FELIX-3693 A servlet filter for servers running behind an SSL-endpoint proxy
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1394715 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/http/pom.xml b/http/pom.xml
index 9afbd4d..b0564cf 100644
--- a/http/pom.xml
+++ b/http/pom.xml
@@ -42,6 +42,7 @@
<module>whiteboard</module>
<module>cometd</module>
<module>bundle</module>
+ <module>sslfilter</module>
<module>samples/filter</module>
<module>samples/bridge</module>
<module>samples/whiteboard</module>
diff --git a/http/sslfilter/pom.xml b/http/sslfilter/pom.xml
new file mode 100644
index 0000000..a4bbff9
--- /dev/null
+++ b/http/sslfilter/pom.xml
@@ -0,0 +1,103 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>felix-parent</artifactId>
+ <version>2.1</version>
+ <relativePath>../../pom/pom.xml</relativePath>
+ </parent>
+
+ <name>Apache Felix Http SSL Filter</name>
+ <artifactId>org.apache.felix.http.sslfilter</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>2.3.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <instructions>
+ <Bundle-Activator>
+ org.apache.felix.http.sslfilter.internal.SslFilterActivator
+ </Bundle-Activator>
+ <Import-Package>
+ javax.servlet.*;version="2.3",
+ *
+ </Import-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.3</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <version>4.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ <version>4.1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.http.api</artifactId>
+ <version>2.0.2</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Test Dependencies -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.8.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/HttpServiceTracker.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/HttpServiceTracker.java
new file mode 100644
index 0000000..115da50
--- /dev/null
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/HttpServiceTracker.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import java.util.HashMap;
+import java.util.Hashtable;
+
+import javax.servlet.ServletException;
+
+import org.apache.felix.http.api.ExtHttpService;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
+
+public class HttpServiceTracker extends ServiceTracker
+{
+
+ private final HashMap /* ServiceReference, SslFilter */filters;
+
+ public HttpServiceTracker(BundleContext context)
+ {
+ super(context, ExtHttpService.class.getName(), null);
+
+ this.filters = new HashMap();
+ }
+
+ public Object addingService(ServiceReference reference)
+ {
+ ExtHttpService service = (ExtHttpService) super.addingService(reference);
+ if (service != null)
+ {
+ SslFilter filter = new SslFilter();
+ try
+ {
+ service.registerFilter(filter, ".*", new Hashtable(), 0, null);
+ this.filters.put(reference, filter);
+ }
+ catch (ServletException e)
+ {
+ // TODO: log
+ }
+ }
+
+ return service;
+ }
+
+ public void removedService(ServiceReference reference, Object service)
+ {
+ SslFilter filter = (SslFilter) this.filters.remove(reference);
+ if (filter != null)
+ {
+ ((ExtHttpService) service).unregisterFilter(filter);
+ }
+
+ super.removedService(reference, service);
+ }
+}
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
new file mode 100644
index 0000000..f6736b0
--- /dev/null
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilter.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+public class SslFilter implements Filter
+{
+
+ // request header indicating an SSL endpoint proxy
+ private static final String X_FORWARD_SSL_HEADER = "X-Forwarded-SSL";
+
+ // value indicating an SSL endpoint proxy
+ private static final String X_FORWARD_SSL_VALUE = "on";
+
+ public void init(FilterConfig config)
+ {
+ }
+
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
+ ServletException
+ {
+
+ HttpServletRequest httpReq = (HttpServletRequest) req;
+
+ if (X_FORWARD_SSL_VALUE.equalsIgnoreCase(httpReq.getHeader(X_FORWARD_SSL_HEADER)))
+ {
+ httpReq = new SslFilterRequest(httpReq);
+ }
+
+ chain.doFilter(httpReq, res);
+ }
+
+ public void destroy()
+ {
+ }
+
+}
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterActivator.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterActivator.java
new file mode 100644
index 0000000..a52c4de
--- /dev/null
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterActivator.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+
+public class SslFilterActivator implements BundleActivator
+{
+
+ private HttpServiceTracker tracker;
+
+ public void start(BundleContext context)
+ {
+ this.tracker = new HttpServiceTracker(context);
+ this.tracker.open();
+ }
+
+ public void stop(BundleContext context)
+ {
+ if (this.tracker != null)
+ {
+ this.tracker.close();
+ this.tracker = null;
+ }
+ }
+
+}
diff --git a/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
new file mode 100644
index 0000000..62c955d
--- /dev/null
+++ b/http/sslfilter/src/main/java/org/apache/felix/http/sslfilter/internal/SslFilterRequest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.http.sslfilter.internal;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+public class SslFilterRequest extends HttpServletRequestWrapper
+{
+
+ private String requestURL;
+
+ public SslFilterRequest(HttpServletRequest request)
+ {
+ super(request);
+
+ // TODO: check request headers for SSL attribute information
+ }
+
+ public String getScheme()
+ {
+ return "https";
+ }
+
+ public boolean isSecure()
+ {
+ return true;
+ }
+
+ public StringBuffer getRequestURL()
+ {
+ if (this.requestURL == null) {
+ // insert an 's' after the http scheme
+ StringBuffer tmp = super.getRequestURL();
+ tmp.insert(4, 's');
+ this.requestURL = tmp.toString();
+ }
+
+ return new StringBuffer(this.requestURL);
+ }
+}