程序包 cn.taketoday.web.servlet.filter

类 ForwardedHeaderFilter

java.lang.Object
cn.taketoday.web.servlet.filter.GenericFilterBean
cn.taketoday.web.servlet.filter.OncePerRequestFilter
cn.taketoday.web.servlet.filter.ForwardedHeaderFilter
所有已实现的接口:
cn.taketoday.beans.factory.Aware, cn.taketoday.beans.factory.BeanNameAware, cn.taketoday.beans.factory.DisposableBean, cn.taketoday.beans.factory.InitializingBean, cn.taketoday.context.EnvironmentAware, cn.taketoday.core.env.EnvironmentCapable, ServletContextAware, Filter
public class ForwardedHeaderFilter extends OncePerRequestFilter
Extract values from "Forwarded" and "X-Forwarded-*" headers, wrap the request and response, and make they reflect the client-originated protocol and address in the following methods:

There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client. This is why a proxy at the boundary of trust should be configured to remove untrusted Forwarded headers that come from the outside.

You can also configure the ForwardedHeaderFilter with removeOnly, in which case it removes but does not use the headers.

从以下版本开始:
4.0 2022/3/27 22:00
作者:
Rossen Stoyanchev, Eddú Meléndez, Rob Winch, Harry Yang
另请参阅:

  • 字段详细资料

    • FORWARDED_HEADER_NAMES

      private static final Set<String> FORWARDED_HEADER_NAMES

    • removeOnly

      private boolean removeOnly

    • relativeRedirects

      private boolean relativeRedirects

  • 构造器详细资料

    • ForwardedHeaderFilter

      public ForwardedHeaderFilter()

  • 方法详细资料

    • setRemoveOnly

      public void setRemoveOnly(boolean removeOnly)
      Enables mode in which any "Forwarded" or "X-Forwarded-*" headers are removed only and the information in them ignored.
      参数:
      removeOnly - whether to discard and ignore forwarded headers

    • setRelativeRedirects

      public void setRelativeRedirects(boolean relativeRedirects)
      Use this property to enable relative redirects as explained in RelativeRedirectFilter, and also using the same response wrapper as that filter does, or if both are configured, only one will wrap.

      By default, if this property is set to false, in which case calls to HttpServletResponse.sendRedirect(String) are overridden in order to turn relative into absolute URLs, also taking into account forwarded headers.

      参数:
      relativeRedirects - whether to use relative redirects

    • shouldNotFilter

      protected boolean shouldNotFilter(HttpServletRequest request)
      从类复制的说明: OncePerRequestFilter
      Can be overridden in subclasses for custom filtering control, returning true to avoid filtering of the given request.

      The default implementation always returns false.

      覆盖:
      shouldNotFilter 在类中 OncePerRequestFilter
      参数:
      request - current HTTP request
      返回:
      whether the given request should not be filtered

    • shouldNotFilterAsyncDispatch

      protected boolean shouldNotFilterAsyncDispatch()
      从类复制的说明: OncePerRequestFilter
      The dispatcher type jakarta.servlet.DispatcherType.ASYNC means a filter can be invoked in more than one thread over the course of a single request. Some filters only need to filter the initial thread (e.g. request wrapping) while others may need to be invoked at least once in each additional thread for example for setting up thread locals or to perform final processing at the very end.

      Note that although a filter can be mapped to handle specific dispatcher types via web.xml or in Java through the ServletContext, servlet containers may enforce different defaults with respect to dispatcher types. This flag enforces the design intent of the filter.

      The default return value is "true", which means the filter will not be invoked during subsequent async dispatches. If "false", the filter will be invoked during async dispatches with the same guarantees of being invoked only once during a request within a single thread.

      覆盖:
      shouldNotFilterAsyncDispatch 在类中 OncePerRequestFilter

    • shouldNotFilterErrorDispatch

      protected boolean shouldNotFilterErrorDispatch()
      从类复制的说明: OncePerRequestFilter
      Whether to filter error dispatches such as when the servlet container processes and error mapped in web.xml. The default return value is "true", which means the filter will not be invoked in case of an error dispatch.
      覆盖:
      shouldNotFilterErrorDispatch 在类中 OncePerRequestFilter

    • doFilterInternal

      protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
      从类复制的说明: OncePerRequestFilter
      Same contract as for doFilter, but guaranteed to be just invoked once per request within a single request thread. See OncePerRequestFilter.shouldNotFilterAsyncDispatch() for details.

      Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.

      指定者:
      doFilterInternal 在类中 OncePerRequestFilter
      抛出:
      ServletException
      IOException

    • doFilterNestedErrorDispatch

      protected void doFilterNestedErrorDispatch(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
      从类复制的说明: OncePerRequestFilter
      Typically an ERROR dispatch happens after the REQUEST dispatch completes, and the filter chain starts anew. On some servers however the ERROR dispatch may be nested within the REQUEST dispatch, e.g. as a result of calling sendError on the response. In that case we are still in the filter chain, on the same thread, but the request and response have been switched to the original, unwrapped ones.

      Sub-classes may use this method to filter such nested ERROR dispatches and re-apply wrapping on the request or response. ThreadLocal context, if any, should still be active as we are still nested within the filter chain.

      覆盖:
      doFilterNestedErrorDispatch 在类中 OncePerRequestFilter
      抛出:
      ServletException
      IOException