public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (isEnabled) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equalsIgnoreCase("POST")) {
MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(httpRequest);
if (handlePOSTRequest(multiReadRequest)) {
chain.doFilter(multiReadRequest, response);
} else {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized body parameter detected!");
}
} else if (httpRequest.getMethod().equalsIgnoreCase("GET")) {
if (!isInvalidHostNamePresent(URLDecoder.decode(httpRequest.getQueryString(), "UTF-8"))) {
chain.doFilter(httpRequest, response);
} else {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized query parameter detected!");
}
}
} else {
chain.doFilter(request, response);
}
}