Package org.springframework.web.util

Class ForwardedHeaderUtils

java.lang.Object

org.springframework.web.util.ForwardedHeaderUtils

public abstract class ForwardedHeaderUtils
extends Object

Utility class to assist with processing "Forwarded" and "X-Forwarded-*" headers.

Note: There are security considerations surrounding the use of forwarded headers. Those should not be used unless the application is behind a trusted proxy that inserts them and also explicitly removes any such headers coming from an external source.

In most cases, you should not use this class directly but rather rely on ForwardedHeaderFilter for Spring MVC or ForwardedHeaderTransformer in order to extract the information from the headers as early as possible and discard such headers. Underlying servers such as Tomcat, Jetty, and Reactor Netty also provide options to handle forwarded headers even earlier.

Since:

6.1

Author:

Rossen Stoyanchev

Constructor Summary

Constructors

Constructor	Description
ForwardedHeaderUtils()

Method Summary

Modifier and Type	Method	Description
static UriComponentsBuilder	adaptFromForwardedHeaders(URI uri, HttpHeaders headers)	Adapt the scheme+host+port of the given URI from the "Forwarded" header (see RFC 7239) or from the "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers if "Forwarded" is not present.
static InetSocketAddress	parseForwardedFor(URI uri, HttpHeaders headers, InetSocketAddress remoteAddress)	Parse the first "Forwarded: for=..." or "X-Forwarded-For" header value to an InetSocketAddress representing the address of the client.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ForwardedHeaderUtils

public ForwardedHeaderUtils()

Method Details

adaptFromForwardedHeaders

public static UriComponentsBuilder adaptFromForwardedHeaders(URI uri,
 HttpHeaders headers)

Adapt the scheme+host+port of the given URI from the "Forwarded" header (see RFC 7239) or from the "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers if "Forwarded" is not present.

Parameters:

uri - the request URI

headers - the HTTP headers to consider

Returns:

a UriComponentsBuilder that reflects the request URI and additional updates from forwarded headers

parseForwardedFor

@Nullable
public static InetSocketAddress parseForwardedFor(URI uri,
 HttpHeaders headers,
 @Nullable
 InetSocketAddress remoteAddress)

Parse the first "Forwarded: for=..." or "X-Forwarded-For" header value to an InetSocketAddress representing the address of the client.

Parameters:

uri - the request URI

headers - the request headers that may contain forwarded headers

remoteAddress - the current remote address

Returns:

an InetSocketAddress with the extracted host and port, or null if the headers are not present

See Also:

• RFC 7239, Section 5.2