protected Action getAction(ContainerRequest request) { Action action; switch (request.getMethod()) { case "GET": case "HEAD": action = Action.READ; break; default: action = Action.WRITE; } return action; } }
@Override public String getMethod() { return acr.getMethod(); }
private void printRequestLine(StringBuilder b, ContainerRequest request) { prefixId(b).append(NOTIFICATION_PREFIX).append("Server in-bound request").append('\n'); prefixId(b).append(REQUEST_PREFIX).append(request.getMethod()).append(" "). append(request.getRequestUri().toASCIIString()).append('\n'); }
@Override public ContainerRequest filter(ContainerRequest request) { if (!METHODS_TO_IGNORE.contains(request.getMethod()) && !request.getRequestHeaders().containsKey(HEADER_NAME)) { throw new WebApplicationException(Status.BAD_REQUEST); } return request; } }
private ResponseBuilder evaluateIfModifiedSince(long lastModified) { String ifModifiedSinceHeader = getRequestHeaders().getFirst("If-Modified-Since"); if (ifModifiedSinceHeader == null) return null; final String httpMethod = getMethod(); if (httpMethod.equals("GET") || httpMethod.equals("HEAD")) { return evaluateIfModifiedSince( lastModified, ifModifiedSinceHeader); } else { return null; } }
private ResponseBuilder evaluateIfNoneMatch(EntityTag eTag) { Set<MatchingEntityTag> matchingTags = HttpHelper.getIfNoneMatch(this); if (matchingTags == null) return null; final String httpMethod = getMethod(); return evaluateIfNoneMatch( eTag, matchingTags, httpMethod.equals("GET") || httpMethod.equals("HEAD")); }
@Override public ContainerRequest filter(ContainerRequest request) { if (!request.getMethod().equalsIgnoreCase("POST")) { return request;
@Test public void testResourcesFilteringAccess() { setUpMockExpectations(requestPath, true, requestMethod); EasyMock.expect(request.getEntity(Task.class)).andReturn(noopTask).anyTimes(); // As request object is a strict mock the ordering of expected calls matters // therefore adding the expectation below again as getEntity is called before getMethod EasyMock.expect(request.getMethod()).andReturn(requestMethod).anyTimes(); EasyMock.replay(req, request, authorizerMapper); resourceFilter.getRequestFilter().filter(request); }
EasyMock.expect(request.getMethod()).andReturn(requestMethod).anyTimes(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).anyTimes();
void logXsrfFailureButNotBeingEnforced(ContainerRequest request, Logger logger) { final String key = request.getPath(); if (key != null && XSRF_NOT_ENFORCED_RESOURCE_CACHE.getIfPresent(key) == null) { logger.warn( "XSRF failure not being enforced for request: {} , origin: {} , referrer: {}, " + "method: {}", StringUtils.substringBefore(request.getRequestUri().toString(), "?"), request.getHeaderValue(CorsHeaders.ORIGIN.value()), getSanitisedReferrer(request), request.getMethod() ); XSRF_NOT_ENFORCED_RESOURCE_CACHE.put(key, Boolean.TRUE); } }
@Override public ContainerRequest filter(final ContainerRequest request) { log.debug("Applying dark feature filter to request {} {}", request.getMethod(), request.getRequestUri()); if (accessIsAllowed(abstractMethod) && accessIsAllowed(abstractMethod.getResource())) { log.debug("Dark feature check OK"); return request; } log.debug("Dark feature check failed. Refusing access to the resource."); throw new NotFoundException(request.getRequestUri()); }
public ContainerRequest filter(final ContainerRequest request) { if (!Methods.isMutative(request.getMethod()) || !isLikelyToBeFromBrowser(request)) { return request; } if (passesAdditionalBrowserChecks(request)) { return request; } else if (request.getMediaType() != null && isXsrfable(request.getMethod(), request.getMediaType()) ) { logXsrfFailureButNotBeingEnforced(request, log); return request; } throw new XsrfCheckFailedException(); }
private boolean passesAllXsrfChecks(final ContainerRequest request) { final HttpServletRequest httpRequest = getRequestOrNull(httpContext); final String method = httpRequest != null && httpRequest.getMethod() != null ? httpRequest.getMethod() : request.getMethod(); final boolean isMethodMutative = Methods.isMutative(method); final boolean isPostRequest = isPostRequest(method);
private void printRequestLine(StringBuilder b, ContainerRequest request) { prefixId(b).append(NOTIFICATION_PREFIX).append("Server in-bound request").append('\n'); prefixId(b).append(REQUEST_PREFIX).append(request.getMethod()).append(" "). append(request.getRequestUri().toASCIIString()).append('\n'); }
private ResponseBuilder evaluateIfNoneMatch(EntityTag eTag) { Set<MatchingEntityTag> matchingTags = HttpHelper.getIfNoneMatch(this); if (matchingTags == null) return null; final String httpMethod = getMethod(); return evaluateIfNoneMatch( eTag, matchingTags, httpMethod.equals("GET") || httpMethod.equals("HEAD")); }
@Override public ContainerRequest filter(ContainerRequest request) { if (!METHODS_TO_IGNORE.contains(request.getMethod()) && !request.getRequestHeaders().containsKey(HEADER_NAME)) { throw new WebApplicationException(Status.BAD_REQUEST); } return request; } }
public ContainerRequest filter(final ContainerRequest request) { if (request.getMethod().equals(HttpMethod.OPTIONS)) { String origin = extractOrigin(request); String targetMethod = request.getHeaderValue(CorsHeaders.ACCESS_CONTROL_REQUEST_METHOD.value()); if (targetMethod != null && origin != null) { request.setMethod(targetMethod); request.getProperties().put(CorsResourceFilter.CORS_PREFLIGHT_REQUESTED, "true"); } } return request; } }