@Override public ServletInputStream getInputStream() throws IOException { if (cachedBytes == null) { cacheInputStream(); } return new CachedServletInputStream(); }
@Override public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(getInputStream())); }
private boolean handlePOSTRequest(MultiReadHttpServletRequest multiReadRequest) throws ServletException { StringBuilder stringBuffer = new StringBuilder(); String line; try { BufferedReader reader = multiReadRequest.getReader(); while ((line = reader.readLine()) != null) { stringBuffer.append(line); } } catch (IOException e) { throw new ServletException("Error occurred while reading request body in shindig URL filter.", e); } return !isInvalidHostNamePresent(stringBuffer.toString()); }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (isEnabled) { HttpServletRequest httpRequest = (HttpServletRequest) request; if (httpRequest.getMethod().equalsIgnoreCase("POST")) { // MultiReadHttpServletRequest is used to read request data more than once. MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(httpRequest); if (handlePOSTRequest(multiReadRequest)) { chain.doFilter(multiReadRequest, response); } else { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized body parameter detected!"); } } else if (httpRequest.getMethod().equalsIgnoreCase("GET")) { if (!isInvalidHostNamePresent(URLDecoder.decode(httpRequest.getQueryString(), "UTF-8"))) { chain.doFilter(httpRequest, response); } else { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized query parameter detected!"); } } } else { chain.doFilter(request, response); } }