Polish "Add configuration property for RemoteIpValve's trusted proxies"

snicoll · snicoll · commit f5f3d7cc6744 · 2022-07-18T11:58:05.000+02:00
See gh-31576
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@@ -966,11 +966,6 @@ public static class Remoteip {
 					+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
 					+ "0:0:0:0:0:0:0:1|::1";
 
-			/**
-			 * Regular expression defining proxies that are trusted when they appear in the remoteIpHeader header.
-			 */
-			private String trustedProxies;
-
 			/**
 			 * Header that holds the incoming protocol, usually named "X-Forwarded-Proto".
 			 */
@@ -998,6 +993,12 @@ public static class Remoteip {
 			 */
 			private String remoteIpHeader;
 
+			/**
+			 * Regular expression defining proxies that are trusted when they appear in
+			 * the "remote-ip-header" header.
+			 */
+			private String trustedProxies;
+
 			public String getInternalProxies() {
 				return this.internalProxies;
 			}
@@ -1047,12 +1048,13 @@ public void setRemoteIpHeader(String remoteIpHeader) {
 			}
 
 			public String getTrustedProxies() {
-				return trustedProxies;
+				return this.trustedProxies;
 			}
 
 			public void setTrustedProxies(String trustedProxies) {
 				this.trustedProxies = trustedProxies;
 			}
+
 		}
 
 	}
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
@@ -227,9 +227,9 @@ private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory)
 			if (StringUtils.hasLength(remoteIpHeader)) {
 				valve.setRemoteIpHeader(remoteIpHeader);
 			}
+			valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
 			// The internal proxies default to a list of "safe" internal IP addresses
 			valve.setInternalProxies(remoteIpProperties.getInternalProxies());
-			valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
 			try {
 				valve.setHostHeader(remoteIpProperties.getHostHeader());
 			}
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
@@ -224,10 +224,10 @@ void customRemoteIpValve() {
 		bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header",
 				"server.tomcat.remoteip.protocol-header=x-my-protocol-header",
 				"server.tomcat.remoteip.internal-proxies=192.168.0.1",
-				"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2",
 				"server.tomcat.remoteip.host-header=x-my-forward-host",
 				"server.tomcat.remoteip.port-header=x-my-forward-port",
-				"server.tomcat.remoteip.protocol-header-https-value=On");
+				"server.tomcat.remoteip.protocol-header-https-value=On",
+				"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2");
 		TomcatServletWebServerFactory factory = customizeAndGetFactory();
 		assertThat(factory.getEngineValves()).hasSize(1);
 		Valve valve = factory.getEngineValves().iterator().next();

Original file line number	Diff line number	Diff line change
`@@ -966,11 +966,6 @@ public static class Remoteip {`
`966`	`966`	`+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}\|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}\|" //`
`967`	`967`	`+ "0:0:0:0:0:0:0:1\|::1";`
`968`	`968`
`969`		`- /**`
`970`		`- * Regular expression defining proxies that are trusted when they appear in the remoteIpHeader header.`
`971`		`- */`
`972`		`- private String trustedProxies;`
`973`		`-`
`974`	`969`	`/**`
`975`	`970`	`* Header that holds the incoming protocol, usually named "X-Forwarded-Proto".`
`976`	`971`	`*/`
`@@ -998,6 +993,12 @@ public static class Remoteip {`
`998`	`993`	`*/`
`999`	`994`	`private String remoteIpHeader;`
`1000`	`995`
	`996`	`+ /**`
	`997`	`+ * Regular expression defining proxies that are trusted when they appear in`
	`998`	`+ * the "remote-ip-header" header.`
	`999`	`+ */`
	`1000`	`+ private String trustedProxies;`
	`1001`	`+`
`1001`	`1002`	`public String getInternalProxies() {`
`1002`	`1003`	`return this.internalProxies;`
`1003`	`1004`	`}`
`@@ -1047,12 +1048,13 @@ public void setRemoteIpHeader(String remoteIpHeader) {`
`1047`	`1048`	`}`
`1048`	`1049`
`1049`	`1050`	`public String getTrustedProxies() {`
`1050`		`- return trustedProxies;`
	`1051`	`+ return this.trustedProxies;`
`1051`	`1052`	`}`
`1052`	`1053`
`1053`	`1054`	`public void setTrustedProxies(String trustedProxies) {`
`1054`	`1055`	`this.trustedProxies = trustedProxies;`
`1055`	`1056`	`}`
	`1057`	`+`
`1056`	`1058`	`}`
`1057`	`1059`
`1058`	`1060`	`}`
Original file line number	Diff line number	Diff line change
`@@ -227,9 +227,9 @@ private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory)`
`227`	`227`	`if (StringUtils.hasLength(remoteIpHeader)) {`
`228`	`228`	`valve.setRemoteIpHeader(remoteIpHeader);`
`229`	`229`	`}`
	`230`	`+ valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());`
`230`	`231`	`// The internal proxies default to a list of "safe" internal IP addresses`
`231`	`232`	`valve.setInternalProxies(remoteIpProperties.getInternalProxies());`
`232`		`- valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());`
`233`	`233`	`try {`
`234`	`234`	`valve.setHostHeader(remoteIpProperties.getHostHeader());`
`235`	`235`	`}`