test/cuba
1
0
Fork 0
mirror of https://gitee.com/jmix/cuba.git synced 2024-12-04 20:28:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove X_FORWARDED_FOR header support from Web Client #788

Browse Source 
X_FORWARDED_FOR now is not taken into account on authentication
This commit is contained in:
Yuriy Artamonov 2018-05-08 11:15:15 +04:00
parent ffec1a6cd7
commit 9741c9481b
1 changed files with 1 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
modules/web/src/com/haulmont/cuba/web/security/ConnectionImpl.java
View File

@ -128,26 +128,7 @@ public class ConnectionImpl extends EventRouter implements Connection {
@Nullable
protected String getUserRemoteAddress() {
VaadinRequest currentRequest = VaadinService.getCurrentRequest();
String userRemoteAddress = null;
if (currentRequest != null) {
String xForwardedFor = currentRequest.getHeader("X_FORWARDED_FOR");
if (StringUtils.isNotBlank(xForwardedFor)) {
String[] strings = xForwardedFor.split(",");
String userAddressFromHeader = StringUtils.trimToEmpty(strings[strings.length - 1]);
if (StringUtils.isNotEmpty(userAddressFromHeader)) {
userRemoteAddress = userAddressFromHeader;
} else {
userRemoteAddress = currentRequest.getRemoteAddr();
}
} else {
userRemoteAddress = currentRequest.getRemoteAddr();
}
}
return userRemoteAddress;
return currentRequest != null ? currentRequest.getRemoteAddr() : null;
}
protected String makeClientInfo() {