Check X-Forwarded-Host in ServletUriComponentsBuilder

Issue: SPR-11855

Author: rstoyanchev

spring-webmvc/src/main/java/org/springframework/web/servlet/support/ServletUriComponentsBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2014 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -97,13 +97,12 @@ public static ServletUriComponentsBuilder fromRequestUri(HttpServletRequest requ
 	 */
 	public static ServletUriComponentsBuilder fromRequest(HttpServletRequest request) {
 		String scheme = request.getScheme();
-		int port = request.getServerPort();
 		String host = request.getServerName();
+		int port = request.getServerPort();
 
-		String header = request.getHeader("X-Forwarded-Host");
-
-		if (StringUtils.hasText(header)) {
-			String[] hosts = StringUtils.commaDelimitedListToStringArray(header);
+		String hostHeader = request.getHeader("X-Forwarded-Host");
+		if (StringUtils.hasText(hostHeader)) {
+			String[] hosts = StringUtils.commaDelimitedListToStringArray(hostHeader);
 			String hostToUse = hosts[0];
 			if (hostToUse.contains(":")) {
 				String[] hostAndPort = StringUtils.split(hostToUse, ":");
@@ -115,6 +114,11 @@ public static ServletUriComponentsBuilder fromRequest(HttpServletRequest request
 			}
 		}
 
+		String portHeader = request.getHeader("X-Forwarded-Port");
+		if (StringUtils.hasText(portHeader)) {
+			port = Integer.parseInt(portHeader);
+		}
+
 		ServletUriComponentsBuilder builder = new ServletUriComponentsBuilder();
 		builder.scheme(scheme);
 		builder.host(host);

spring-webmvc/src/test/java/org/springframework/web/servlet/support/ServletUriComponentsBuilderTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2014 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,8 +24,12 @@
 import org.springframework.web.util.UriComponents;
 
 import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
 
 /**
+ * Unit tests for
+ * {@link org.springframework.web.servlet.support.ServletUriComponentsBuilder}.
+ *
  * @author Rossen Stoyanchev
  */
 public class ServletUriComponentsBuilderTests {
@@ -85,7 +89,7 @@ public void fromRequestUri() {
 	}
 
 	@Test
-	public void fromRequestWithForwardedHostHeader() {
+	public void fromRequestWithForwardedHost() {
 		request.addHeader("X-Forwarded-Host", "anotherHost");
 		request.setRequestURI("/mvc-showcase/data/param");
 		request.setQueryString("foo=123");
@@ -97,7 +101,7 @@ public void fromRequestWithForwardedHostHeader() {
 	// SPR-10701
 
 	@Test
-	public void fromRequestWithForwardedHostAndPortHeader() {
+	public void fromRequestWithForwardedHostIncludingPort() {
 		request.addHeader("X-Forwarded-Host", "webtest.foo.bar.com:443");
 		request.setRequestURI("/mvc-showcase/data/param");
 		request.setQueryString("foo=123");
@@ -116,6 +120,19 @@ public void fromRequestWithForwardedHostMultiValuedHeader() {
 		assertEquals("a.example.org", ServletUriComponentsBuilder.fromRequest(this.request).build().getHost());
 	}
 
+	// SPR-11855
+
+	@Test
+	public void fromRequestWithForwardedHostAndPort() {
+		this.request.addHeader("X-Forwarded-Host", "foobarhost");
+		this.request.addHeader("X-Forwarded-Port", "9090");
+		this.request.setServerPort(8080);
+		UriComponents uriComponents = ServletUriComponentsBuilder.fromRequest(this.request).build();
+
+		assertEquals("foobarhost", uriComponents.getHost());
+		assertEquals(9090, uriComponents.getPort());
+	}
+
 	@Test
 	public void fromContextPath() {
 		request.setRequestURI("/mvc-showcase/data/param");