Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-5258

IG Standalone must populate the originalUri.port from Host header

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 7.0.0, 7.0.1, 7.0.2, 7.1.0
    • 7.0.2, 7.1.0
    • None
    • OpenJDK 11.0.9.1
      IG 7.1.0-SNAPSHOT (43c94805bd3)

    Description

      ForwardedRequestFilter host replacement works differently on standalone and container versions. This is due to the population of the originalUri.port in standalone. Indeed it does not use the Host header, but the port from the underlying connection. This behavior is not hte same as IG servlet.

       

      Example :

      When having this route:

      {
        "baseURI": "http://app.example.com:8080",
        "condition": "${matches(request.uri.path, '/forwarded_request_filter')}",
        "handler": {
          "config": {
            "filters": [
              {
                "config": {
                  "_port": "${integer(request.headers['X-Forwarded-Port'][0])}",
                  "_scheme": "${request.headers['X-Forwarded-Proto'][0]}",
                  "host": "${split(request.headers['Host'][0], ':')[0]}"
                },
                "name": "ForwardedRequestFilter",
                "type": "ForwardedRequestFilter"
              }
            ],
            "handler": {
              "config": {
                "entity": "${contexts.router.originalUri.toASCIIString()}",
                "status": 418
              },
              "type": "StaticResponseHandler"
            }
          },
          "type": "Chain"
        }
      }
      

      And accessing IG:

      http -v --follow --all --verify=False     "http://openig.example.com:8084/forwarded_request_filter"  Host:"ig.qa"
      

      the result is:
      on container version:

      http://ig.qa/forwarded_request_filter
      

      on standalone version:

      http://ig.qa:8084/forwarded_request_filter
      

      Similarly:

      http -v --follow --all --verify=False     "http://openig.example.com:8084/forwarded_request_filter"  Host:"ig.qa:123"
      

      on container version:

      http://ig.qa:123/forwarded_request_filter
      

      on standalone version:

      http://ig.qa:8084/forwarded_request_filter
      

      The results are the same, no matter which container is used (tomcat 9.0.34, jetty 9.4.28, jboss eap 7.3

      Attachments

        Activity

          People

            nils.renaud Nils Renaud
            jan.hajovsky Jan Hajovsky
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: