Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).
OF-3261: Addressing minor code review feedback
- Changed package name to reflect that the code relates to Jetty (not Netty)
- Switch to IpUtils-provided API that ignores zone/scope parts in IPv6 addresses
- Use default capacity of new sets
- Fixes javadoc
OF-3261: Allow reverse proxies to be verified
Before trusting remote-peer provided HTTP headers like `Forwarded` and `X-Forwarded-For`, the source of these headers should be validated. This prevents malicious clients from setting this header themselves.
This commit introduces a wrapper for Jetty's ForwarededRequestCustomizer (which replaces the reported IP address of the remote peer with a value from the HTTP headers). When Openfire is now configured with a non-empty set of trusted proxies, such replacement only occurs when the remote peer is one of the trusted proxies.
This functionality has been added to the Admin Console and webbinding implementations, using two distinct properties:
- `adminConsole.forwarded.trusted.proxies`
- `httpbind.forwarded.trusted.proxies`
Valid values are IP addresses (IPv4 and IPv6) and ranges.
The admin console has been modified to allow for configuration of these values through the pages where related functionality was already provided.
A small CSS tweak was introduced: Openfire's setup had an implementation where a question-mark icon can be used to provide a tooltip help text. That has now been moved from 'setup' to 'global', so that it can be used both during setup, but also in the admin console itself (after setup has finished).
(review feedback): Change name used in property change listener
The old value was clearly copy/pasted from another listener, referencing the purpose of that property. Although the values aren't used, their names should either be ambiguous, or reference the correct functionality. This helps avoid confusion.
