/** * Convenience method for subclasses to use when a login redirect is required. * <p/> * This implementation simply calls {@link #saveRequest(javax.servlet.ServletRequest) saveRequest(request)} * and then {@link #redirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) redirectToLogin(request,response)}. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @throws IOException if an error occurs. */ protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException { saveRequest(request); redirectToLogin(request, response); }
/** * Returns <code>true</code> if * {@link #isAccessAllowed(ServletRequest,ServletResponse,Object) isAccessAllowed(Request,Response,Object)}, * otherwise returns the result of * {@link #onAccessDenied(ServletRequest,ServletResponse,Object) onAccessDenied(Request,Response,Object)}. * * @return <code>true</code> if * {@link #isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed}, * otherwise returns the result of * {@link #onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) onAccessDenied}. * @throws Exception if an error occurs. */ public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue); }
/** * Returns <code>true</code> if the incoming request is a login request, <code>false</code> otherwise. * <p/> * The default implementation merely returns <code>true</code> if the incoming request matches the configured * {@link #getLoginUrl() loginUrl} by calling * <code>{@link #pathsMatch(String, String) pathsMatch(loginUrl, request)}</code>. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @return <code>true</code> if the incoming request is a login request, <code>false</code> otherwise. */ protected boolean isLoginRequest(ServletRequest request, ServletResponse response) { return pathsMatch(getLoginUrl(), request); }
private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = getLoginUrl(); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }
@Override protected T postProcess(T filter) { for (Map.Entry<String, String> pathConfig : this.pathConfigs.entrySet()) { filter.processPathConfig(pathConfig.getKey(), pathConfig.getValue()); } return filter; } }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute("jcaptchaEbabled", jcaptchaEbabled); return super.onPreHandle(request, response, mappedValue); }
/** * Simple method to abstract out logic from the preHandle implementation - it was getting a bit unruly. * * @since 1.2 */ @SuppressWarnings({"JavaDoc"}) private boolean isFilterChainContinued(ServletRequest request, ServletResponse response, String path, Object pathConfig) throws Exception { if (isEnabled(request, response, path, pathConfig)) { //isEnabled check added in 1.2 if (log.isTraceEnabled()) { log.trace("Filter '{}' is enabled for the current request under path '{}' with config [{}]. " + "Delegating to subclass implementation for 'onPreHandle' check.", new Object[]{getName(), path, pathConfig}); } //The filter is enabled for this specific request, so delegate to subclass implementations //so they can decide if the request should continue through the chain or not: return onPreHandle(request, response, pathConfig); } if (log.isTraceEnabled()) { log.trace("Filter '{}' is disabled for the current request under path '{}' with config [{}]. " + "The next element in the FilterChain will be called immediately.", new Object[]{getName(), path, pathConfig}); } //This filter is disabled for this specific request, //return 'true' immediately to indicate that the filter will not process the request //and let the request/response to continue through the filter chain: return true; }
/** * Convenience method for subclasses that merely acquires the {@link #getLoginUrl() getLoginUrl} and redirects * the request to that url. * <p/> * <b>N.B.</b> If you want to issue a redirect with the intention of allowing the user to then return to their * originally requested URL, don't use this method directly. Instead you should call * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) * saveRequestAndRedirectToLogin(request,response)}, which will save the current request state so that it can * be reconstructed and re-used after a successful login. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @throws IOException if an error occurs. */ protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { String loginUrl = getLoginUrl(); WebUtils.issueRedirect(request, response, loginUrl); }
/** * Returns <code>true</code> if the incoming <code>request</code> matches the specified <code>path</code> pattern, * <code>false</code> otherwise. * <p/> * The default implementation acquires the <code>request</code>'s path within the application and determines * if that matches: * <p/> * <code>String requestURI = {@link #getPathWithinApplication(javax.servlet.ServletRequest) getPathWithinApplication(request)};<br/> * return {@link #pathsMatch(String, String) pathsMatch(path,requestURI)}</code> * * @param path the configured url pattern to check the incoming request against. * @param request the incoming ServletRequest * @return <code>true</code> if the incoming <code>request</code> matches the specified <code>path</code> pattern, * <code>false</code> otherwise. */ protected boolean pathsMatch(String path, ServletRequest request) { String requestURI = getPathWithinApplication(request); log.trace("Attempting to match pattern '{}' with current requestURI '{}'...", path, requestURI); return pathsMatch(path, requestURI); }
if (pathsMatch(path, request)) { log.trace("Current requestURI matches pattern '{}'. Determining filter chain execution...", path); Object config = this.appliedPaths.get(path); return isFilterChainContinued(request, response, path, config);
/** * Processes requests where the subject was denied access as determined by the * {@link #isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed} * method, retaining the {@code mappedValue} that was used during configuration. * <p/> * This method immediately delegates to {@link #onAccessDenied(ServletRequest,ServletResponse)} as a * convenience in that most post-denial behavior does not need the mapped config again. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @param mappedValue the config specified for the filter in the matching request's filter chain. * @return <code>true</code> if the request should continue to be processed; false if the subclass will * handle/render the response directly. * @throws Exception if there is an error processing the request. * @since 1.0 */ protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return onAccessDenied(request, response); }
/** * Path-matching version of the parent class's * {@link #isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse)} method, but additionally allows * for inspection of any path-specific configuration values corresponding to the specified request. Subclasses * may wish to inspect this additional mapped configuration to determine if the filter is enabled or not. * <p/> * This method's default implementation ignores the {@code path} and {@code mappedValue} arguments and merely * returns the value from a call to {@link #isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse)}. * It is expected that subclasses override this method if they need to perform enable/disable logic for a specific * request based on any path-specific config for the filter instance. * * @param request the incoming servlet request * @param response the outbound servlet response * @param path the path matched for the incoming servlet request that has been configured with the given {@code mappedValue}. * @param mappedValue the filter-specific config value mapped to this filter in the URL rules mappings for the given {@code path}. * @return {@code true} if this filter should filter the specified request, {@code false} if it should let the * request/response pass through immediately to the next element in the {@code FilterChain}. * @throws Exception in the case of any error * @since 1.2 */ @SuppressWarnings({"UnusedParameters"}) protected boolean isEnabled(ServletRequest request, ServletResponse response, String path, Object mappedValue) throws Exception { return isEnabled(request, response); } }
protected void applyChainConfig(String chainName, Filter filter, String chainSpecificFilterConfig) { if (log.isDebugEnabled()) { log.debug("Attempting to apply path [" + chainName + "] to filter [" + filter + "] " + "with config [" + chainSpecificFilterConfig + "]"); } if (filter instanceof PathConfigProcessor) { ((PathConfigProcessor) filter).processPathConfig(chainName, chainSpecificFilterConfig); } else { if (StringUtils.hasText(chainSpecificFilterConfig)) { //they specified a filter configuration, but the Filter doesn't implement PathConfigProcessor //this is an erroneous config: String msg = "chainSpecificFilterConfig was specified, but the underlying " + "Filter instance is not an 'instanceof' " + PathConfigProcessor.class.getName() + ". This is required if the filter is to accept " + "chain-specific configuration."; throw new ConfigurationException(msg); } } }
private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = getLoginUrl(); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }
@Test public void testPostProcess() { PathMatchingFilter filter = createMock(PathMatchingFilter.class); expect(filter.processPathConfig("/1", "first")).andReturn(filter); expect(filter.processPathConfig("/2", "second")).andReturn(filter); replay(filter); Map<String, String> pathConfigMap = new HashMap<String, String>(); pathConfigMap.put("/1", "first"); pathConfigMap.put("/2", "second"); PathMatchingFilterProvider underTest = new PathMatchingFilterProvider(Key.get(PathMatchingFilter.class), pathConfigMap); underTest.postProcess(filter); verify(filter); }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute("jcaptchaEbabled", jcaptchaEbabled); return super.onPreHandle(request, response, mappedValue); }
private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = GojaConfig.getProperty("security.loginUrl", "/login"); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }
@Override protected T postProcess(T filter) { for (Map.Entry<String, String> pathConfig : this.pathConfigs.entrySet()) { filter.processPathConfig(pathConfig.getKey(), pathConfig.getValue()); } return filter; } }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute(ShiroConstants.CURRENT_ENABLED, captchaEnabled); request.setAttribute(ShiroConstants.CURRENT_TYPE, captchaType); return super.onPreHandle(request, response, mappedValue); }
@Override public Filter processPathConfig(String path, String config) { Filter result = super.processPathConfig(path, config); String[] configValues = (String[]) appliedPaths.get(path); if (configValues.length != 1) { throw new OctopusConfigurationException(String.format("Configuration of Rate limit filter on path %s is wrong (%s)", path, config)); } rateLimiters.put(path, rateLimitConfig.createRateLimiter(configValues[0])); return result; }