View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.server;
20  
21  import java.util.Objects;
22  
23  import javax.servlet.http.HttpServletRequest;
24  
25  /**
26   * Customizes requests that lack the {@code Host} header (for example, HTTP 1.0 requests).
27   * <p>
28   * In case of HTTP 1.0 requests that lack the {@code Host} header, the application may issue
29   * a redirect, and the {@code Location} header is usually constructed from the {@code Host}
30   * header; if the {@code Host} header is missing, the server may query the connector for its
31   * IP address in order to construct the {@code Location} header, and thus leak to clients
32   * internal IP addresses.
33   * <p>
34   * This {@link HttpConfiguration.Customizer} is configured with a {@code serverName} and
35   * optionally a {@code serverPort}.
36   * If the {@code Host} header is absent, the configured {@code serverName} will be set on
37   * the request so that {@link HttpServletRequest#getServerName()} will return that value,
38   * and likewise for {@code serverPort} and {@link HttpServletRequest#getServerPort()}.
39   */
40  public class HostHeaderCustomizer implements HttpConfiguration.Customizer
41  {
42      private final String serverName;
43      private final int serverPort;
44  
45      /**
46       * @param serverName the {@code serverName} to set on the request (the {@code serverPort} will not be set)
47       */
48      public HostHeaderCustomizer(String serverName)
49      {
50          this(serverName, 0);
51      }
52  
53      /**
54       * @param serverName the {@code serverName} to set on the request
55       * @param serverPort the {@code serverPort} to set on the request
56       */
57      public HostHeaderCustomizer(String serverName, int serverPort)
58      {
59          this.serverName = Objects.requireNonNull(serverName);
60          this.serverPort = serverPort;
61      }
62  
63      @Override
64      public void customize(Connector connector, HttpConfiguration channelConfig, Request request)
65      {
66          if (request.getHeader("Host") == null)
67              request.setAuthority(serverName,serverPort);  // TODO set the field as well?
68      }
69  }