Merge pull request #2567 from cpitman/proxy-headers

KEYCLOAK-2791 - Proxy handling for X-Forwarded headers
2016-04-12 17:53:15 -04:00 · 2016-04-12 17:53:15 -04:00 · b2a803929d
commit b2a803929d
parent 137edf9b1a eb8d02a691
2 changed files with 22 additions and 2 deletions
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
@ -185,6 +185,8 @@ public class ProxyConfig {
        protected AdapterConfig adapterConfig;
        @JsonProperty("error-page")
        protected String errorPage;
+        @JsonProperty("proxy-address-forwarding")
+        protected boolean proxyAddressForwarding;
        @JsonProperty("constraints")
        protected List<Constraint> constraints = new LinkedList<Constraint>();

@ -211,6 +213,14 @@ public class ProxyConfig {
        public void setErrorPage(String errorPage) {
            this.errorPage = errorPage;
        }
+		
+        public boolean isProxyAddressForwarding() {
+            return proxyAddressForwarding;
+        }
+
+        public void setProxyAddressForwarding(boolean proxyAddressForwarding) {
+            this.proxyAddressForwarding = proxyAddressForwarding;
+        }

        public List<Constraint> getConstraints() {
            return constraints;
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
@ -32,6 +32,7 @@ import io.undertow.server.HttpServerExchange;
 import io.undertow.server.handlers.PathHandler;
 import io.undertow.server.handlers.ResponseCodeHandler;
 import io.undertow.server.handlers.proxy.ProxyHandler;
+import io.undertow.server.handlers.ProxyPeerAddressHandler;
 import io.undertow.server.handlers.proxy.SimpleProxyClientProvider;
 import io.undertow.server.session.InMemorySessionManager;
 import io.undertow.server.session.SessionAttachmentHandler;
@ -135,6 +136,7 @@ public class ProxyServerBuilder {
        protected SecurityPathMatches.Builder constraintBuilder = new SecurityPathMatches.Builder();
        protected SecurityPathMatches matches;
        protected String errorPage;
+        protected boolean proxyAddressForwarding;

        public ApplicationBuilder base(String base) {
            this.base = base;
@ -148,6 +150,11 @@ public class ProxyServerBuilder {
            this.errorPage = errorPage;
            return this;
        }
+        
+        public ApplicationBuilder proxyAddressForwarding(boolean proxyAddressForwarding) {
+            this.proxyAddressForwarding = proxyAddressForwarding;
+            return this;
+        }

        public ApplicationBuilder(AdapterConfig config) {
            this.deployment = KeycloakDeploymentBuilder.build(config);
@ -273,7 +280,9 @@ public class ProxyServerBuilder {
                }
            };
            handler = new UndertowPreAuthActionsHandler(deploymentContext, userSessionManagement, sessionManager, handler);
-            return new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
+            handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
+            if (proxyAddressForwarding) handler = new ProxyPeerAddressHandler(handler);
+            return handler;
        }

        private HttpHandler sessionHandling(HttpHandler toWrap) {
@ -383,7 +392,8 @@ public class ProxyServerBuilder {
        for (ProxyConfig.Application application : config.getApplications()) {
            ApplicationBuilder applicationBuilder = builder.application(application.getAdapterConfig())
                    .base(application.getBasePath())
-                    .errorPage(application.getErrorPage());
+                    .errorPage(application.getErrorPage())
+                    .proxyAddressForwarding(application.isProxyAddressForwarding());

            if (application.getConstraints() != null) {
                for (ProxyConfig.Constraint constraint : application.getConstraints()) {