boolean continueChain = preHandle(request, response); if (log.isTraceEnabled()) { log.trace("Invoked preHandle method. Continuing chain?: [" + continueChain + "]"); executeChain(request, response, chain); postHandle(request, response); if (log.isTraceEnabled()) { log.trace("Successfully invoked postHandle method"); exception = e; } finally { cleanup(request, response, exception);
Exception exception = existing; try { afterCompletion(request, response, exception); if (log.isTraceEnabled()) { log.trace("Successfully invoked afterCompletion method.");
@Override protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException { Exception exception = existing; if (exception != null) { Throwable unexpectedException = getUnexpectedException(existing); Logger logger = LoggerFactory.getLogger(ExceptionFilter.class); logger.error(exception.getCause().getMessage(), exception.getCause()); Boolean sessionCreationEnabled = (Boolean) request.getAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED); if (sessionCreationEnabled != null && !sessionCreationEnabled) { // We assume we are in a REST/JAX_RS call and thus return JSON HttpServletResponse servletResponse = (HttpServletResponse) response; servletResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); String code = unexpectedException == null ? "OCT-001" : "OCT-002"; ErrorInfo info = new ErrorInfo(code, exception.getMessage()); servletResponse.getWriter().print(info.toJSON()); exception = null; } else { // Since we are in a finally block, this exception takes over and thus erasing all information we have about stacktraces // OWASP A6 throw new OctopusUnexpectedException("Something went wrong"); } } super.cleanup(request, response, null); }
@Override protected void executeChain(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws Exception { ServletResponse wrappedResponse = response; if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) { HttpSession session = ((HttpServletRequest) request).getSession(false); CsrfGuard csrfGuard = CsrfGuard.getInstance(); if (session != null && session.getAttribute(csrfGuard.getSessionKey()) != null) { wrappedResponse = new InterceptRedirectResponse( (HttpServletResponse) response, (HttpServletRequest) request, csrfGuard ); } } super.executeChain(request, wrappedResponse, chain); }