This repository has been archived by the owner on Nov 9, 2017. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 57
/
HttpUtil.java
126 lines (108 loc) · 4.34 KB
/
HttpUtil.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/*
* Copyright 2015, Red Hat, Inc. and individual contributors as indicated by the
* @author tags. See the copyright.txt file in the distribution for a full
* listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This software is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this software; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
* site: http://www.fsf.org.
*/
package org.zanata.util;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.HttpMethod;
import org.apache.commons.lang.StringUtils;
import org.jboss.resteasy.spi.HttpRequest;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
/**
* Utility class for HTTP related methods.
*
* @author Patrick Huang
* <a href="mailto:pahuang@redhat.com">pahuang@redhat.com</a>
*/
public final class HttpUtil {
private final static List<String> HTTP_REQUEST_READ_METHODS = Lists.newArrayList(
HttpMethod.GET, HttpMethod.HEAD, HttpMethod.OPTIONS);
public static final String X_AUTH_TOKEN_HEADER = "X-Auth-Token";
public static final String X_AUTH_USER_HEADER = "X-Auth-User";
/**
* This should be set by admin.
* Example header names might be "X-Forwarded-For", "Proxy-Client-IP",
* "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"
*/
public static String PROXY_HEADER = System
.getProperty("ZANATA_PROXY_HEADER");
public static String getApiKey(HttpRequest request) {
return request.getHttpHeaders().getRequestHeaders()
.getFirst(X_AUTH_TOKEN_HEADER);
}
@VisibleForTesting
static void refreshProxyHeader() {
PROXY_HEADER = System.getProperty("ZANATA_PROXY_HEADER");
}
public static String getUsername(HttpRequest request) {
return request.getHttpHeaders().getRequestHeaders()
.getFirst(X_AUTH_USER_HEADER);
}
/**
* Return client ip address according to HttpServletRequest.
*
* This will also check for the possibility of client behind proxy
* before returning default remote address in request.
*
* NOTE: Not all proxy server include client ip information in http header
* and different proxy MIGHT use different http header for such information.
* Default remote address in request will be returned if client information
* is not found in header.
*
* see http://stackoverflow.com/questions/4678797/how-do-i-get-the-remote-address-of-a-client-in-servlet
* @param request
*/
public static String getClientIp(HttpServletRequest request) {
String ip;
if (StringUtils.isEmpty(PROXY_HEADER)) {
return request.getRemoteAddr();
}
// PROXY_HEADER can be list of ip address
String header = request.getHeader(PROXY_HEADER);
if (header == null) {
return request.getRemoteAddr();
}
String[] ipList =
StringUtils.split(header, ",");
if (ipList.length == 0) {
return request.getRemoteAddr();
}
//return last ip address from list if found
ip = ipList[ipList.length-1];
if(!isIpUnknown(ip)) {
return ip;
}
return request.getRemoteAddr();
}
private static boolean isIpUnknown(String ip) {
return StringUtils.isEmpty(ip) || StringUtils.equalsIgnoreCase(ip,
"unknown") || StringUtils.equalsIgnoreCase(ip, "localhost") ||
StringUtils.equals(ip, "127.0.0.1");
}
public static boolean isReadMethod(String httpMethod) {
for(String readMethod: HTTP_REQUEST_READ_METHODS) {
if(readMethod.equalsIgnoreCase(httpMethod)) {
return true;
}
}
return false;
}
}