/**
   * Handle an HTTP status code or Java exception by forwarding control to the location included in
   * the specified errorPage object. It is assumed that the caller has already recorded any request
   * attributes that are to be forwarded to this page. Return <code>true</code> if we successfully
   * utilized the specified error page location, or <code>false</code> if the default error report
   * should be rendered.
   *
   * @param request The request being processed
   * @param response The response being generated
   * @param errorPage The errorPage directive we are obeying
   */
  private boolean custom(Request request, Response response, ErrorPage errorPage) {

    if (container.getLogger().isDebugEnabled())
      container.getLogger().debug("Processing " + errorPage);

    try {
      // Forward control to the specified location
      ServletContext servletContext = request.getContext().getServletContext();
      RequestDispatcher rd = servletContext.getRequestDispatcher(errorPage.getLocation());

      if (response.isCommitted()) {
        // Response is committed - including the error page is the
        // best we can do
        rd.include(request.getRequest(), response.getResponse());
      } else {
        // Reset the response (keeping the real error code and message)
        response.resetBuffer(true);
        response.setContentLength(-1);

        rd.forward(request.getRequest(), response.getResponse());

        // If we forward, the response is suspended again
        response.setSuspended(false);
      }

      // Indicate that we have successfully processed this custom page
      return (true);

    } catch (Throwable t) {
      ExceptionUtils.handleThrowable(t);
      // Report our failure to process this custom page
      container.getLogger().error("Exception Processing " + errorPage, t);
      return (false);
    }
  }
 @Override
 public void lifecycleEvent(LifecycleEvent event) {
   if (Lifecycle.BEFORE_STOP_EVENT.equals(event.getType())) {
     // The container is getting stopped, close all current connections
     Iterator<Request> iterator = cometRequests.iterator();
     while (iterator.hasNext()) {
       Request request = iterator.next();
       // Remove the session tracking attribute as it isn't
       // serializable or required.
       HttpSession session = request.getSession(false);
       if (session != null) {
         session.removeAttribute(cometRequestsAttribute);
       }
       // Close the comet connection
       try {
         CometEventImpl cometEvent = request.getEvent();
         cometEvent.setEventType(CometEvent.EventType.END);
         cometEvent.setEventSubType(CometEvent.EventSubType.WEBAPP_RELOAD);
         getNext().event(request, request.getResponse(), cometEvent);
         cometEvent.close();
       } catch (Exception e) {
         container.getLogger().warn(sm.getString("cometConnectionManagerValve.event"), e);
       }
     }
     cometRequests.clear();
   }
 }
Esempio n. 3
0
  public void invoke(Request request, Response response) throws IOException, ServletException {

    try {

      if (!alreadySetLogbackStatusManager) {
        alreadySetLogbackStatusManager = true;
        org.apache.catalina.Context tomcatContext = request.getContext();
        if (tomcatContext != null) {
          ServletContext sc = tomcatContext.getServletContext();
          if (sc != null) {
            sc.setAttribute(AccessConstants.LOGBACK_STATUS_MANAGER_KEY, getStatusManager());
          }
        }
      }

      getNext().invoke(request, response);

      TomcatServerAdapter adapter = new TomcatServerAdapter(request, response);
      AccessEvent accessEvent = new AccessEvent(request, response, adapter);

      if (getFilterChainDecision(accessEvent) == FilterReply.DENY) {
        return;
      }

      // TODO better exception handling
      aai.appendLoopOnAppenders(accessEvent);
    } finally {
      request.removeAttribute(AccessConstants.LOGBACK_STATUS_MANAGER_KEY);
    }
  }
Esempio n. 4
0
  @Override
  public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)
      throws IOException {

    Principal principal = request.getUserPrincipal();
    if (principal != null) {
      log.info("User " + principal.getName() + " is already autenticated");
      return true;
    }

    Realm realm = request.getContext().getRealm();
    log.info("Authentication against " + realm.toString() + " realm: " + realm.getInfo());
    principal = realm.authenticate("user1", "password1");
    if (principal != null) {
      request.setUserPrincipal(principal);
      log.info("Authentication via custom valve authenticator");
      response.addHeader("valve", testparam);
      log.info(
          "Valve "
              + TestAuthenticator.class.getName()
              + " was hit and adding header parameter 'authenticated' with value "
              + testparam);
      return true;
    }
    log.warn("Login via global valve authenticator wasn't successfull");
    return false;
  }
Esempio n. 5
0
 public static void invokeRequest(Valve pipelineHead, Request request)
     throws ServletException, IOException {
   pipelineHead.invoke(request, request.getResponse());
   // StandardHostValve calls request.getSession(false) on way out, so we will too
   request.getSession(false);
   request.recycle();
 }
  /**
   * Register requests for tracking, whenever needed.
   *
   * @param request The servlet request to be processed
   * @param response The servlet response to be created
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  @Override
  public void invoke(Request request, Response response) throws IOException, ServletException {
    // Perform the request
    getNext().invoke(request, response);

    if (request.isComet() && !response.isClosed()) {
      // Start tracking this connection, since this is a
      // begin event, and Comet mode is on
      HttpSession session = request.getSession(true);

      // Track the connection for webapp reload
      cometRequests.add(request);

      // Track the connection for session expiration
      synchronized (session) {
        Request[] requests = (Request[]) session.getAttribute(cometRequestsAttribute);
        if (requests == null) {
          requests = new Request[1];
          requests[0] = request;
          session.setAttribute(cometRequestsAttribute, requests);
        } else {
          Request[] newRequests = new Request[requests.length + 1];
          for (int i = 0; i < requests.length; i++) {
            newRequests[i] = requests[i];
          }
          newRequests[requests.length] = request;
          session.setAttribute(cometRequestsAttribute, newRequests);
        }
      }
    }
  }
  @Test
  public final void testRequestFinishedShouldBeInvokedForIgnoredResources()
      throws IOException, ServletException {
    when(_request.getRequestedSessionId()).thenReturn("foo");
    when(_request.getRequestURI()).thenReturn("/pixel.gif");

    _sessionTrackerValve.invoke(_request, _response);

    verify(_service).requestFinished(eq("foo"), anyString());
  }
 /**
  * Send Cluster Replication Request
  *
  * @param request current request
  * @param manager session manager
  * @param cluster replication cluster
  */
 protected void sendSessionReplicationMessage(
     Request request, ClusterManager manager, CatalinaCluster cluster) {
   Session session = request.getSessionInternal(false);
   if (session != null) {
     String uri = request.getDecodedRequestURI();
     // request without session change
     if (!isRequestWithoutSessionChange(uri)) {
       if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.invoke.uri", uri));
       sendMessage(session, manager, cluster);
     } else if (doStatistics()) nrOfFilterRequests++;
   }
 }
  private void bz51881(CometEvent event) throws IOException {
    String[] tomcatVersion = config.getServletContext().getServerInfo().substring(14).split("\\.");
    String minorVersion = tomcatVersion[2];
    if (minorVersion.indexOf("-") != -1) {
      minorVersion = minorVersion.substring(0, minorVersion.indexOf("-"));
      if (Integer.valueOf(minorVersion) == 22) {
        minorVersion = "23";
      }
    }

    if (Integer.valueOf(tomcatVersion[0]) == 7 && Integer.valueOf(minorVersion) < 23) {
      logger.info(
          "Patching Tomcat 7.0.22 and lower bz51881. Expect NPE inside CoyoteAdapter, just ignore them. Upgrade to 7.0.23");
      try {
        RequestFacade request = RequestFacade.class.cast(event.getHttpServletRequest());
        Field coyoteRequest = RequestFacade.class.getDeclaredField("request");
        coyoteRequest.setAccessible(true);
        Request r = (Request) coyoteRequest.get(request);
        r.recycle();

        Field mappingData = Request.class.getDeclaredField("mappingData");
        mappingData.setAccessible(true);
        MappingData m = new MappingData();
        m.context = null;
        mappingData.set(r, m);
      } catch (Throwable t) {
        logger.trace("Was unable to recycle internal Tomcat object");
      } finally {
        try {
          event.close();
        } catch (IllegalStateException e) {
          logger.trace("", e);
        }
      }

      try {
        ResponseFacade response = ResponseFacade.class.cast(event.getHttpServletResponse());
        Field coyoteResponse = ResponseFacade.class.getDeclaredField("response");
        coyoteResponse.setAccessible(true);
        Response r = (Response) coyoteResponse.get(response);
        r.recycle();
      } catch (Throwable t) {
        logger.trace("Was unable to recycle internal Tomcat object");
      }
    } else {
      event.close();
    }
  }
    public boolean parse(Request request, String authorization) {
      // Validate the authorization credentials format
      if (authorization == null) {
        return false;
      }

      Map<String, String> directives;
      try {
        directives = Authorization.parseAuthorizationDigest(new StringReader(authorization));
      } catch (IOException e) {
        return false;
      }

      if (directives == null) {
        return false;
      }

      method = request.getMethod();
      userName = directives.get("username");
      realmName = directives.get("realm");
      nonce = directives.get("nonce");
      nc = directives.get("nc");
      cnonce = directives.get("cnonce");
      qop = directives.get("qop");
      uri = directives.get("uri");
      response = directives.get("response");
      opaqueReceived = directives.get("opaque");

      return true;
    }
  /**
   * Generate a unique token. The token is generated according to the following pattern. NOnceToken
   * = Base64 ( MD5 ( client-IP ":" time-stamp ":" private-key ) ).
   *
   * @param request HTTP Servlet request
   */
  protected String generateNonce(Request request) {

    long currentTime = System.currentTimeMillis();

    synchronized (lastTimestampLock) {
      if (currentTime > lastTimestamp) {
        lastTimestamp = currentTime;
      } else {
        currentTime = ++lastTimestamp;
      }
    }

    String ipTimeKey = request.getRemoteAddr() + ":" + currentTime + ":" + getKey();

    byte[] buffer =
        ConcurrentMessageDigest.digestMD5(ipTimeKey.getBytes(StandardCharsets.ISO_8859_1));
    String nonce = currentTime + ":" + MD5Encoder.encode(buffer);

    NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
    synchronized (nonces) {
      nonces.put(nonce, info);
    }

    return nonce;
  }
  public Object authorize(AbstractSecurityContext context) throws Exception {

    startAuthorization(context);

    HttpGraniteContext graniteContext = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = graniteContext.getRequest();
    Request request = getRequest(httpRequest);
    Session session = request.getSessionInternal();
    request.setAuthType(session.getAuthType());
    request.setUserPrincipal(session.getPrincipal());

    if (context.getDestination().isSecured()) {
      Principal principal = getPrincipal(httpRequest);
      if (principal == null) {
        if (httpRequest.getRequestedSessionId() != null) {
          HttpSession httpSession = httpRequest.getSession(false);
          if (httpSession == null
              || httpRequest.getRequestedSessionId().equals(httpSession.getId()))
            throw SecurityServiceException.newSessionExpiredException("Session expired");
        }
        throw SecurityServiceException.newNotLoggedInException("User not logged in");
      }

      Realm realm = getRealm(httpRequest);
      boolean accessDenied = true;
      for (String role : context.getDestination().getRoles()) {
        if (realm.hasRole(principal, role)) {
          accessDenied = false;
          break;
        }
      }
      if (accessDenied)
        throw SecurityServiceException.newAccessDeniedException("User not in required role");
    }

    try {
      return endAuthorization(context);
    } catch (InvocationTargetException e) {
      for (Throwable t = e; t != null; t = t.getCause()) {
        // Don't create a dependency to javax.ejb in SecurityService...
        if (t instanceof SecurityException
            || "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
          throw SecurityServiceException.newAccessDeniedException(t.getMessage());
      }
      throw e;
    }
  }
  @Test
  public final void testRequestUrlIgnorePatternIsUsedIfPrimaryMemcachedNodeIsOperational()
      throws IOException, ServletException {
    when(_memcachedNodesManager.isNodeAvailable(PRIMARY_NODE_IDENTIFIER)).thenReturn(true);
    when(_request.getRequestURI()).thenReturn("/pixel.gif");
    _sessionTrackerValve.invoke(_request, _response);

    verify(_request).setNote(REQUEST_IGNORED, Boolean.TRUE);
  }
 @Override
 public void addElement(
     StringBuilder buf, Date date, Request request, Response response, long time) {
   HttpSession session = null;
   if (request != null) {
     session = request.getSession(false);
     if (session != null) buf.append(wrap(session.getAttribute(attribute)));
   }
 }
  @Test
  public final void testChangeSessionIdForRelocatedSession() throws IOException, ServletException {

    final String sessionId = "bar";
    final String newSessionId = "newId";

    when(_request.getNote(eq(RequestTrackingHostValve.SESSION_ID_CHANGED)))
        .thenReturn(Boolean.TRUE);
    when(_request.getRequestedSessionId()).thenReturn(sessionId);

    final Cookie cookie = new Cookie(_sessionTrackerValve.getSessionCookieName(), newSessionId);
    setupGetResponseSetCookieHeadersExpectations(
        _response, new String[] {generateCookieString(cookie)});

    _sessionTrackerValve.invoke(_request, _response);

    verify(_service).backupSession(eq(newSessionId), eq(true), anyString());
  }
  @Test
  public final void testRequestUrlIgnorePatternIsSkippedIfPrimaryMemcachedNodeIsDown()
      throws IOException, ServletException {
    when(_memcachedNodesManager.isNodeAvailable(PRIMARY_NODE_IDENTIFIER)).thenReturn(false);
    when(_request.getRequestedSessionId()).thenReturn(SESSION_ID);
    _sessionTrackerValve.invoke(_request, _response);

    verify(_request).setNote(RequestTrackingHostValve.REQUEST_PROCESS, Boolean.TRUE);
  }
  @Test
  public final void testBackupSessionNotInvokedWhenNoSessionIdPresent()
      throws IOException, ServletException {
    when(_request.getRequestedSessionId()).thenReturn(null);
    when(_response.getHeader(eq("Set-Cookie"))).thenReturn(null);

    _sessionTrackerValve.invoke(_request, _response);

    verify(_service, never()).backupSession(anyString(), anyBoolean(), anyString());
  }
Esempio n. 18
0
  /**
   * Invoke the next Valve in the sequence. When the invoke returns, check the response state, and
   * output an error report is necessary.
   *
   * @param request The servlet request to be processed
   * @param response The servlet response to be created
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  @Override
  public void invoke(Request request, Response response) throws IOException, ServletException {

    // Perform the request
    getNext().invoke(request, response);

    if (response.isCommitted()) {
      return;
    }

    Throwable throwable = (Throwable) request.getAttribute(RequestDispatcher.ERROR_EXCEPTION);

    if (request.isAsyncStarted() && response.getStatus() < 400 && throwable == null) {
      return;
    }

    if (throwable != null) {

      // The response is an error
      response.setError();

      // Reset the response (if possible)
      try {
        response.reset();
      } catch (IllegalStateException e) {
        // Ignore
      }

      response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }

    response.setSuspended(false);

    try {
      report(request, response, throwable);
    } catch (Throwable tt) {
      ExceptionUtils.handleThrowable(tt);
    }

    if (request.isAsyncStarted()) {
      request.getAsyncContext().complete();
    }
  }
 /**
  * /** When we do GET call for WSDL/WADL, we do not want to authenticate/throttle the request.
  *
  * <p>TODO check logic
  *
  * @param request
  * @param response
  * @param compositeValve
  * @param context
  */
 private void handleWSDLGetRequest(
     Request request, Response response, CompositeValve compositeValve, String context) {
   if (request.getMethod().equals(Constants.Configuration.HTTP_METHOD_GET)) {
     // TODO:Need to get these paths from a config file.
     if (request.getRequestURI().matches(context + "/[^/]*/services")) {
       getNext().invoke(request, response, compositeValve);
       return;
     }
     Enumeration<String> params = request.getParameterNames();
     String paramName = null;
     while (params.hasMoreElements()) {
       paramName = params.nextElement();
       if (paramName.endsWith("wsdl") || paramName.endsWith("wadl")) {
         getNext().invoke(request, response, compositeValve);
         return;
       }
     }
   }
 }
  /* (non-Javadoc)
   * @see org.apache.catalina.valves.ValveBase#invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response)
   */
  public void invoke(Request request, Response response) throws IOException, ServletException {
    getNext().invoke(request, response);

    HttpServletRequest servletRequest = request.getRequest();
    HttpSession session = servletRequest.getSession(false);
    if (session != null) {
      String ip = IpInfo.getClientAddress(servletRequest);
      session.setAttribute(ApplicationSession.LAST_ACCESSED_BY_IP, ip);
    }
  }
 @Override
 public void addElement(
     StringBuilder buf, Date date, Request request, Response response, long time) {
   Cookie[] c = request.getCookies();
   for (int i = 0; c != null && i < c.length; i++) {
     if (name.equals(c[i].getName())) {
       buf.append(wrap(c[i].getValue()));
     }
   }
 }
  public void testGetSession() {
    String requestedSessionId = "REQUESTED_SESSION_ID";

    Context context = Mockito.mock(Context.class);

    CassandraTemplate template = new TestCassandraTemplate();
    template.setLogSessionsOnStartup(true);
    template.initialize(getClass().getClassLoader());

    CassandraManager manager = new HectorCassandraManager();
    manager.setCassandraTemplate(template);
    Mockito.when(context.getManager()).thenReturn(manager);
    Request request = new Request();
    request.setContext(context);
    // fake cookie sent a value
    request.setRequestedSessionId(requestedSessionId);
    HttpSession session = request.getSession();
    Assert.assertFalse(requestedSessionId.equals(session.getId()));
  }
  /**
   * Log the interesting request parameters, invoke the next Valve in the sequence, and log the
   * interesting response parameters.
   *
   * @param request The servlet request to be processed
   * @param response The servlet response to be created
   * @exception IOException if an input/output error occurs
   * @exception ServletException if a servlet error occurs
   */
  @Override
  public void invoke(Request request, Response response) throws IOException, ServletException {
    long totalstart = 0;

    // this happens before the request
    if (doStatistics()) {
      totalstart = System.currentTimeMillis();
    }
    if (primaryIndicator) {
      createPrimaryIndicator(request);
    }
    Context context = request.getContext();
    boolean isCrossContext =
        context != null
            && context instanceof StandardContext
            && ((StandardContext) context).getCrossContext();
    try {
      if (isCrossContext) {
        if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.add"));
        // FIXME add Pool of Arraylists
        crossContextSessions.set(new ArrayList<DeltaSession>());
      }
      getNext().invoke(request, response);
      if (context != null) {
        Manager manager = context.getManager();
        if (manager != null && manager instanceof ClusterManager) {
          ClusterManager clusterManager = (ClusterManager) manager;
          CatalinaCluster containerCluster = (CatalinaCluster) getContainer().getCluster();
          if (containerCluster == null) {
            if (log.isWarnEnabled()) log.warn(sm.getString("ReplicationValve.nocluster"));
            return;
          }
          // valve cluster can access manager - other cluster handle replication
          // at host level - hopefully!
          if (containerCluster.getManager(clusterManager.getName()) == null) return;
          if (containerCluster.hasMembers()) {
            sendReplicationMessage(
                request, totalstart, isCrossContext, clusterManager, containerCluster);
          } else {
            resetReplicationRequest(request, isCrossContext);
          }
        }
      }
    } finally {
      // Array must be remove: Current master request send endAccess at recycle.
      // Don't register this request session again!
      if (isCrossContext) {
        if (log.isDebugEnabled()) log.debug(sm.getString("ReplicationValve.crossContext.remove"));
        // crossContextSessions.remove() only exist at Java 5
        // register ArrayList at a pool
        crossContextSessions.set(null);
      }
    }
  }
Esempio n. 24
0
 public String mygetHeader(Request request, String header) {
   String strcert0 = request.getHeader(header);
   if (strcert0 == null) {
     return null;
   }
   /* mod_header writes "(null)" when the ssl variable is no filled */
   if ("(null)".equals(strcert0)) {
     return null;
   }
   return strcert0;
 }
Esempio n. 25
0
  protected void configureSessionCookie(Cookie cookie) {
    super.configureSessionCookie(cookie);

    String host = getServerName();

    String domain = _getDomain(host);

    if (domain != null) {
      cookie.setDomain(domain);
    }
  }
  @Test
  public final void testBackupSessionInvokedWhenResponseCookiePresent()
      throws IOException, ServletException {
    when(_request.getRequestedSessionId()).thenReturn(null);
    final Cookie cookie = new Cookie(_sessionTrackerValve.getSessionCookieName(), "foo");
    setupGetResponseSetCookieHeadersExpectations(
        _response, new String[] {generateCookieString(cookie)});
    _sessionTrackerValve.invoke(_request, _response);

    verify(_service).backupSession(eq("foo"), eq(false), anyString());
  }
  public void login(Object credentials) throws SecurityServiceException {
    String[] decoded = decodeBase64Credentials(credentials);

    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = context.getRequest();
    Realm realm = getRealm(httpRequest);

    Principal principal = realm.authenticate(decoded[0], decoded[1]);
    if (principal == null)
      throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");

    Request request = getRequest(httpRequest);
    request.setAuthType(AUTH_TYPE);
    request.setUserPrincipal(principal);

    Session session = request.getSessionInternal();
    session.setAuthType(AUTH_TYPE);
    session.setPrincipal(principal);
    session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
    session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
  }
Esempio n. 28
0
    @Override
    public void invoke(Request request, Response response) throws IOException, ServletException {

      CometEventImpl event = new CometEventImpl(request, response);

      getNext().invoke(request, response);

      if (request.isComet()) {
        Thread t = new AsyncCometCloseThread(event);
        t.start();
      }
    }
  /**
   * Handle the HTTP status code (and corresponding message) generated while processing the
   * specified Request to produce the specified Response. Any exceptions that occur during
   * generation of the error report are logged and swallowed.
   *
   * @param request The request being processed
   * @param response The response being generated
   */
  private void status(Request request, Response response) {

    int statusCode = response.getStatus();

    // Handle a custom error page for this status code
    Context context = request.getContext();
    if (context == null) return;

    /* Only look for error pages when isError() is set.
     * isError() is set when response.sendError() is invoked. This
     * allows custom error pages without relying on default from
     * web.xml.
     */
    if (!response.isError()) return;

    ErrorPage errorPage = context.findErrorPage(statusCode);
    if (errorPage == null) {
      // Look for a default error page
      errorPage = context.findErrorPage(0);
    }
    if (errorPage != null && response.setErrorReported()) {
      response.setAppCommitted(false);
      request.setAttribute(RequestDispatcher.ERROR_STATUS_CODE, Integer.valueOf(statusCode));

      String message = response.getMessage();
      if (message == null) message = "";
      request.setAttribute(RequestDispatcher.ERROR_MESSAGE, message);
      request.setAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR, errorPage.getLocation());
      request.setAttribute(Globals.DISPATCHER_TYPE_ATTR, DispatcherType.ERROR);

      Wrapper wrapper = request.getWrapper();
      if (wrapper != null)
        request.setAttribute(RequestDispatcher.ERROR_SERVLET_NAME, wrapper.getName());
      request.setAttribute(RequestDispatcher.ERROR_REQUEST_URI, request.getRequestURI());
      if (custom(request, response, errorPage)) {
        try {
          response.finishResponse();
        } catch (ClientAbortException e) {
          // Ignore
        } catch (IOException e) {
          container.getLogger().warn("Exception Processing " + errorPage, e);
        }
      }
    }
  }
Esempio n. 30
0
 public boolean checkCorsPreflight(Request request, Response response) {
   log.finer("checkCorsPreflight " + request.getRequestURI());
   if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
     log.finer("checkCorsPreflight: not options ");
     return false;
   }
   if (request.getHeader("Origin") == null) {
     log.finer("checkCorsPreflight: no origin header");
     return false;
   }
   log.finer("Preflight request returning");
   response.setStatus(HttpServletResponse.SC_OK);
   String origin = request.getHeader("Origin");
   response.setHeader("Access-Control-Allow-Origin", origin);
   response.setHeader("Access-Control-Allow-Credentials", "true");
   String requestMethods = request.getHeader("Access-Control-Request-Method");
   if (requestMethods != null) {
     if (deployment.getCorsAllowedMethods() != null) {
       requestMethods = deployment.getCorsAllowedMethods();
     }
     response.setHeader("Access-Control-Allow-Methods", requestMethods);
   }
   String allowHeaders = request.getHeader("Access-Control-Request-Headers");
   if (allowHeaders != null) {
     if (deployment.getCorsAllowedHeaders() != null) {
       allowHeaders = deployment.getCorsAllowedHeaders();
     }
     response.setHeader("Access-Control-Allow-Headers", allowHeaders);
   }
   if (deployment.getCorsMaxAge() > -1) {
     response.setHeader("Access-Control-Max-Age", Integer.toString(deployment.getCorsMaxAge()));
   }
   return true;
 }