@Override public void invoke(Request request, Response response) throws IOException, ServletException { String sessionId = request.getRequestedSessionId(); Session session = request.getContext().getManager().findSession(sessionId); if (session != null) { if (!session.isValid()) { session.expire(); request.getContext().getManager().remove(session); } else { manager.add(session); session.access(); session.endAccess(); } } try { getNext().invoke(request, response); } finally { manager.store(request.getSession(false)); } }
protected static boolean isPostMethod(final Request request) { final String method = request.getMethod(); if ( method == null && _log.isDebugEnabled() ) { _log.debug("No method set for request " + request.getRequestURI() + (request.getQueryString() != null ? "?" + request.getQueryString() : "")); } return method != null ? method.toLowerCase().equals( "post" ) : false; }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { getNext().invoke(request, response); if (request.getSession(false) != null) { String ip = IpInfo.getClientAddress(request.getRequest()); // Explicit calls to ensure result not lost request.getSession(false).setAttribute(ApplicationSession.LAST_ACCESSED_BY_IP, ip); request.getSession(false).setAttribute(ApplicationSession.LAST_ACCESSED_LOCALE, request.getLocale()); } }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { Manager manager = request.getContext().getManager(); DeltaSessionFacade session = null; getNext().invoke(request, response); } finally { session = (DeltaSessionFacade) request.getSession(false); DeltaSessionManager dsm = ((DeltaSessionManager) manager); if (session != null) { dsm.removeTouchedSession(session.getId()); session.commit(); if (dsm.getTheContext().getLogger().isDebugEnabled()) { dsm.getTheContext().getLogger().debug(session + ": Committed."); if (dsm.getTheContext().getLogger().isDebugEnabled()) { dsm.getTheContext().getLogger().debug(session + ": Not valid so not committing.");
public void addElement(StringBuilder buf, Date date, Request request, Response response, long time) { buf.append(wrap(request.getContext().getServletContext() .getAttribute(attribute))); } }
private void forwardHosted(Request request, Response response) throws ServletException, IOException { logger.trace("SAML 1.1::Proceeding to IDP index page"); RequestDispatcher dispatch = getContext().getServletContext() .getRequestDispatcher(getIdpConfiguration().getHostedURI()); recycle(response); try { includeResource(request, response, dispatch); } catch (ClassCastException cce) { // JBAS5.1 and 6 quirkiness includeResource(request.getRequest(), response, dispatch); } }
/** * Called to forward to the error page * * @param request Request we are processing * @param response Response we are creating * @param config Login configuration describing how authentication * should be performed */ protected void forwardToErrorPage(Request request, Response response, LoginConfig config) { RequestDispatcher disp = context.getServletContext().getRequestDispatcher (config.getErrorPage()); try { disp.forward(request.getRequest(), response.getResponse()); } catch (Throwable t) { log.warn("Unexpected error forwarding to error page", t); } }
/** * get Cluster DeltaManager * * @param request current request * @return manager or null */ protected Manager getManager(Request request) { Manager manager = request.getContext().getManager(); if (log.isDebugEnabled()) { if(manager != null) log.debug(sm.getString("jvmRoute.foundManager", manager, request.getContext().getName())); else log.debug(sm.getString("jvmRoute.notFoundManager", request.getContext().getName())); } return manager; }
private void doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request request) { String username = req.getRemoteUser().toString(); if (username != null) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authenticate", username)); if (req.getRemoteUserNeedsAuthorization()) { Authenticator authenticator = request.getContext().getAuthenticator(); if (!(authenticator instanceof AuthenticatorBase)) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authorize", username)); request.setUserPrincipal( request.getContext().getRealm().authenticate(username)); request.setUserPrincipal(new CoyotePrincipal(username)); String authtype = req.getAuthType().toString(); if (authtype != null) { request.setAuthType(authtype);
@Override public AsyncContext startAsync(ServletRequest request, ServletResponse response) { if (!isAsyncSupported()) { IllegalStateException ise = new IllegalStateException(sm.getString("request.asyncNotSupported")); log.warn(sm.getString("coyoteRequest.noAsync", StringUtils.join(getNonAsyncClassNames())), ise); throw ise; } if (asyncContext == null) { asyncContext = new AsyncContextImpl(this); } asyncContext.setStarted(getContext(), request, response, request==getRequest() && response==getResponse().getResponse()); asyncContext.setTimeout(getConnector().getAsyncTimeout()); return asyncContext; }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { Context context = request.getContext(); if (context == null) { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, sm.getString("standardHost.noContext")); return; } Thread.currentThread().setContextClassLoader(context.getLoader().getClassLoader()); boolean processed = false; try { if (ignorePattern == null || !ignorePattern.matcher(request.getRequestURI()).matches()) { processed = true; if (log.isTraceEnabled()) { log.trace("Will save to redis after request for [" + getQueryString(request) + "]"); } } else { if (log.isTraceEnabled()) { log.trace("Ignoring [" + getQueryString(request) + "]"); } } getNext().invoke(request, response); } finally { manager.afterRequest(processed); } }
if(!_enabled.get() || !_msmContext.equals(request.getContext())) { getNext().invoke( request, response ); } else if ( _ignorePattern != null && _ignorePattern.matcher( requestId ).matches() ) { if(_log.isDebugEnabled()) { _log.debug( ">>>>>> Ignoring: " + requestId + " (requestedSessionId "+ request.getRequestedSessionId() +") ==================" ); request.setNote(REQUEST_IGNORED, Boolean.TRUE); getNext().invoke( request, response ); } finally { if(request.getNote(REQUEST_PROCESSED) == Boolean.TRUE) { final String sessionId = getSessionId(request, response); if(sessionId != null) { if(_log.isDebugEnabled()) { _log.debug( "<<<<<< Ignored: " + requestId + " ==================" ); request.setNote(REQUEST_PROCESS, Boolean.TRUE); if ( _log.isDebugEnabled() ) { _log.debug( ">>>>>> Request starting: " + requestId + " (requestedSessionId "+ request.getRequestedSessionId() +") ==================" ); getNext().invoke( request, response ); } finally { final Boolean sessionIdChanged = (Boolean) request.getNote(SESSION_ID_CHANGED); backupSession( request, response, sessionIdChanged == null ? false : sessionIdChanged.booleanValue() ); resetRequestThreadLocal();
/** * Reject the request that was denied by this valve. * <p>If <code>invalidAuthenticationWhenDeny</code> is true * and the context has <code>preemptiveAuthentication</code> * set, set an invalid authorization header to trigger basic auth. * * @param request The servlet request to be processed * @param response The servlet response to be processed * @exception IOException if an input/output error occurs * @exception ServletException if a servlet error occurs */ protected void denyRequest(Request request, Response response) throws IOException, ServletException { if (invalidAuthenticationWhenDeny) { Context context = request.getContext(); if (context != null && context.getPreemptiveAuthentication()) { if (request.getCoyoteRequest().getMimeHeaders().getValue("authorization") == null) { request.getCoyoteRequest().getMimeHeaders().addValue("authorization").setString("invalid"); } getNext().invoke(request, response); return; } } response.sendError(denyStatus); }
/** * {@inheritDoc} */ @Override public void login(String username, String password) throws ServletException { if (getAuthType() != null || getRemoteUser() != null || getUserPrincipal() != null) { throw new ServletException( sm.getString("coyoteRequest.alreadyAuthenticated")); } getContext().getAuthenticator().login(username, password, this); }
@BeforeMethod public void setUp() throws Exception { _service = mock( MemcachedSessionService.class ); _request = mock( Request.class ); _response = mock( Response.class ); final Context _contextContainer = mock(Context.class); final Host _hostContainer = mock(Host.class); final SessionManager _manager = mock(SessionManager.class); when(_service.getManager()).thenReturn(_manager); when(_manager.getContext()).thenReturn(_contextContainer); when(_contextContainer.getParent()).thenReturn(_hostContainer); when(_contextContainer.getPath()).thenReturn("/"); _sessionTrackerValve = createSessionTrackerValve(); _nextValve = mock( Valve.class ); _sessionTrackerValve.setNext( _nextValve ); _sessionTrackerValve.setContainer(_hostContainer); when(_request.getRequestURI()).thenReturn( "/someRequest"); when(_request.getMethod()).thenReturn("GET"); when(_request.getQueryString()).thenReturn(null); when(_request.getContext()).thenReturn(_contextContainer); when(_request.getNote(eq(RequestTrackingHostValve.REQUEST_PROCESSED))).thenReturn(Boolean.TRUE); when(_request.getNote(eq(RequestTrackingHostValve.SESSION_ID_CHANGED))).thenReturn(Boolean.FALSE); }
private JaspicState getJaspicState(AuthConfigProvider jaspicProvider, Request request, Response response, boolean authMandatory) throws IOException { JaspicState jaspicState = new JaspicState(); jaspicState.messageInfo = new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory); try { CallbackHandler callbackHandler = createCallbackHandler(); ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig( "HttpServlet", jaspicAppContextID, callbackHandler); String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo); jaspicState.serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null); } catch (AuthException e) { log.warn(sm.getString("authenticator.jaspicServerAuthContextFail"), e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return null; } return jaspicState; }
@Override protected void completeBearerAuthentication(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal, String method) { RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext(); Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext); if (log.isLoggable(Level.FINE)) { log.fine("Completing bearer authentication. Bearer roles: " + roles); } Principal generalPrincipal = principalFactory.createPrincipal(request.getContext().getRealm(), principal, roles); request.setUserPrincipal(generalPrincipal); request.setAuthType(method); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { // Get the Manager Manager manager = request.getContext().getManager(); // If it is an AbstractManager, handle possible failover if (manager instanceof DeltaSessionManager) { DeltaSessionManager absMgr = (DeltaSessionManager) manager; String localJvmRoute = absMgr.getJvmRoute(); if (localJvmRoute != null) { handlePossibleFailover(request, absMgr, localJvmRoute); } } // Invoke the next Valve getNext().invoke(request, response); }
@Override public void fireOnComplete() { List<AsyncListenerWrapper> listenersCopy = new ArrayList<>(); listenersCopy.addAll(listeners); ClassLoader oldCL = context.bind(Globals.IS_SECURITY_ENABLED, null); try { for (AsyncListenerWrapper listener : listenersCopy) { try { listener.fireOnComplete(event); } catch (Throwable t) { ExceptionUtils.handleThrowable(t); log.warn(sm.getString("asyncContextImpl.onCompleteError", listener.getClass().getName()), t); } } } finally { context.fireRequestDestroyEvent(request.getRequest()); clearServletRequestResponse(); context.unbind(Globals.IS_SECURITY_ENABLED, oldCL); } }
@Override public void invoke(final Request request, final Response response) throws IOException, ServletException { if (isAllowed(request.getRequest().getRemoteAddr())) { getNext().invoke(request, response); } else { response.sendError(HttpServletResponse.SC_FORBIDDEN); } }