We have recently configured Apache Load Balancers in our domain via which HTTP requests are balanced and passed through to various OSB Web Services. The Apache LBs are configured with ProxyPreserveHost On which carries out the task of writing the client's IP Address into a new header X-Forwarded-For.
Our OSB Web Services then attempt to authenticate client requests based on the client's IP address as well as their supplied username/password. The problem is that when the OSB flows receive a new request, the X-Forwarded-For header is nowhere to be seen! With Tracing turned on, request look something like this:
<con:transport>
<con:uri>/ws/service/interface</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Accept-Encoding>gzip,deflate</http:Accept-Encoding>
<http:Connection>Keep-Alive</http:Connection>
<http:Content-Length>1285</http:Content-Length>
<http:Content-Type>text/xml;charset=UTF-8</http:Content-Type>
<http:Host>www.a.service.com</http:Host>
<http:SOAPAction>""</http:SOAPAction>
<http:User-Agent>Apache-HttpClient/4.1.1 (java 1.5)</http:User-Agent>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">UTF-8</tran:encoding>
<http:client-host>www.a.service.com</http:client-host>
<http:client-address>xx.xxx.x.xxx</http:client-address>
<http:http-method>POST</http:http-method>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
The client-host|client-address values are that of the Apache LB and we are expecting the client's source IP address to appear under trans:headers in a user header - something like this:
<tran:user-header name="X-Forwarded-For" value="yy.yy.yyy.yyy"/>
I have read this link: http://www.javamonamour.org/2014/07/osb-and-load-balancer-source-ip.html but I'm not sure what exactly we need to do. I have connected to the Admin Server using jconsole and found the WebServerMBean's ClientIpHeader' (which is currently empty) but it is read-only and there is no setter for it. Any ideas what I need to do exactly in Weblogic OSB in order to retrieveX-Forwarded-For` header from user requests?
Unless explicitly set, OSB does not parse incoming transport headers. There's an option 'Get All Headers' on the proxy itself; enabling that checkbox will allow them to be accessed inside the proxy.