@Override public void filter(ContainerRequestContext context) throws IOException { logHttpHeaders(context.getHeaders()); }
@Override public void filter(ContainerRequestContext context) throws IOException { logHttpHeaders(context.getHeaders()); }
@Override public List<String> getHeaderValues(String name) { return context.getHeaders().get(name); }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { // Add no-cache to XMLHttpRequests, to avoid browsers caching results String requestedWith = requestContext.getHeaders().getFirst("X-Requested-With"); if ("XMLHttpRequest".equals(requestedWith)) { responseContext.getHeaders().add("Cache-Control", "no-cache"); } } }
@Override public void filter(ContainerRequestContext rc) { String maybeType = rc.getUriInfo().getQueryParameters().getFirst("type"); if (maybeType != null && maybeType.equals("gpx")) { rc.getHeaders().putSingle(HttpHeaders.ACCEPT, "application/gpx+xml"); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { final BasicCredentials credentials = getCredentials(requestContext.getHeaders().getFirst(HttpHeaders.AUTHORIZATION)); if (!authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH)) { throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm)); } }
@Override public void filter(final ContainerRequestContext requestContext) throws IOException { String credentials = getCredentials(requestContext.getHeaders().getFirst(HttpHeaders.AUTHORIZATION)); // If Authorization header is not used, check query parameter where token can be passed as well if (credentials == null) { credentials = requestContext.getUriInfo().getQueryParameters().getFirst(OAUTH_ACCESS_TOKEN_PARAM); } if (!authenticate(requestContext, credentials, SecurityContext.BASIC_AUTH)) { throw new WebApplicationException(unauthorizedHandler.buildResponse(prefix, realm)); } }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { // answer OPTIONS requests early so we don't have jersey produce WADL responses for them (we only use them for CORS preflight) if ("options".equalsIgnoreCase(requestContext.getRequest().getMethod())) { final Response.ResponseBuilder options = Response.noContent(); String origin = requestContext.getHeaders().getFirst("Origin"); if (origin != null && !origin.isEmpty()) { options.header("Access-Control-Allow-Origin", origin); options.header("Access-Control-Allow-Credentials", true); options.header("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By"); options.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // In order to avoid redoing the preflight thingy for every request, see http://stackoverflow.com/a/12021982/1088469 options.header("Access-Control-Max-Age", "600"); // 10 minutes seems to be the maximum allowable value requestContext.abortWith(options.build()); } } } }
@Override public void filter(ContainerRequestContext rc) throws IOException { if (!METHODS_TO_IGNORE.contains(rc.getMethod()) && !rc.getHeaders().containsKey(HEADER_NAME)) { throw new BadRequestException(); } } }
@Override public void filter(ContainerRequestContext rc) throws IOException { if (!METHODS_TO_IGNORE.contains(rc.getMethod()) && !rc.getHeaders().containsKey(HEADER_NAME)) { throw new BadRequestException(); } } }
@Override public void filter(ContainerRequestContext rc) throws IOException { try { // Backward compatibility for Sidecars < 0.1.7 if (!rc.getHeaders().containsKey("X-Graylog-Collector-Version")) { super.filter(rc); } } catch (BadRequestException badRequestException) { throw new BadRequestException( "CSRF protection header is missing. Please add a \"" + HEADER_NAME + "\" header to your request.", badRequestException ); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { // we have already added the necessary headers for OPTIONS requests below if ("options".equalsIgnoreCase(requestContext.getRequest().getMethod())) { if(Response.Status.Family.familyOf(responseContext.getStatus()) == Response.Status.Family.SUCCESSFUL) { return; } responseContext.setStatus(Response.Status.NO_CONTENT.getStatusCode()); responseContext.setEntity(""); } String origin = requestContext.getHeaders().getFirst("Origin"); if (origin != null && !origin.isEmpty()) { responseContext.getHeaders().add("Access-Control-Allow-Origin", origin); responseContext.getHeaders().add("Access-Control-Allow-Credentials", true); responseContext.getHeaders().add("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By"); responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // In order to avoid redoing the preflight thingy for every request, see http://stackoverflow.com/a/12021982/1088469 responseContext.getHeaders().add("Access-Control-Max-Age", "600"); // 10 minutes seems to be the maximum allowable value } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { final Response.StatusType responseStatus = responseContext.getStatusInfo(); final String requestPath = requestContext.getUriInfo().getAbsolutePath().getPath(); final List<MediaType> acceptableMediaTypes = requestContext.getAcceptableMediaTypes(); final boolean acceptsHtml = acceptableMediaTypes.stream() .anyMatch(mediaType -> mediaType.isCompatible(MediaType.TEXT_HTML_TYPE) || mediaType.isCompatible(MediaType.APPLICATION_XHTML_XML_TYPE)); final boolean isGetRequest = "get".equalsIgnoreCase(requestContext.getMethod()); if (isGetRequest && responseStatus == Response.Status.NOT_FOUND && acceptsHtml && !requestPath.startsWith("/" + HttpConfiguration.PATH_API)) { final String entity = indexHtmlGenerator.get(requestContext.getHeaders()); responseContext.setStatusInfo(Response.Status.OK); responseContext.setEntity(entity, new Annotation[0], MediaType.TEXT_HTML_TYPE); responseContext.getHeaders().putSingle("X-UA-Compatible", "IE=edge"); } } }
@Override public void filter(final ContainerRequestContext context) throws IOException { final long id = aid.incrementAndGet(); final StringBuilder b = new StringBuilder(); printRequestLine(b, "Server has received a request", id, context.getMethod(), context.getUriInfo() .getRequestUri()); printPrefixedHeaders(b, id, REQUEST_PREFIX, context.getHeaders()); if (printEntity && context.hasEntity()) { context.setEntityStream(logInboundEntity(b, context.getEntityStream())); } log(b); }
@Override public void filter(ContainerRequestContext requestContext) throws IOException { final boolean secure = requestContext.getSecurityContext().isSecure(); final MultivaluedMap<String, String> headers = requestContext.getHeaders(); final Request grizzlyRequest = grizzlyRequestProvider.get();
final String header = getParamValue(Source.HEADER, request.getHeaders(), "X-HTTP-Method-Override"); final String query = getParamValue(Source.QUERY, request.getUriInfo().getQueryParameters(), "_method");
@Override public void filter(final ContainerRequestContext context) throws IOException { if (!logger.isLoggable(level)) { return; } final long id = _id.incrementAndGet(); context.setProperty(LOGGING_ID_PROPERTY, id); final StringBuilder b = new StringBuilder(); printRequestLine(b, "Server has received a request", id, context.getMethod(), context.getUriInfo().getRequestUri()); printPrefixedHeaders(b, id, REQUEST_PREFIX, context.getHeaders()); if (context.hasEntity() && printEntity(verbosity, context.getMediaType())) { context.setEntityStream( logInboundEntity(b, context.getEntityStream(), MessageUtils.getCharset(context.getMediaType()))); } log(b); }
@Override public void filter(final ContainerRequestContext context) throws IOException { if (!logger.isLoggable(level)) { return; } final long id = _id.incrementAndGet(); context.setProperty(LOGGING_ID_PROPERTY, id); final StringBuilder b = new StringBuilder(); printRequestLine(b, "Server has received a request", id, context.getMethod(), context.getUriInfo().getRequestUri()); printPrefixedHeaders(b, id, REQUEST_PREFIX, context.getHeaders()); if (context.hasEntity() && printEntity(verbosity, context.getMediaType())) { context.setEntityStream( logInboundEntity(b, context.getEntityStream(), MessageUtils.getCharset(context.getMediaType()))); } log(b); }
@Override protected FilterContext initRequestFiltering(ContainerRequestContext requestContext) { FilterContext context = new FilterContext(); Method definitionMethod = getDefinitionMethod(requestContext); if (definitionMethod == null) { // this will end in 404, just let it on context.setShouldFinish(true); return context; } context.setMethodSecurity(getMethodSecurity(definitionMethod)); context.setResourceName(definitionMethod.getDeclaringClass().getSimpleName()); context.setMethod(requestContext.getMethod()); context.setHeaders(HttpUtil.toSimpleMap(requestContext.getHeaders())); context.setTargetUri(requestContext.getUriInfo().getRequestUri()); context.setResourcePath(context.getTargetUri().getPath()); context.setJerseyRequest((ContainerRequest) requestContext); // now extract headers featureConfig().getQueryParamHandlers() .forEach(handler -> handler.extract(uriInfo, context.getHeaders())); return context; }
@Override protected SecurityFilter.FilterContext initRequestFiltering(ContainerRequestContext requestContext) { SecurityFilter.FilterContext context = new SecurityFilter.FilterContext(); // this is a pre-matching filter, so no method or class security SecurityDefinition methodDef = new SecurityDefinition(false); methodDef.requiresAuthentication(true); methodDef.setRequiresAuthorization(featureConfig().shouldUsePrematchingAuthorization()); context.setMethodSecurity(methodDef); context.setResourceName("jax-rs"); context.setMethod(requestContext.getMethod()); context.setHeaders(HttpUtil.toSimpleMap(requestContext.getHeaders())); context.setTargetUri(requestContext.getUriInfo().getRequestUri()); context.setResourcePath(context.getTargetUri().getPath()); context.setJerseyRequest((ContainerRequest) requestContext); // now extract headers featureConfig().getQueryParamHandlers() .forEach(handler -> handler.extract(uriInfo, context.getHeaders())); return context; }