diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java index a93b68a096..24e9e0d53b 100755 --- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java +++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java @@ -185,6 +185,8 @@ public class ProxyConfig { protected AdapterConfig adapterConfig; @JsonProperty("error-page") protected String errorPage; + @JsonProperty("proxy-address-forwarding") + protected boolean proxyAddressForwarding; @JsonProperty("constraints") protected List constraints = new LinkedList(); @@ -211,6 +213,14 @@ public class ProxyConfig { public void setErrorPage(String errorPage) { this.errorPage = errorPage; } + + public boolean isProxyAddressForwarding() { + return proxyAddressForwarding; + } + + public void setProxyAddressForwarding(boolean proxyAddressForwarding) { + this.proxyAddressForwarding = proxyAddressForwarding; + } public List getConstraints() { return constraints; diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java index 1dd96c6bf2..4b99e9e2f2 100755 --- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java +++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java @@ -32,6 +32,7 @@ import io.undertow.server.HttpServerExchange; import io.undertow.server.handlers.PathHandler; import io.undertow.server.handlers.ResponseCodeHandler; import io.undertow.server.handlers.proxy.ProxyHandler; +import io.undertow.server.handlers.ProxyPeerAddressHandler; import io.undertow.server.handlers.proxy.SimpleProxyClientProvider; import io.undertow.server.session.InMemorySessionManager; import io.undertow.server.session.SessionAttachmentHandler; @@ -135,6 +136,7 @@ public class ProxyServerBuilder { protected SecurityPathMatches.Builder constraintBuilder = new SecurityPathMatches.Builder(); protected SecurityPathMatches matches; protected String errorPage; + protected boolean proxyAddressForwarding; public ApplicationBuilder base(String base) { this.base = base; @@ -148,6 +150,11 @@ public class ProxyServerBuilder { this.errorPage = errorPage; return this; } + + public ApplicationBuilder proxyAddressForwarding(boolean proxyAddressForwarding) { + this.proxyAddressForwarding = proxyAddressForwarding; + return this; + } public ApplicationBuilder(AdapterConfig config) { this.deployment = KeycloakDeploymentBuilder.build(config); @@ -273,7 +280,9 @@ public class ProxyServerBuilder { } }; handler = new UndertowPreAuthActionsHandler(deploymentContext, userSessionManagement, sessionManager, handler); - return new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); + handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler); + if (proxyAddressForwarding) handler = new ProxyPeerAddressHandler(handler); + return handler; } private HttpHandler sessionHandling(HttpHandler toWrap) { @@ -383,7 +392,8 @@ public class ProxyServerBuilder { for (ProxyConfig.Application application : config.getApplications()) { ApplicationBuilder applicationBuilder = builder.application(application.getAdapterConfig()) .base(application.getBasePath()) - .errorPage(application.getErrorPage()); + .errorPage(application.getErrorPage()) + .proxyAddressForwarding(application.isProxyAddressForwarding()); if (application.getConstraints() != null) { for (ProxyConfig.Constraint constraint : application.getConstraints()) {