001package ca.uhn.fhir.rest.server; 002 003/* 004 * #%L 005 * HAPI FHIR - Core Library 006 * %% 007 * Copyright (C) 2014 - 2016 University Health Network 008 * %% 009 * Licensed under the Apache License, Version 2.0 (the "License"); 010 * you may not use this file except in compliance with the License. 011 * You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, software 016 * distributed under the License is distributed on an "AS IS" BASIS, 017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 018 * See the License for the specific language governing permissions and 019 * limitations under the License. 020 * #L% 021 */ 022 023import javax.servlet.ServletContext; 024import javax.servlet.http.HttpServletRequest; 025 026/** 027 * Works like the normal {@link ca.uhn.fhir.rest.server.IncomingRequestAddressStrategy} unless there's an x-forwarded-host present, in which case that's used in place of the server's address. 028 * 029 * If the Apache Http Server <i>mod_proxy</i> isn't configured to supply <i>x-forwarded-proto</i>, the factory method that you use to create the address strategy will determine the default. Note that 030 * <i>mod_proxy</i> doesn't set this by default, but it can be configured via <i>RequestHeader set X-Forwarded-Proto http</i> (or https) 031 * 032 * If you want to set the protocol based on something other than the constructor argument, you should be able to do so by overriding <i>protocol</i>. 033 * 034 * Note that while this strategy was designed to work with Apache Http Server, and has been tested against it, it should work with any proxy server that sets <i>x-forwarded-host</i> 035 * 036 * Created by Bill de Beaubien on 3/30/2015. 037 */ 038public class ApacheProxyAddressStrategy extends IncomingRequestAddressStrategy { 039 private boolean myUseHttps = false; 040 041 protected ApacheProxyAddressStrategy(boolean theUseHttps) { 042 myUseHttps = theUseHttps; 043 } 044 045 public static ApacheProxyAddressStrategy forHttp() { 046 return new ApacheProxyAddressStrategy(false); 047 } 048 049 public static ApacheProxyAddressStrategy forHttps() { 050 return new ApacheProxyAddressStrategy(true); 051 } 052 053 @Override 054 public String determineServerBase(ServletContext theServletContext, HttpServletRequest theRequest) { 055 String forwardedHost = getForwardedHost(theRequest); 056 if (forwardedHost != null) { 057 return forwardedServerBase(theServletContext, theRequest, forwardedHost); 058 } 059 return super.determineServerBase(theServletContext, theRequest); 060 } 061 062 private String getForwardedHost(HttpServletRequest theRequest) { 063 String forwardedHost = theRequest.getHeader("x-forwarded-host"); 064 if (forwardedHost != null) { 065 int commaPos = forwardedHost.indexOf(','); 066 if (commaPos >= 0) { 067 forwardedHost = forwardedHost.substring(0, commaPos - 1); 068 } 069 } 070 return forwardedHost; 071 } 072 073 public String forwardedServerBase(ServletContext theServletContext, HttpServletRequest theRequest, String theForwardedHost) { 074 String serverBase = super.determineServerBase(theServletContext, theRequest); 075 String host = theRequest.getHeader("host"); 076 if (host != null) { 077 serverBase = serverBase.replace(host, theForwardedHost); 078 serverBase = serverBase.substring(serverBase.indexOf("://")); 079 return protocol(theRequest) + serverBase; 080 } 081 return serverBase; 082 } 083 084 protected String protocol(HttpServletRequest theRequest) { 085 String protocol = theRequest.getHeader("x-forwarded-proto"); 086 if (protocol != null) { 087 return protocol; 088 } 089 return myUseHttps ? "https" : "http"; 090 } 091}