SecuredRemoteAddressRequestWrapperFactory (Wicket Core 7.18.0 API)

java.lang.Object
- org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
- - org.apache.wicket.protocol.http.servlet.SecuredRemoteAddressRequestWrapperFactory

public class SecuredRemoteAddressRequestWrapperFactory
extends AbstractRequestWrapperFactory

Sets ServletRequest.isSecure() to true if ServletRequest.getRemoteAddr() matches one of the securedRemoteAddresses of this filter.

This filter is often used in combination with XForwardedRequestWrapperFactory to get the remote address of the client even if the request goes through load balancers (e.g. F5 Big IP, Nortel Alteon) or proxies (e.g. Apache mod_proxy_http)

Configuration parameters:

XForwardedFilter property	Description	Format	Default value
securedRemoteAddresses	IP addresses for which `ServletRequest.isSecure()` must return `true`	Comma delimited list of regular expressions (in the syntax supported by the `Pattern` library)	Class A, B and C private network IP address blocks : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]\|2\\d\|3[0-1]).\\d{1,3}.\\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}

Note : the default configuration is can usually be used as internal servers are often trusted.

Sample with secured remote addresses limited to 192.168.0.10 and 192.168.0.11

SecuredRemoteAddressFilter configuration sample :

 <filter>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <filter-class>fr.xebia.servlet.filter.SecuredRemoteAddressFilter</filter-class>
    <init-param>
       <param-name>securedRemoteAddresses</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
    </init-param>
 </filter>
 
 <filter-mapping>
    <filter-name>SecuredRemoteAddressFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
 </filter-mapping>

A request with ServletRequest.getRemoteAddr() = 192.168.0.10 or 192.168.0.11 will be seen as ServletRequest.isSecure() == true even if ServletRequest.getScheme() == "http".

Author:: Cyrille Le Clerc, Juergen Donnerstag

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SecuredRemoteAddressRequestWrapperFactory.Config

Nested Classes
Modifier and Type	Class and Description
`static class`	`SecuredRemoteAddressRequestWrapperFactory.Config`

Constructor Summary

Constructors
Constructor and Description

SecuredRemoteAddressRequestWrapperFactory()
Construct.

Constructors
Constructor and Description
`SecuredRemoteAddressRequestWrapperFactory()` Construct.

Method Summary

Methods
Modifier and Type	Method and Description
`SecuredRemoteAddressRequestWrapperFactory.Config`	`getConfig()`
`javax.servlet.http.HttpServletRequest`	`getWrapper(javax.servlet.http.HttpServletRequest request)` Wrap the given request.
`void`	`init(javax.servlet.FilterConfig filterConfig)`
`boolean`	`needsWrapper(javax.servlet.http.HttpServletRequest request)`
`javax.servlet.http.HttpServletRequest`	`newRequestWrapper(javax.servlet.http.HttpServletRequest request)` If incoming remote address matches one of the declared IP pattern, wraps the incoming `HttpServletRequest` to override `ServletRequest.isSecure()` to set it to `true`.
`void`	`setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)` The Wicket application might want to provide its own config

Methods inherited from class org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
commaDelimitedListToPatternArray, commaDelimitedListToStringArray, isEnabled, listToCommaDelimitedString, matchesOne, setEnabled

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecuredRemoteAddressRequestWrapperFactory
```
public SecuredRemoteAddressRequestWrapperFactory()
```
    Construct.
- Method Detail
  - getConfig
```
public final SecuredRemoteAddressRequestWrapperFactory.Config getConfig()
```
    Returns:
    SecuredRemoteAddress and XForwarded filter specific config
  - setConfig
```
public final void setConfig(SecuredRemoteAddressRequestWrapperFactory.Config config)
```
    The Wicket application might want to provide its own config
    
    Parameters:
    config -
  - getWrapper
```
public javax.servlet.http.HttpServletRequest getWrapper(javax.servlet.http.HttpServletRequest request)
```
    Description copied from class: AbstractRequestWrapperFactory
    
    Wrap the given request.
    
    Overrides:
    
    getWrapper in class AbstractRequestWrapperFactory
    
    Parameters:
    request - request to wrap
    
    Returns:
    Either return the request itself, or if needed a wrapper for the request
  - needsWrapper
```
public boolean needsWrapper(javax.servlet.http.HttpServletRequest request)
```
    Specified by:
    
    needsWrapper in class AbstractRequestWrapperFactory
    
    Returns:
    True, if a wrapper is needed
  - newRequestWrapper
```
public javax.servlet.http.HttpServletRequest newRequestWrapper(javax.servlet.http.HttpServletRequest request)
```
    If incoming remote address matches one of the declared IP pattern, wraps the incoming HttpServletRequest to override ServletRequest.isSecure() to set it to true.
    
    Specified by:
    
    newRequestWrapper in class AbstractRequestWrapperFactory
    
    Returns:
    Create a wrapper for the request
  - init
```
public void init(javax.servlet.FilterConfig filterConfig)
```
    Parameters:
    filterConfig -

Class SecuredRemoteAddressRequestWrapperFactory

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory

Methods inherited from class java.lang.Object

Constructor Detail

SecuredRemoteAddressRequestWrapperFactory

Method Detail

getConfig

setConfig

getWrapper

needsWrapper

newRequestWrapper

init