diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
index a93b68a..24e9e0d 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
@@ -185,6 +185,8 @@ public class ProxyConfig {
protected AdapterConfig adapterConfig;
@JsonProperty("error-page")
protected String errorPage;
+ @JsonProperty("proxy-address-forwarding")
+ protected boolean proxyAddressForwarding;
@JsonProperty("constraints")
protected List<Constraint> constraints = new LinkedList<Constraint>();
@@ -211,6 +213,14 @@ public class ProxyConfig {
public void setErrorPage(String errorPage) {
this.errorPage = errorPage;
}
+
+ public boolean isProxyAddressForwarding() {
+ return proxyAddressForwarding;
+ }
+
+ public void setProxyAddressForwarding(boolean proxyAddressForwarding) {
+ this.proxyAddressForwarding = proxyAddressForwarding;
+ }
public List<Constraint> getConstraints() {
return constraints;
diff --git a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
index 1dd96c6..4b99e9e 100755
--- a/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
+++ b/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyServerBuilder.java
@@ -32,6 +32,7 @@ import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.PathHandler;
import io.undertow.server.handlers.ResponseCodeHandler;
import io.undertow.server.handlers.proxy.ProxyHandler;
+import io.undertow.server.handlers.ProxyPeerAddressHandler;
import io.undertow.server.handlers.proxy.SimpleProxyClientProvider;
import io.undertow.server.session.InMemorySessionManager;
import io.undertow.server.session.SessionAttachmentHandler;
@@ -135,6 +136,7 @@ public class ProxyServerBuilder {
protected SecurityPathMatches.Builder constraintBuilder = new SecurityPathMatches.Builder();
protected SecurityPathMatches matches;
protected String errorPage;
+ protected boolean proxyAddressForwarding;
public ApplicationBuilder base(String base) {
this.base = base;
@@ -148,6 +150,11 @@ public class ProxyServerBuilder {
this.errorPage = errorPage;
return this;
}
+
+ public ApplicationBuilder proxyAddressForwarding(boolean proxyAddressForwarding) {
+ this.proxyAddressForwarding = proxyAddressForwarding;
+ return this;
+ }
public ApplicationBuilder(AdapterConfig config) {
this.deployment = KeycloakDeploymentBuilder.build(config);
@@ -273,7 +280,9 @@ public class ProxyServerBuilder {
}
};
handler = new UndertowPreAuthActionsHandler(deploymentContext, userSessionManagement, sessionManager, handler);
- return new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
+ handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, handler);
+ if (proxyAddressForwarding) handler = new ProxyPeerAddressHandler(handler);
+ return handler;
}
private HttpHandler sessionHandling(HttpHandler toWrap) {
@@ -383,7 +392,8 @@ public class ProxyServerBuilder {
for (ProxyConfig.Application application : config.getApplications()) {
ApplicationBuilder applicationBuilder = builder.application(application.getAdapterConfig())
.base(application.getBasePath())
- .errorPage(application.getErrorPage());
+ .errorPage(application.getErrorPage())
+ .proxyAddressForwarding(application.isProxyAddressForwarding());
if (application.getConstraints() != null) {
for (ProxyConfig.Constraint constraint : application.getConstraints()) {
