Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21980

(7.3.z) TEST - ServletRequest#getLocalPort(), getLocalAddr() and getLocalName() can return wrong information when proxy-address-forwarding="true" is enabled

    XMLWordPrintable

Details

    Description

      This Jira requires an Undertow upgrade (WFCORE-5425) and a fix in test failures caused by tests that are asserting the result of getLocalPort()/getLocalAddr()/getLocalName() in a spec non-compliant way in WildFly.
      I'll be submitting first a PR to comment out the faulty assertion in those tests, so the WildFly Core upgrade with Undertow 2.2.8.Final can be done, and a second PR to change those assertions to their correct form, which should work with the new Undertow.

      For more details on the original issue that is fixed by UNDERTOW-1837:

      ServletRequest#getLocalPort(), getLocalAddr(), and getLocalName() does not return the correct information of the interface on which the request was received when proxy-address-forwarding="true" is enabled on http-listener. I think this behavior has started to happen since EAP 7.2.0 that incorporates UNDERTOW-1280 and UNDERTOW-1282 (via EAP7-834).

      Servlet API javax.servlet.ServletRequest says:

      getLocalPort() returns the Internet Protocol (IP) port number of the interface on which the request was received.
      getLocalAddr() returns the Internet Protocol (IP) address of the interface on which the request was received.
      getLocalName() returns the host name of the Internet Protocol (IP) interface on which the request was received.

      So, it should return the actual IP address/port and host name of the binding interface of the listener.

      However, when ProxyPeerAddressHandler is enabled (e.g. proxy-address-forwarding="true" is specified), the X-Forwarded-Host/X-Forwarded-Port headers affect the results of the above methods. Similarly, when ForwardedHandler is enabled, the Forwarded header affects the results of the above methods. It's okay that these headers affects the results of getServerName() and getServerPort() with these handlers, but I think it should not affect the results of getLocalPort(), getLocalAddr() and getLocalName().

      Attachments

        Issue Links

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              spyrkob Bartosz Spyrko-Smietanko
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: