@Override public void doFilter( @Nonnull ServletRequest request, @Nonnull ServletResponse response, @Nonnull FilterChain chain) throws IOException, ServletException { final StopWatch stopWatch = new StopWatch(); request.setAttribute(CURRENT_REQUEST_STOP_WATCH_ATTRIBUTE_NAME, stopWatch); final ScopeMapping globalMapping = _patternToMapping.get(null); final ScopeMapping specificMapping = request instanceof HttpServletRequest ? getMappingFor(((HttpServletRequest) request).getRequestURI()) : null; try { chain.doFilter(request, response); } finally { request.removeAttribute(CURRENT_REQUEST_STOP_WATCH_ATTRIBUTE_NAME); final Duration duration = stopWatch.getCurrentDuration(); final ServletHealthInterceptor interceptor = _interceptor; if (interceptor == null || interceptor.isRecordAllowed(request, globalMapping, specificMapping)) { globalMapping.record(null, duration); if (specificMapping != null) { final String targetName = interceptor != null ? interceptor.getSpecificTargetName(request, specificMapping) : null; specificMapping.record(targetName, duration); } } } }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; // Skip oauth for local connections if (!"127.0.0.1".equals(servletRequest.getRemoteAddr())) { // Read the OAuth parameters from the request OAuthServletRequest request = new OAuthServletRequest(httpRequest); OAuthParameters params = new OAuthParameters(); params.readRequest(request); String consumerKey = params.getConsumerKey(); // Set the secret(s), against which we will verify the request OAuthSecrets secrets = new OAuthSecrets(); secrets.setConsumerSecret(m_tokenStore.getToken(consumerKey)); // Check that the timestamp has not expired String timestampStr = params.getTimestamp(); if (timestampStr == null) { logger.warn("Missing OAuth headers"); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing OAuth headers"); return; } long msgTime = Util.parseLong(timestampStr) * 1000L; // Message time is in seconds long currentTime = System.currentTimeMillis(); // if the message is older than 5 min it is no good if (Math.abs(msgTime - currentTime) > 300000) { logger.warn( "OAuth message time out, msg time: " + msgTime + " current time: " + currentTime); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Message expired"); return; } // Verify the signature try { if (!OAuthSignature.verify(request, params, secrets)) { logger.warn("Invalid OAuth signature"); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid OAuth signature"); return; } } catch (OAuthSignatureException e) { logger.warn("OAuth exception", e); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid OAuth request"); return; } } filterChain.doFilter(servletRequest, servletResponse); }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final long startTime = System.currentTimeMillis(); PerformanceFilterResponse filterResponse = new PerformanceFilterResponse((HttpServletResponse) response); chain.doFilter(request, filterResponse); try { processResponse(request, filterResponse, startTime); } catch (Throwable t) { Log logger = LogFactory.getLog(PerformanceMeasurementFilter.class); logger.error(t.getMessage(), t); } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String userAddy = request.getRemoteHost(); filterConf.getServletContext().log("Vistor User IP: " + userAddy); /* // Get the IP address of client machine. String ipAddress = request.getRemoteAddr(); // Log the IP address and current timestamp. System.out.println("IP "+ ipAddress + ", Time " + new Date().toString()); */ chain.doFilter(request, response); }
public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpSession session = null; // HttpSession session = ((HttpServletRequest) servletRequest).getSession(true); // if (servletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY) == null) // session.setAttribute(SAVED_REQUEST, "/"); // if (servletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY) != null && // session.getAttribute(SAVED_REQUEST) != null) // ((HttpServletResponse) servletResponse).sendRedirect((String) // session.getAttribute(SAVED_REQUEST)); if (StringUtils.isEmpty(this.configFile)) return; processConfiguration(filterConfig); HttpServletRequest request = createHttpServletRequestWrapper((HttpServletRequest) servletRequest); HttpServletResponse response = (HttpServletResponse) servletResponse; try { // needs to be done first, *before* accessing any parameters. super.authenticate(..) gets // called to late String characterEncoding = getCharacterEncoding(); if (characterEncoding != null) { request.setCharacterEncoding(characterEncoding); } session = request.getSession(true); // Eagerly look for Local LogOut boolean localLogout = isLocalLogout(request); if (localLogout) { try { sendToLogoutPage(request, response, session); } catch (ServletException e) { logger.samlLogoutError(e); throw new IOException(e); } return; } String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); Principal principal = request.getUserPrincipal(); // If we have already authenticated the user and there is no request from IDP or logout from // user if (principal != null && !(isGlobalLogout(request) || isNotNull(samlRequest) || isNotNull(samlResponse))) { filterChain.doFilter(request, response); } else { // General User Request if (!isNotNull(samlRequest) && !isNotNull(samlResponse)) { generalUserRequest(request, response); } // Handle a SAML Response from IDP if (isNotNull(samlResponse)) { handleSAMLResponse(request, response); } // Handle SAML Requests from IDP if (isNotNull(samlRequest)) { handleSAMLRequest(request, response); } // end if request = createHttpServletRequestWrapper((HttpServletRequest) servletRequest); principal = request.getUserPrincipal(); if (principal != null && !response.isCommitted()) { ((HttpServletResponse) servletResponse).sendRedirect("/"); // liferay filter return; // liferay filter // filterChain.doFilter(request, response); } else { localAuthentication(request, response); } } } catch (IOException e) { // SPType configuration = getConfiguration(); // // if (StringUtil.isNotNull(configuration.getErrorPage())) { // try { // // request.getRequestDispatcher(configuration.getErrorPage()).forward(request, response); // } catch (ServletException e1) { // logger.samlErrorPageForwardError(configuration.getErrorPage(), e1); // } // response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); // } else { throw e; // } } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String longAddr = null, shortAddr, s, transactionKey = null; int count; boolean ignorable = false; synchronized (simultaneousRequestsByShortIPAddr) { if (totalSimultaneousRequests >= maxTotalSimultaneousRequests) { log.error( "This system has exceeded the maxTotalSimultaneousRequests limit of " + maxTotalSimultaneousRequests); log.error(simultaneousRequestsByShortIPAddr); for (String str : simultaneousRequests) log.error(str); ((HttpServletResponse) response).setStatus(HttpURLConnection.HTTP_UNAVAILABLE); response.setContentType("text/html"); PrintWriter writer = response.getWriter(); writer.println("<html><body><h1>Service Temporarily Unavailable</h1>"); writer.println( "The system is experiencing a severe load and is temporarily unable to accept new requests"); if (contactInfo != null) writer.println("<p>Contact " + contactInfo + " for more information</p>"); writer.println("</body></html>"); writer.close(); return; } if (addressInHeader != null) { @SuppressWarnings("unchecked") Enumeration<String> addrs = ((HttpServletRequest) request).getHeaders(addressInHeader); while (addrs.hasMoreElements()) { longAddr = addrs.nextElement(); if (longAddr == null) { if (++addressInHeaderErrorCount < 10) log.error("Expected a " + addressInHeader + " header but got null"); continue; } if (longAddr.lastIndexOf('.') >= 0) break; } } if (longAddr == null) longAddr = request.getRemoteAddr(); int i = longAddr.lastIndexOf('.'); if (i < 0) { log.error("bogus IP address: '" + longAddr + "'"); longAddr = "0.0.0.0"; } shortAddr = longAddr.substring(0, i); // trim off 4th number group // that lets us spot requests from clusters s = equivalentAddresses.get(shortAddr); // map one short addr to another? if (s != null) shortAddr = s; if (ignorableAddresses.contains(shortAddr)) { ignorable = true; } else { Integer icount = simultaneousRequestsByShortIPAddr.get(shortAddr); if (icount != null) count = icount; else count = 0; int maxSimultaneousRequests = (maxTotalSimultaneousRequests - totalSimultaneousRequests) / 4; if (maxSimultaneousRequests == 0) maxSimultaneousRequests = 1; if (count >= maxSimultaneousRequests) { log.error( "IP addr " + shortAddr + ".* has exceeded " + maxSimultaneousRequests + " simultaneous requests!"); log.error("maxTotalSimultaneousRequests=" + maxTotalSimultaneousRequests); log.error("totalSimultaneousRequests=" + totalSimultaneousRequests); for (String str : simultaneousRequests) log.error(str); // // ((HttpServletResponse)response).setStatus(HttpURLConnection.HTTP_TOO_MANY_REQUESTS); // // someday ((HttpServletResponse) response).setStatus(429); // too many requests response.setContentType("text/html"); PrintWriter writer = response.getWriter(); writer.println( "<html><head><title>Too Many Requests</title></head><body><h1>Too Many Requests</h1>"); writer.println( "You have exceeded the maximum simultaneous request value of " + maxSimultaneousRequests); writer.println("<p>This message and your IP address have been logged and reported</p>"); if (contactInfo != null) writer.println("<p>Contact " + contactInfo + " for more information</p>"); writer.println("</body></html>"); writer.close(); return; } simultaneousRequestsByShortIPAddr.put(shortAddr, count + 1); icount = totalRequests.get(shortAddr); if (icount != null) count = icount; else count = 0; totalRequests.put(shortAddr, count + 1); totalSimultaneousRequests++; transactionKey = new StringBuilder((new Date(System.currentTimeMillis())).toString()) .append('|') .append(shortAddr) .append('|') .append(((HttpServletRequest) request).getQueryString()) .toString(); simultaneousRequests.add(transactionKey); } } try { HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response); chain.doFilter(request, wrapper); } finally { if (!ignorable) synchronized (simultaneousRequestsByShortIPAddr) { totalSimultaneousRequests--; simultaneousRequests.remove(transactionKey); count = simultaneousRequestsByShortIPAddr.get(shortAddr); if (count == 1) // prune them from the table simultaneousRequestsByShortIPAddr.remove(shortAddr); else simultaneousRequestsByShortIPAddr.put(shortAddr, count - 1); } } Calendar c = new GregorianCalendar(); int hour = c.get(Calendar.HOUR_OF_DAY); if (hour == 0 && nextReportingHour == 24) { // new day! // you could reset your daily limits table here nextReportingHour = 0; } if (hour >= nextReportingHour) { // generate the hourly report // you could reset your hourly limits table here nextReportingHour = hour + 1; if (log.isInfoEnabled()) { HashMap<String, Integer> map = new LinkedHashMap<String, Integer>(); List<String> yourMapKeys = new ArrayList<String>(totalRequests.keySet()); List<Integer> yourMapValues = new ArrayList<Integer>(totalRequests.values()); TreeSet<Integer> sortedSet = new TreeSet<Integer>(yourMapValues); Integer[] sortedArray = sortedSet.descendingSet().toArray(new Integer[0]); int size = sortedArray.length; for (int i = 0; i < size; i++) map.put(yourMapKeys.get(yourMapValues.indexOf(sortedArray[i])), sortedArray[i]); Iterator<String> it = map.keySet().iterator(); String key; StringBuilder sb = new StringBuilder("Top 10 users in the last hour"); for (int i = 0; i < 10 && it.hasNext(); i++) { key = it.next(); sb.append("\n ").append(key).append(" : ").append(map.get(key)); } log.info(sb); } totalRequests.clear(); } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // 权限判断 StringBuffer sb = new StringBuffer(); String actionType = null; String queryString = null; String userid = null; String isCanAccess = "1"; HttpServletRequest hrequest = (HttpServletRequest) request; String strContext = hrequest.getContextPath(); if (request instanceof HttpServletRequest) { // 获取用户信息 userid = (String) hrequest.getSession().getAttribute("AuthorizedUserID"); strContext = hrequest.getContextPath(); queryString = hrequest.getQueryString(); // 整个参数串 actionType = hrequest.getParameter("actionType"); // 一般操作 if (actionType == null) { actionType = hrequest.getParameter("formSN"); // 针对查询的操作 if (actionType != null) { actionType = "formSN=" + actionType; } } else { actionType = "actionType=" + actionType; } } if (actionType != null) { // 如果参数不为空,则判断权限,通过存储过程判断 DBConnectionManager dbManager = new DBConnectionManager(); CallableStatement cstmt = null; Connection conn = null; try { conn = dbManager.getConnection(); String query = "{call pkg_security.userAccessFunction(?,?,?,?)}"; cstmt = conn.prepareCall(query); cstmt.registerOutParameter(1, OracleTypes.VARCHAR); cstmt.setString(2, userid); cstmt.setString(3, actionType == null ? null : actionType.trim()); cstmt.setString(4, queryString == null ? null : queryString.trim()); cstmt.execute(); isCanAccess = cstmt.getString(1); } catch (SQLException e) { e.printStackTrace(); } finally { try { if (cstmt != null) { cstmt.close(); } } catch (Exception ex) { if (conn != null) try { conn.close(); } catch (SQLException e1) { e1.printStackTrace(); } } if (conn != null) try { conn.close(); } catch (SQLException e1) { e1.printStackTrace(); } } } // 如果没有权限,定位到提示页面。 if (!isCanAccess.equals("1")) { HttpServletResponse out = (HttpServletResponse) response; out.sendRedirect(strContext + "/common/erroraccess.jsp"); return; } else { // 汉字问题 HttpServletRequest httpRequest = (HttpServletRequest) request; httpRequest.setCharacterEncoding(encoding); // chain.doFilter(request, response); // 压缩传输 HttpServletResponse httpResponse = (HttpServletResponse) response; String uri = httpRequest.getRequestURI(); String transferEncoding = getGZIPEncoding((HttpServletRequest) request); if (transferEncoding == null) { setResponseHeader(httpResponse, uri, transferEncoding); chain.doFilter(request, response); } else { if (!uri.endsWith("dd.xml")) // 不处理的有哪些?????? { chain.doFilter(request, response); } else { System.out.println("FrameworkFilter:: Filter handle dd.xml"); setResponseHeader(httpResponse, uri, transferEncoding); httpResponse.setHeader("Content-Encoding", transferEncoding); GZIPEncodableResponse wrappedResponse = new GZIPEncodableResponse((HttpServletResponse) response); chain.doFilter(request, wrappedResponse); wrappedResponse.flush(); } } } // Pass control on to the next filter // chain.doFilter(request, response); }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { chain.doFilter(request, response); }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; // create input/output dir patterns String contextPath = httpRequest.getContextPath(); if (this.inDirPattern == null) { // NOTE: Have to do this here because the context path is not // available in init(). this.inDirPattern = Pattern.compile("^" + escape(contextPath) + escape(this.inDirName) + "/(.*)"); this.outDirPattern = Pattern.compile("^" + escape(contextPath) + "/help/[a-z]{2}(?:_[A-Z]{2})?/.*"); if (ZimbraLog.webclient.isDebugEnabled()) { ZimbraLog.webclient.debug("### indir pattern: " + this.inDirPattern.pattern()); ZimbraLog.webclient.debug("### outdir pattern: " + this.outDirPattern.pattern()); } } // check to see if we need to redirect this request String requestUri = httpRequest.getRequestURI(); if (this.outDirPattern.matcher(requestUri).matches()) { // allow it to go through chain.doFilter(request, response); return; } // make list of potential locales to check Locale preferredLocale = getLocale(httpRequest); String language = preferredLocale.getLanguage(); String country = preferredLocale.getCountry(); Locale[] locales = {preferredLocale, country != null ? new Locale(language) : null, Locale.US}; if (ZimbraLog.webclient.isDebugEnabled()) { for (Locale locale : locales) { ZimbraLog.webclient.debug("locale: " + locale); } } // find out which version of the requested file exists Locale actualLocale = preferredLocale; Matcher matcher = this.inDirPattern.matcher(requestUri); if (!matcher.matches()) { httpResponse.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Help URL doesn't match input pattern."); return; } if (ZimbraLog.webclient.isDebugEnabled()) { ZimbraLog.webclient.debug("### filename: " + matcher.group(1)); } String filename = decode(matcher.group(1)).replace('/', File.separatorChar); if (ZimbraLog.webclient.isDebugEnabled()) { ZimbraLog.webclient.debug("### filename: " + filename); } File baseDir = new File(this.context.getRealPath("/")); if (ZimbraLog.webclient.isDebugEnabled()) { ZimbraLog.webclient.debug("### basedir: " + baseDir); } for (Locale locale : locales) { if (locale == null) continue; File file = new File( baseDir, this.outDirName.replaceAll("\\{locale\\}", locale.toString()) + File.separatorChar + filename); if (file.exists()) { actualLocale = locale; break; } } // redirect String redirectUrl = contextPath + this.outDirName.replaceAll("\\{locale\\}", actualLocale.toString()) + "/" + filename; if (ZimbraLog.webclient.isDebugEnabled()) { ZimbraLog.webclient.debug("redirecting to: " + redirectUrl); } httpResponse.sendRedirect(redirectUrl); }