pax-web-undertow support for proxy-address-forwarding and checkForwardedHeaders

[Hannes Holtzhausen]

Good day

Pax-web-undertow 7.3.3 ignores the proxy-address-forwarding attribute and org.osgi.service.http.checkForwardedHeaders property.

As a result non of the X-Forwarded headers are applied to the http request in scenarios where SSL is offloaded using a load balancer.

This in turn causes the java keycloak adapter to formulate incorrect redirect_uri's and breaks the standard OIDC flow.

We are running pax-web-undertow as part of the Redhat JBoss Fuse 7.4.0 distribution.

I applied a fix to the web-7.3.3 tag and have tested it successfully in our environment. Find attached my changes for possible inclusion in

an upcoming 7.3.x release.

Hannes

[Grzegorz Grzybek]

Hello

Great and thanks for the patch - I'll take care of it (and of fixing it also in RedHat Fuse 7.5) soon.

regards

Grzegorz Grzybek

--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com

---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/f380a9e8-e944-4c4c-b959-a1c43c77f5d1%40googlegroups.com.

[Grzegorz Grzybek]

Hello

I created https://ops4j1.jira.com/browse/PAXWEB-1233 to track this. Should be fixed with pax-web 7.3.4.

regards

Grzegorz Grzybek

czw., 22 sie 2019 o 08:19 Hannes Holtzhausen <hannes.ho...@gmail.com> napisał(a):

[Grzegorz Grzybek]

Thanks Hannes for the patch!

https://ops4j1.jira.com/browse/PAXWEB-1233 is fixed now.

regards

Grzegorz Grzybek

[Hannes Holtzhausen]

Great!  Looking forward to the Redhat Fuse 7.5 updates.

To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/CAAdXmhpX6Ok1K%3DhrA6Xr7nzersxrD1gVm993wc%2BOMbHzY8TRDA%40mail.gmail.com.