@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
/** * Define a filter for a context and set up default url mappings. */ public static void defineFilter(ServletContextHandler ctx, String name, String classname, Map<String,String> parameters, String[] urls) { FilterHolder filterHolder = getFilterHolder(name, classname, parameters); FilterMapping fmap = getFilterMapping(name, urls); defineFilter(ctx, filterHolder, fmap); }
@Override public void init(FilterConfig config) throws ServletException { this.config = config; initHttpHeaderMap(); }
/** * Unquote the name and quote the value. */ @Override public String getParameter(String name) { return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter (HtmlQuoting.unquoteHtmlChars(name))); }
/** * Add default servlets. */ protected void addDefaultServlets() { // set up default servlets addServlet("stacks", "/stacks", StackServlet.class); addServlet("logLevel", "/logLevel", LogLevel.Servlet.class); addServlet("jmx", "/jmx", JMXJsonServlet.class); addServlet("conf", "/conf", ConfServlet.class); }
public static Policy fromString(String value) { for (Policy p : VALUES) { if (p.name().equalsIgnoreCase(value)) { return p; } } return null; }
private static void setHttpPolicyInJHS(String policy) { XLearningWebAppUtil.httpPolicyInJHS = Policy.fromString(policy); }
/** * Add a servlet in the server. * @param name The name of the servlet (can be passed as null) * @param pathSpec The path spec for the servlet * @param clazz The servlet class */ public void addServlet(String name, String pathSpec, Class<? extends HttpServlet> clazz) { addInternalServlet(name, pathSpec, clazz, false); addFilterPathMapping(pathSpec, webAppContext); }
@Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Do the authorization if (HttpServer2.hasAdministratorAccess(getServletContext(), request, response)) { // Authorization is done. Just call super. super.doGet(request, response); } } }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(StandardCharsets.UTF_8); return needsQuoting(bytes, 0 , bytes.length); }
/** * Add an internal servlet in the server. * Note: This method is to be used for adding servlets that facilitate * internal communication and not for user facing functionality. For * servlets added using this method, filters are not enabled. * * @param name The name of the servlet (can be passed as null) * @param pathSpec The path spec for the servlet * @param clazz The servlet class */ public void addInternalServlet(String name, String pathSpec, Class<? extends HttpServlet> clazz) { addInternalServlet(name, pathSpec, clazz, false); }
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request, HttpServletResponse response) throws IOException { return HttpServer2.isInstrumentationAccessAllowed(getServletContext(), request, response); }
private static SignerSecretProvider constructSecretProvider(final Builder b, ServletContext ctx) throws Exception { final Configuration conf = b.conf; Properties config = getFilterProperties(conf, b.authFilterConfigurationPrefix); return AuthenticationFilter.constructSecretProvider( ctx, config, b.disallowFallbackToRandomSignerSecretProvider); }
private Map<String, String> setHeaders(Configuration conf) { Map<String, String> xFrameParams = new HashMap<>(); Map<String, String> headerConfigMap = conf.getValByRegex(HTTP_HEADER_REGEX); xFrameParams.putAll(getDefaultHeaders()); if(this.xFrameOptionIsEnabled) { xFrameParams.put(HTTP_HEADER_PREFIX+X_FRAME_OPTIONS, this.xFrameOption.toString()); } xFrameParams.putAll(headerConfigMap); return xFrameParams; }
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
@Override public void write(byte[] data, int off, int len) throws IOException { quoteHtmlChars(out, data, off, len); }
private static void setHttpPolicyInYARN(String policy) { XLearningWebAppUtil.httpPolicyInYarn = Policy.fromString(policy); }
public static void main(String[] args) throws Exception { for(String arg:args) { System.out.println("Original: " + arg); String quoted = quoteHtmlChars(arg); System.out.println("Quoted: "+ quoted); String unquoted = unquoteHtmlChars(quoted); System.out.println("Unquoted: " + unquoted); System.out.println(); } } }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }