Add ForwardedHeaderFilter requestOnly

Add an option for ForwardedHeaderFilter to only process the HttpServletRequest. This means that HttpServletResponse.sendRedirect will only work when the application is conifgured to use relative redirects using Servlet Container specific setup. Issue: SPR-15717
bobocui · Jul 19, 2017 · 5f868b4 · 5f868b4
1 parent 147368e
commit 5f868b4
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java b/spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java
@@ -79,6 +79,8 @@ public class ForwardedHeaderFilter extends OncePerRequestFilter {
 
 	private boolean removeOnly;
 
+	private boolean requestOnly;
+
 
 	public ForwardedHeaderFilter() {
 		this.pathHelper = new UrlPathHelper();
@@ -97,6 +99,20 @@ public void setRemoveOnly(boolean removeOnly) {
 		this.removeOnly = removeOnly;
 	}
 
+	/**
+	 * Enables mode in which only the HttpServletRequest is modified. This means that
+	 * {@link HttpServletResponse#sendRedirect(String)} will only work when the application is configured to use
+	 * relative redirects. This can be done with Servlet Container specific setup. For example,  using Tomcat's
+	 * <a href="https://tomcat.apache.org/tomcat-8.0-doc/config/context.html#Common_Attributes">useRelativeRedirects</a>
+	 * attribute.
+	 *
+	 * @param requestOnly whether to customize the {@code HttpServletResponse} or not. Default is false (customize the
+	 * {@code HttpServletResponse})
+	 * @since 4.3.10
+	 */
+	public void setRequestOnly(boolean requestOnly) {
+		this.requestOnly = requestOnly;
+	}
 
 	@Override
 	protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
@@ -130,7 +146,8 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 		}
 		else {
 			HttpServletRequest theRequest = new ForwardedHeaderExtractingRequest(request, this.pathHelper);
-			HttpServletResponse theResponse = new ForwardedHeaderExtractingResponse(response, theRequest);
+			HttpServletResponse theResponse = this.requestOnly ? response :
+					new ForwardedHeaderExtractingResponse(response, theRequest);
 			filterChain.doFilter(theRequest, theResponse);
 		}
 	}

diff --git a/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java b/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java
@@ -403,6 +403,26 @@ public void sendRedirectWithNoXForwardedAndDotDotPath() throws Exception {
 		assertEquals("../foo/bar", redirectedUrl);
 	}
 
+	@Test
+	public void sendRedirectWhenRequestOnlyAndXForwardedThenUsesRelativeRedirects() throws Exception {
+		this.request.addHeader(X_FORWARDED_PROTO, "https");
+		this.request.addHeader(X_FORWARDED_HOST, "example.com");
+		this.request.addHeader(X_FORWARDED_PORT, "443");
+		this.filter.setRequestOnly(true);
+
+		String location = sendRedirect("/a");
+
+		assertEquals("/a", location);
+	}
+
+	@Test
+	public void sendRedirectWhenRequestOnlyAndNoXForwardedThenUsesRelativeRedirects() throws Exception {
+		this.filter.setRequestOnly(true);
+
+		String location = sendRedirect("/a");
+
+		assertEquals("/a", location);
+	}
 
 	private String sendRedirect(final String location) throws ServletException, IOException {
 		MockHttpServletResponse response = doWithFiltersAndGetResponse(this.filter, new OncePerRequestFilter() {