if (request.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT) != null) { filterChain.doFilter(request, response); return; String path = ((HttpServletRequest) request).getRequestURI(); if (isExcluded(path)) { filterChain.doFilter(request, response); } else { String clientPrincipal; try { Cookie[] cookies = httpReq.getCookies(); if (cookies == null) { clientPrincipal = getPrincipalFromRequestNew((HttpServletRequest) request); for (Cookie cookie : cookies) { if ("hadoop.auth".equals(cookie.getName())) { Matcher matcher = HADOOP_AUTH_COOKIE_REGEX.matcher(cookie.getValue()); if (matcher.matches()) { clientPrincipal = matcher.group(1); request.setAttribute( AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult(clientPrincipal, authorizerName, name, null)
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; if (!PATTERN_FOR_CSS_JS_ETC.matcher(httpRequest.getRequestURI()) .matches()) { StringBuilder sb = new StringBuilder("AdminResources request details: "); sb.append(httpRequest.getRemoteHost()).append(" ") .append(httpRequest.getRemoteAddr()).append(" ") .append(httpRequest.getMethod()).append(" ") .append(httpRequest.getRequestURI()); logger.info(sb.toString()); } chain.doFilter(httpRequest, response); }
if (p != null && p.matcher(servletPath).matches()) { chain.doFilter(request, response); return; final URI requestUri; try { final UriBuilder absoluteUriBuilder = UriBuilder.fromUri(request.getRequestURL().toString()); final String pickedUrlMapping = pickUrlMapping(request.getRequestURL().toString(), filterUrlMappings); final String replacingPath = pickedUrlMapping != null ? pickedUrlMapping : (filterContextPath != null ? filterContextPath : ""); baseUri = absoluteUriBuilder.replacePath(request.getContextPath()).path(replacingPath).path("/").build(); if (webComponent.forwardOn404 && !response.isCommitted()) { boolean hasEntity = false; Response.StatusType status = null; response.setStatus(HttpServletResponse.SC_OK); chain.doFilter(request, response);
final HttpServletResponse response = (HttpServletResponse) servletResponse; String userAgent = request.getHeader( HttpHeaders.USER_AGENT ); final String path = request.getContextPath() + ( request.getPathInfo() == null ? "" : request.getPathInfo() ); if ( request.getMethod().equals( "OPTIONS" ) || whitelisted( path ) ) filterChain.doFilter( servletRequest, servletResponse ); return; if ( !PASSWORD_CHANGE_WHITELIST.matcher( path ).matches() ) try filterChain.doFilter( new AuthorizedRequestWrapper( BASIC_AUTH, username, request, securityContext ), servletResponse );
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String uri = req.getRequestURI().substring(req.getContextPath().length()); Matcher m = resourcePattern.matcher(uri); if(m.find() && isLegal(uri)) { final String realUri = m.group(2); res.setDateHeader("Expires", System.currentTimeMillis() + YEAR); req.getRequestDispatcher(realUri).forward(request, response); return; } chain.doFilter(req, res); }
HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); String loginURL = request.getContextPath() + "/login.xhtml"; boolean loggedIn = (session != null) && (session.getAttribute("user") != null); boolean loginRequest = request.getRequestURI().equals(loginURL); boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER + "/"); boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request")); response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies. chain.doFilter(request, response); // So, just continue request.
@Test public void shouldWhitelistMatchingUris() throws Exception { // Given final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter( () -> authManager, logProvider, Pattern.compile( "/" ), Pattern.compile( "/browser.*" ) ); when( servletRequest.getMethod() ).thenReturn( "GET" ); when( servletRequest.getContextPath() ).thenReturn( "/", "/browser/index.html" ); // When filter.doFilter( servletRequest, servletResponse, filterChain ); filter.doFilter( servletRequest, servletResponse, filterChain ); // Then verify( filterChain, times( 2 ) ).doFilter( same( servletRequest ), same( servletResponse ) ); }
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request; HttpServletResponse response; try { request = (HttpServletRequest) req; response = (HttpServletResponse) res; } catch (ClassCastException e) { throw new ServletException("non-HTTP request or response"); } if (redirectInfo.doLocal(request.getRequestURI())) { chain.doFilter(request, response); } else { URL url = redirectInfo.getRedirectURL(request.getQueryString(), request.getRequestURI()); log.debug("Forwarding request to [%s]", url); if (url == null) { // We apparently have nothing to redirect to, so let's do a Service Unavailable response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); return; } response.setStatus(HttpServletResponse.SC_TEMPORARY_REDIRECT); response.setHeader("Location", url.toString()); } }
HttpServletResponse httpResponse = (HttpServletResponse) response; try { HttpSession session = ((HttpServletRequest) request).getSession(false); Long userId = null; if (session != null) { userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { Context.getPermissionsManager().checkUserEnabled(userId); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; String path = ((HttpServletRequest) request).getPathInfo(); String[] parts = path.split("/"); if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) { Context.getPermissionsManager().checkDevice(userId, device.getId()); } else { httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND); return; chain.doFilter(request, response); } catch (SecurityException e) { httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResponse.getWriter().println(Log.exceptionStack(e)); } catch (SQLException e) {
RequestUtils.getRemoteAddr(hreq) + " \"" + hreq.getMethod() + " " + hreq.getRequestURI(); if (hreq.getQueryString() != null) { path += "?" + hreq.getQueryString(); message = "" + req.getRemoteHost() + " made a non-HTTP request"; chain.doFilter(req, res); long requestTime = System.currentTimeMillis() - startTime; logger.info(path + " took " + requestTime + "ms"); } else { chain.doFilter(req, res);
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (!request.getRequestURI().contains("/login") && !request.getRequestURI().contains("/acd/appconfig")) { RequestDispatcher dispatcher; HttpSession session = request.getSession(); if (session != null) { if (session.getAttribute("authName") == null || session.getAttribute("authRole") == null) { response.sendRedirect("/login"); return; } } else { request.setAttribute("fail_msg", "Session timed out!"); dispatcher = request.getRequestDispatcher("/Login"); dispatcher.forward(request, response); return; } } fc.doFilter(req, res); }
throws IOException, ServletException { if (request.isSecure()) { chain.doFilter(request, response); return; buff.append(httpRequest.getServerName()) .append(":") .append(sslPort) .append(httpRequest.getContextPath()) .append(httpRequest.getServletPath()); LOGGER.info("Redirecting " + httpRequest.getRequestURL() + " to " + redirectURL); ((HttpServletResponse) response).sendRedirect(redirectURL);
HttpSession session = request.getSession(); chain.doFilter(req, res); return; chain.doFilter(req, res); } else { logger.info("Client requested no prompt"); if (session.getAttribute(PROMPTED) == null) { chain.doFilter(req, res); } else { chain.doFilter(req, res); session.removeAttribute(PROMPTED); chain.doFilter(req, res); chain.doFilter(req, res); chain.doFilter(req, res); } else { chain.doFilter(req, res); chain.doFilter(req, res);
@Override public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String authStateValue, String returnUri) throws IOException, ServletException { CasUser casUser = (CasUser) request.getSession().getAttribute(PostCasAuthenticationFilter.POST_CAS_AUTHENTICATION_INFO); if (casUser == null) { String uri = request.getRequestURI(); String queryString = request.getQueryString(); request.getSession().setAttribute(PostCasAuthenticationFilter.REDIRECT_URL, uri + "?" + queryString); response.sendRedirect("/cas"); return; } else { AuthenticatedPrincipal principal = new AuthenticatedPrincipal(casUser.getUid()); principal.setAdminPrincipal(casUser.isAdmin); super.setPrincipal(request, principal); super.setAuthStateValue(request, authStateValue); chain.doFilter(request, response); } } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; if ("GET".equals(httpRequest.getMethod())) { String acceptEncoding = httpRequest.getHeader(HttpHeaders.ACCEPT_ENCODING); if (acceptEncoding == null) { chain.doFilter(addGzipAcceptEncoding(httpRequest), response); return; } if (!acceptEncoding.contains("gzip")) { ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE); return; } } chain.doFilter(request, response); }
@Override public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) baseRequest; HttpServletResponse response = (HttpServletResponse) baseResponse; boolean excludedRequestFound = false; if (excludedRequestPatterns != null && excludedRequestPatterns.size() > 0) { for (String pattern : excludedRequestPatterns) { RequestMatcher matcher = new AntPathRequestMatcher(pattern); if (matcher.matches(request)){ excludedRequestFound = true; break; } } } // We only validate CSRF tokens on POST if (request.getMethod().equals("POST") && !excludedRequestFound) { String requestToken = request.getParameter(exploitProtectionService.getCsrfTokenParameter()); try { exploitProtectionService.compareToken(requestToken); } catch (ServiceException e) { throw new ServletException(e); } } chain.doFilter(request, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { HttpServletRequest requestToUse = request; if ("POST".equals(request.getMethod()) && request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) == null) { String paramValue = request.getParameter(this.methodParam); if (StringUtils.hasLength(paramValue)) { String method = paramValue.toUpperCase(Locale.ENGLISH); if (ALLOWED_METHODS.contains(method)) { requestToUse = new HttpMethodRequestWrapper(request, method); } } } filterChain.doFilter(requestToUse, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { boolean reAuthenticationRequired = false; HashMap<String, String[]> requestParams = new HashMap<>(request.getParameterMap()); if ("login".equals(request.getParameter("prompt"))) { reAuthenticationRequired = true; requestParams.remove("prompt"); } if (request.getParameter("max_age") != null && SecurityContextHolder.getContext().getAuthentication() instanceof UaaAuthentication) { UaaAuthentication auth = (UaaAuthentication) SecurityContextHolder.getContext().getAuthentication(); if ((System.currentTimeMillis() - auth.getAuthenticatedTime()) > (Long.valueOf(request.getParameter("max_age"))*1000)) { reAuthenticationRequired = true; requestParams.remove("max_age"); } } if (reAuthenticationRequired) { request.getSession().invalidate(); sendRedirect(request.getRequestURL().toString(), requestParams, request, response); } else { filterChain.doFilter(request, response); } }
@WebFilter("/*") public class LoginFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); String loginURI = request.getContextPath() + "/login"; boolean loggedIn = session != null && session.getAttribute("user") != null; boolean loginRequest = request.getRequestURI().equals(loginURI); if (loggedIn || loginRequest) { chain.doFilter(request, response); } else { response.sendRedirect(loginURI); } } // ... }