } + httpConfig.addCustomizer(customiser); + } + @Override public void stop() throws Exception { server.stop(); diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java index e0737a6891d..c78ac05102f 100644 --- a/server/src/main/java/com/cloud/api/ApiServer.java +++ b/server/src/main/java/com/cloud/api/ApiServer.java @@ -315,14 +315,14 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer , "enables/disables checking of ipaddresses from a proxy set header. See \"proxy.header.names\" for the headers to allow." , true , ConfigKey.Scope.Global); - static final ConfigKey listOfForwardHeaders = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK + public static final ConfigKey listOfForwardHeaders = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK , String.class , "proxy.header.names" , "X-Forwarded-For,HTTP_CLIENT_IP,HTTP_X_FORWARDED_FOR" , "a list of names to check for allowed ipaddresses from a proxy set header. See \"proxy.cidr\" for the proxies allowed to set these headers." , true , ConfigKey.Scope.Global); - static final ConfigKey proxyForwardList = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK + public static final ConfigKey proxyForwardList = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK , String.class , "proxy.cidr" , "" diff --git a/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java b/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java index baf2bc2738f..48925097f70 100644 --- a/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java +++ b/utils/src/main/java/com/cloud/utils/ConstantTimeComparator.java @@ -19,8 +19,6 @@ package com.cloud.utils; -import java.nio.charset.Charset; - public class ConstantTimeComparator { public static boolean compareBytes(byte[] b1, byte[] b2) { @@ -36,7 +34,6 @@ public class ConstantTimeComparator { } public static boolean compareStrings(String s1, String s2) { - final Charset encoding = Charset.forName("UTF-8"); - return compareBytes(s1.getBytes(encoding), s2.getBytes(encoding)); + return compareBytes(s1.getBytes(StringUtils.getPreferredCharset()), s2.getBytes(StringUtils.getPreferredCharset())); } }