public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (_filtered) { Continuation c = (Continuation) request.getAttribute(Continuation.ATTRIBUTE); FilteredContinuation fc; if (_faux && (c == null || !(c instanceof FauxContinuation))) { fc = new FauxContinuation(request); request.setAttribute(Continuation.ATTRIBUTE, fc); } else fc = (FilteredContinuation) c; boolean complete = false; while (!complete) { try { if (fc == null || (fc).enter(response)) chain.doFilter(request, response); } catch (ContinuationThrowable e) { debug("faux", e); } finally { if (fc == null) fc = (FilteredContinuation) request.getAttribute(Continuation.ATTRIBUTE); complete = fc == null || (fc).exit(); } } } else { try { chain.doFilter(request, response); } catch (ContinuationThrowable e) { debug("caught", e); } } }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); Object user_login = session.getAttribute(AURORA_USER_LOGIN); if (user_login != null) { filterChain.doFilter(request, response); return; } SapUserDistil distil = new SapUserDistil(); try { String loginName = distil.execute(request, verifyPseFile, logger); if (loginName == null) { filterChain.doFilter(request, response); return; } executeLoginProc(request, response, loginName); } catch (Exception e) { logger.log(Level.SEVERE, "", e); return; } session.setAttribute(AURORA_USER_LOGIN, Boolean.TRUE); if (afterLoginRedirectUrl != null) response.sendRedirect(afterLoginRedirectUrl); }
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String relativeUrl = request.getRequestURI(); /* 以根开头的URL */ String path = request.getContextPath(); /* 获取客户端请求的上下文根 */ /** 如果是登录请求,则进行登录认证。 如果是其它请求,则进行IP绑定匹配。 */ if (relativeUrl.replaceAll(path, "").equals("/login")) { // 登录请求,登录认证 if (request.getMethod().equals("POST")) { // 登录参数必须通过post方式传过来,security要求的 int status = myAuthentication.getAuthenticationStatus(request); // 调用认证逻辑 if (status == 0) { // 通过认证,则保存登录IP到session,并通过此过滤器 request.getSession().setAttribute("bindIp", RequestIP.getRequestIp(request)); chain.doFilter(request, response); } else { // 未通过认证,则拒绝登录,并返回登录页面提示相关信息 response.sendRedirect(path + "/toIndex.action?error=" + status); } } else { // 如果不是POST方式,则返回登录页面,并提示信息 response.sendRedirect(path + "/toIndex.action?error=9"); // 登录必须用POST方式 } } else { // 其它请求(filters="none"的请求不会被处理,logout请求在此filter之前会被处理) // PC端进行IP认证 String loginIp = (String) request.getSession().getAttribute("bindIp"); // 登录时记录的IP String currentIp = RequestIP.getRequestIp(request); // 当前请求的IP if (loginIp != null && !loginIp.equals(currentIp)) { // 如果此次请求的IP与登录IP不符,则禁止访问,并返回提示 response.sendRedirect(path + "/toIndex.action?error=10"); } else { // 如果IP匹配,则通过此过滤器 chain.doFilter(request, response); } } }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { // Another type of auth HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; if (httpServletRequest.getRequestURI().contains(AuthController.AUTHENTICATED_TOKENS)) { filterChain.doFilter(servletRequest, servletResponse); return; } // Success String header = httpServletRequest.getHeader("Authorization"); if (header != null && header.startsWith(TOKEN_PREFIX) && header.substring(TOKEN_PREFIX.length()).trim().equals(token)) { // SecurityContextHolder.getContext().setAuthentication(createAuth()); filterChain.doFilter(servletRequest, servletResponse); return; } // Or error HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse; httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid token"); }
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; if (judgeIsMoblie(request)) { chain.doFilter(req, resp); return; } Object userId = request.getSession().getAttribute("userId"); String requestURI = request.getRequestURI(); if (isContinue(requestURI)) { chain.doFilter(req, resp); return; } if (null != userId) { // 只有登录验证成功(session还存在时),才继续 chain.doFilter(req, resp); } else { // 否则 用户界面,自动弹出窗口提示用户输入登录账号,登录成功后可以继续使用本系统 HttpServletResponse response = (HttpServletResponse) resp; String header = request.getHeader("x-requested-with"); if ("XMLHttpRequest".equals(header)) { response.setStatus(401); // response.setHeader("status", "401"); PrintWriter writer = response.getWriter(); writer.print("请重新登录"); writer.flush(); // Map<String, Object> map = new HashMap<String, Object>(); // W.writeJsonObject(map); } else { chain.doFilter(req, resp); } } }
/* * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, * javax.servlet.ServletResponse, javax.servlet.FilterChain) */ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; if (domainCross) { response.addHeader("Access-Control-Allow-Origin", "*"); response.addHeader("Access-Control-Allow-Methods", "POST,GET,PUT,DELETE,OPTIONS"); response.addHeader("Access-Control-Allow-Credentials", "true"); response.addHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,token"); response.addHeader("Access-Control-Max-Age", "600000"); } // jsonp if (RestConstant.REQ_METHOD_GET.equals(request.getMethod())) { String callBack = request.getParameter(RestConstant.RESP_CALLBACK); if (StringUtils.isNotEmpty(callBack)) { ResourceResponseWrapper wapper = new ResourceResponseWrapper(response); chain.doFilter(req, wapper); byte[] json = wapper.getResponseData(); StringBuffer jsonStr = new StringBuffer(new String(json, "UTF-8")); jsonStr.insert(0, callBack + "("); jsonStr.append(")"); ServletOutputStream output = response.getOutputStream(); output.write(jsonStr.toString().getBytes("UTF-8")); output.flush(); } else { chain.doFilter(req, response); } } else { chain.doFilter(req, response); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; String host = req.getHeader("Host").trim(); // System.out.println(host); int indexOf = host.indexOf(":"); host = host.substring(0, indexOf); boolean startsWith = host.endsWith(DOMAIN); // System.out.println(startsWith); String url = req.getPathInfo(); if (null == url) { url = req.getServletPath(); System.out.println("url>>>>:" + url); if (url.endsWith(".css")) { chain.doFilter(request, response); return; } } if (startsWith) { int index = host.indexOf(DOMAIN); String hostname = host.substring(0, index); // System.out.println(index); // System.out.println(hostname); String forwardUrl = urls.get(hostname); req.getRequestDispatcher(forwardUrl).forward(req, resp); return; } chain.doFilter(request, response); }
/** {@inheritDoc} */ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponseWrapper response = new HttpServletResponseWrapper((HttpServletResponse) resp); String encoding = request.getHeader("Accept-Encoding"); boolean supportsGzip = false; // Now, check to see if the browser supports the GZIP compression if (encoding != null) { if (encoding.toLowerCase().indexOf("gzip") > -1) supportsGzip = true; } Debug.log( "supportsGzip : " + supportsGzip + ", encoding : " + encoding + ", requestURL : " + request.getRequestURL()); if (supportsGzip) { // add content encoding response.setHeader("Content-Encoding", "gzip"); GzipResponse compressionResponse = new GzipResponse(response); chain.doFilter(request, compressionResponse); compressionResponse.close(); } else { chain.doFilter(req, resp); } }
public static void doFilter( ServletRequest request, ServletResponse response, FilterChain next, boolean isSecure) throws ServletException, IOException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; /* if (res instanceof CauchoResponse) { // server/125i - XXX: needs refactor CauchoResponse cRes = (CauchoResponse) res; CauchoRequest oldReq = cRes.getAbstractHttpResponse().getRequest(); cRes.getAbstractHttpResponse().setRequest((CauchoRequest) req); try { next.doFilter(req, res); } finally { cRes.getAbstractHttpResponse().setRequest(oldReq); } } */ if (req instanceof HttpServletRequestImpl) { HttpServletRequestImpl requestFacade = (HttpServletRequestImpl) req; requestFacade.setSecure(true); // XXX: finally next.doFilter(req, res); } else { req = new SecureServletRequestWrapper(req, isSecure); next.doFilter(req, res); } }
/** * @param request the current request * @param response the current response * @param chain the chain * @throws IOException when something goes wrong * @throws ServletException when a communication failure happens */ @SuppressWarnings("unchecked") public void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = request.getSession(); String request_uri = request.getRequestURI(); // System.out.println("request_uri===="+request_uri); long sessionAccessedTime = session.getLastAccessedTime(); long mySessionTime = 0; if (session.getAttribute("mySessionTime") != null) mySessionTime = Long.parseLong(session.getAttribute("mySessionTime").toString()); // if(request_uri.indexOf("login.html")==-1&&request_uri.indexOf("out.html")==-1){//sessionMonitoring // System.out.println("==1=="+request.getContextPath()+"/error.jsp"); // response.sendRedirect(request.getContextPath()+"/admin/sessionError.html"); if (request_uri.indexOf("noticeLoadDesktopNotice.html") == -1 && request_uri.indexOf("noticeLoadUnReadedNotice.html") == -1 && request_uri.indexOf("sessionMonitoring.html") == -1) { session.setAttribute("mySessionTime", sessionAccessedTime); chain.doFilter(request, response); } else { // System.out.println("sessionAccessedTime===="+sessionAccessedTime); // System.out.println("mySessionTime===="+mySessionTime); chain.doFilter(request, response); } }
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; // String basePath = request.getContextPath() + "/"; // URL基本路径 // String basePath = request.getScheme() + "://"+request.getServerName() + ":" // + request.getServerPort() + request.getContextPath() + "/"; RequestDispatcher dispatcher = req.getRequestDispatcher("login.jsp"); HttpSession session = request.getSession(true); // 从session中获取路径和用户名 String path = request.getRequestURI(); String username = (String) session.getAttribute("username"); if (path.indexOf("/login.jsp") > -1 || path.indexOf("relogin.jsp") > -1) { chain.doFilter(request, response); return; } // 判断是否已经登录 if (username == null || "".equals(username)) { // 尚未登录,跳转到登录页面 // dispatcher.forward(req, res); response.sendRedirect("/ims/relogin.jsp"); } else { // 已经登录,继续此次请求 chain.doFilter(request, response); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; Cliente cliente = (Cliente) httpRequest.getSession().getAttribute("usuarioLogado"); String paginaAcessada = httpRequest.getRequestURI(); boolean requestDoLogin = paginaAcessada.contains("login.xhtml"); if (cliente != null) { if (requestDoLogin) { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.sendRedirect("index.xhtml"); } else { chain.doFilter(request, response); } } else { if (!requestDoLogin && !paginaAcessada.contains("javax.faces.resource")) { httpRequest.getRequestDispatcher("/login.xhtml").forward(request, response); } else { chain.doFilter(request, response); } } }
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; try { prepare.setEncodingAndLocale(request, response); prepare.createActionContext(request, response); prepare.assignDispatcherToThread(); if (excludedPatterns != null && prepare.isUrlExcluded(request, excludedPatterns)) { chain.doFilter(request, response); } else { request = prepare.wrapRequest(request); ActionMapping mapping = prepare.findActionMapping(request, response, true); if (mapping == null) { boolean handled = execute.executeStaticResourceRequest(request, response); if (!handled) { chain.doFilter(request, response); } } else { execute.executeAction(request, response, mapping); } } } finally { prepare.cleanupRequest(request); } }
/** * Check for the broken MS WebDAV client and if detected issue a re-direct that hopefully will * cause the non-broken client to be used. */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) { chain.doFilter(request, response); return; } HttpServletRequest httpRequest = ((HttpServletRequest) request); HttpServletResponse httpResponse = ((HttpServletResponse) response); String ua = httpRequest.getHeader("User-Agent"); if (ua == null || ua.length() == 0 || !ua.startsWith(UA_MINIDIR_START)) { // No UA or starts with non MS value // Hope everything just works... chain.doFilter(request, response); } else if (ua.startsWith(UA_MINIDIR_5_1_2600)) { // XP 32-bit SP3 - needs redirect with explicit port httpResponse.sendRedirect(buildRedirect(httpRequest)); } else if (ua.startsWith(UA_MINIDIR_5_2_3790)) { // XP 64-bit SP2 if (!"".equals(httpRequest.getContextPath())) { log(request, "XP-x64-SP2 clients only work with the root context"); } // Namespace issue maybe // see http://greenbytes.de/tech/webdav/webdav-redirector-list.html log(request, "XP-x64-SP2 is known not to work with WebDAV Servlet"); chain.doFilter(request, response); } else { // Don't know which MS client it is - try the redirect with an // explicit port in the hope that it moves the client to a different // WebDAV implementation that works httpResponse.sendRedirect(buildRedirect(httpRequest)); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new ServletException("Only HttpServletRequest requests are supported"); } final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletResponse httpResponse = (HttpServletResponse) response; // extract the callback method from the request query parameters String callback = getCallbackMethod(httpRequest); if (!isJSONPRequest(callback)) { // Request is not a JSONP request move on chain.doFilter(request, response); } else { // Need to check if the callback method is safe if (!SAFE_PRN.matcher(callback).matches()) { throw new ServletException( "JSONP Callback method '" + CALLBACK_METHOD + "' parameter not valid function"); } // Will stream updated response final ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); // Create a custom response wrapper to adding in the padding HttpServletResponseWrapper responseWrapper = new HttpServletResponseWrapper(httpResponse) { @Override public ServletOutputStream getOutputStream() throws IOException { return new ServletOutputStream() { @Override public void write(int b) throws IOException { byteStream.write(b); } }; } @Override public PrintWriter getWriter() throws IOException { return new PrintWriter(byteStream); } }; // Process the rest of the filter chain, including the JAX-RS request chain.doFilter(request, responseWrapper); // Override response content and encoding response.setContentType(CONTENT_TYPE); response.setCharacterEncoding("UTF-8"); // Write the padded updates to the output stream. response.getOutputStream().write((callback + "(").getBytes()); response.getOutputStream().write(byteStream.toByteArray()); response.getOutputStream().write(");".getBytes()); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; HttpSession session = req.getSession(); Object loginUserInforObj = session.getAttribute(Common_util.LOGIN_USER); if (loginUserInforObj != null) { UserInfor loginUserInfor = (UserInfor) loginUserInforObj; String requestURL = req.getRequestURI(); // System.out.println(requestURL); String requestFunction = requestURL.substring(requestURL.lastIndexOf("/action/") + 8); // System.out.println(requestFunction); // 1. check is it the default function for every one boolean isDefault = DefaultFunctionHeadQ.isDefaultFunction(requestFunction); if (isDefault) { chain.doFilter(request, response); } else { // 2. check whether the user has been granted the high level function boolean exist = loginUserInfor.getFunctions().contains(requestFunction); if (loginUserInfor.getRoleType() != 99 && !exist) { String originalURL = req.getContextPath() + "/jsp/common/unauthorizedAccess.jsp"; loggerLocal.info("WARNING headq: unauthorized access to " + requestFunction); res.sendRedirect(originalURL); } else { chain.doFilter(request, response); } } } else { chain.doFilter(request, response); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (request instanceof HttpServletRequest) { HttpServletRequest httpRequest = (HttpServletRequest) request; String requestUri = httpRequest.getRequestURI(); String rootDir = getRootDir(requestUri); if (staticResourceDirs.contains(rootDir)) { // Static resource, not profiled chain.doFilter(request, response); } else { Profiler profiler = Profiler.createIfDebug(Logger).start(); try { chain.doFilter(request, response); } finally { if (profiler.isDebugEnabled()) { String queryString = httpRequest.getQueryString(); String message = String.format( queryString == null ? MESSAGE_WITHOUT_QUERY : MESSAGE_WITH_QUERY, httpRequest.getMethod(), requestUri, queryString); profiler.stopDebug(message); } } } } else { // Not an HTTP request, not profiled chain.doFilter(request, response); } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; XecureHttpServletRequest xecureHttpServletRequest = null; XecureHttpServletResponse xecureHttpServletResponse = null; String qValue = httpServletRequest.getParameter("q"); if (log.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("q: ").append(qValue); log.debug(sb.toString()); } if (StringUtils.isEmpty(qValue)) { chain.doFilter(httpServletRequest, httpServletResponse); } else if (Boolean.parseBoolean(httpServletRequest.getParameter("fileEnc"))) { chain.doFilter(httpServletRequest, httpServletResponse); } else { try { XecureServlet xecureServlet = new XecureServlet(new XecureConfig(), httpServletRequest, httpServletResponse); xecureHttpServletRequest = xecureServlet.request; xecureHttpServletResponse = xecureServlet.response; chain.doFilter(xecureHttpServletRequest, xecureHttpServletResponse); } catch (XecureServletException e) { e.printStackTrace(); } catch (XecureServletConfigException e) { e.printStackTrace(); } } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // If the filter wasn't initialised then forward the request if (!enabled || !(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse) || isIncluded((HttpServletRequest) request)) { chain.doFilter(request, response); return; } // Check if the request will accept compression boolean supportCompression = false; Enumeration<String> e = ((HttpServletRequest) request).getHeaders("Accept-Encoding"); while (e.hasMoreElements()) { final String headerName = e.nextElement(); if (headerName.indexOf("gzip") != -1) { supportCompression = true; } } // Do the compression if it's supported otherwise continue down the chain if (!supportCompression) { chain.doFilter(request, response); return; } else { final GZIPResponseWrapper responseWrapper = new GZIPResponseWrapper((HttpServletResponse) response, mimeTypes); chain.doFilter(request, responseWrapper); responseWrapper.finish(); } }
public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { if (SystemConfigs.get("memSessionSwitch", "true").equalsIgnoreCase("true")) { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String sid = request.getSession().getId(); if (StringUtils.isNotBlank(request.getParameter("jsessionid"))) { String jsessionid = request.getParameter("jsessionid"); if (!StringUtils.equals(sid, jsessionid)) { HttpSession session = request.getSession(false); if (session != null) session.invalidate(); Cookie cookie = new Cookie("JSESSIONID", jsessionid); cookie.setDomain(request.getServerName()); cookie.setPath("/"); response.addCookie(cookie); sid = jsessionid; } } sessionLog.info("get session in memcached..."); filterChain.doFilter(new HttpServletRequestWrapper(sid, request), servletResponse); } else { sessionLog.info("get session in httpsession..."); filterChain.doFilter(servletRequest, servletResponse); } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpSession session = ((HttpServletRequest) request).getSession(true); Authn authnService = (Authn) WebApplicationContextUtils.getWebApplicationContext(session.getServletContext()) .getBean(authnBean); String userUid = null; try { userUid = authnService.getUserUid(request); } catch (Exception e) { if (log.isDebugEnabled()) log.debug("Could not get user uuid from authn service."); } if (log.isDebugEnabled()) log.debug("userUid=" + userUid); if (userUid == null) { if (authnRedirect != null) { if (authnRedirect.equals(((HttpServletRequest) request).getRequestURI())) { // Don't redirect to the same spot. chain.doFilter(request, response); } else { ((HttpServletResponse) response).sendRedirect(authnRedirect); } } else { ((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED); } } else { chain.doFilter(request, response); } }
@Override public void doFilter( final ServletRequest theRequest, final ServletResponse theResponse, final FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) theRequest; HttpServletResponse response = (HttpServletResponse) theResponse; String servletPath = request.getServletPath(); if (captchaService == null) { captchaService = SpringContextUtils.getBean("captchaService"); } if (servletPath.startsWith(filterProcessesUrl)) { if (filter) { boolean validated = validateCaptchaChallenge(request); if (validated) { chain.doFilter(request, response); } else { redirectFailureUrl(request, response); } } else { chain.doFilter(request, response); } } else { genernateCaptchaImage(request, response); } }
/** @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = ((HttpServletRequest) request); /* * if (httpRequest.getRequestURI().endsWith("login.jsp")){ * System.out.println("É uma jsp: " + httpRequest.getRequestURI()); } * else { System.out.println("NÃO é uma JSP: " + * httpRequest.getRequestURL()); } */ String uri = httpRequest.getRequestURI(); // trocado pelo método isURLToExclusao(uri) (!uri.endsWith("login.jsp") && !uri.endsWith(".css") if (!isURLToExclusao(uri, httpRequest)) { HttpSession session = httpRequest.getSession(); if (session.getAttribute("usuarioSessao") == null) { request.setAttribute("msgAviso", MensagemContantes.MSG_INF_DENY); request.getRequestDispatcher("login.jsp").forward(request, response); } else { chain.doFilter(request, response); } } else { chain.doFilter(request, response); } }
/** * appends memento timegate link to all resources, that are accessed via GET on resource * webservice * * @param servletRequest * @param servletResponse * @param filterChain * @throws IOException * @throws ServletException */ @Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { if (servletRequest instanceof HttpServletRequest) { HttpServletRequest request = (HttpServletRequest) servletRequest; // memento is only for reading if (request.getMethod().equals("GET") || request.getMethod().equals("HEAD")) { HttpServletResponse response = (HttpServletResponse) servletResponse; URL resource = getResourceURL(request); // build timegate link if (resource != null) { response.addHeader( "Link", "<" + MementoUtils.timegateURI(resource.toString(), configurationService.getBaseUri()) + ">; rel=\"timegate\"," + "<" + MementoUtils.timemapURI(resource.toString(), configurationService.getBaseUri()) + ">; rel=\"timemap\""); } filterChain.doFilter(servletRequest, response); return; } } filterChain.doFilter(servletRequest, servletResponse); }
/** @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String requestURI = ((HttpServletRequest) request).getRequestURI(); if (requestURI.contains(redirectOnFailure)) { chain.doFilter(request, response); } else { HttpSession session = AuthorizationManager.getSessionAndCreate(request); // Create session if does not exist. String currentUser = (String) session.getAttribute("user"); if (currentUser == null) { returnError( (HttpServletRequest) request, (HttpServletResponse) response, session, "Cannot find username information, please login!"); } else { // Get relevant URI. String URI = ((HttpServletRequest) request).getRequestURI(); // Invoke AuthorizationManager method to see if user can // access resource. boolean authorized = this.isUserAuthorized(currentUser, URI); if (!authorized) { returnError( (HttpServletRequest) request, (HttpServletResponse) response, session, "User is not authorized to access this area!"); } } chain.doFilter(request, response); } }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) servletRequest; HttpServletResponse resp = (HttpServletResponse) servletResponse; String uri = req.getRequestURI(); String path = uri.substring(0, uri.lastIndexOf("/") + 1); String name = uri.substring(uri.lastIndexOf("/") + 1); File testFile = new File("src/main/resources/tests" + path + "test-" + name); if (req.getParameter("skiptest") == null && testFile.exists() && testFile.isFile()) { Wrapper wrapper = new Wrapper(resp); filterChain.doFilter(req, wrapper); resp.flushBuffer(); if (wrapper.isWrapped()) { String content = new String(wrapper.toByteArray(), "utf-8"); String test = IOUtils.toString(testFile.toURI().toURL(), "utf-8"); content = content.replace("</body>", test + "</body>"); resp.getOutputStream().print(content); } } else { filterChain.doFilter(req, resp); } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String uri = req.getRequestURI(); log.info(req.getRemoteAddr() + "\tvisite\t" + uri); String project = req.getContextPath(); /*if (SESSION_COMPANY == null && SESSION_BUYER == null && SESSION_BRANCH==null && !uri.endsWith(project+"/logout.do")) { cookieLogin((HttpServletRequest)request, (HttpServletResponse)response); }*/ if ((project + "/").equals(uri) || (project + "/index.jsp").equals(uri)) { res.sendRedirect(req.getContextPath() + "/index.do"); // 用户未登 } if (isNeedCheck(uri, project)) { if (1 == 1) { // 如果toLogin参数存在,则登录以后跳回到原页面 String toLogin = req.getParameter("toLogin"); String returnURL = ""; if (null != toLogin) returnURL = req.getHeader("Referer"); // 用户未登 res.sendRedirect(req.getContextPath() + "/login.jsp?returnURL=" + returnURL); } else { chain.doFilter(request, response); } } else { chain.doFilter(request, response); } }
@SuppressWarnings("unchecked") @Override public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpreq = (HttpServletRequest) req; if (FiltersHelper.isAuthenticated(httpreq) || httpreq.getAttribute(FiltersHelper.Constants.REQUEST_AUTH_RECORD_KEY) != null) { chain.doFilter(req, rsp); } else { ((HttpServletRequest) req).setAttribute(FiltersHelper.Constants.REQUEST_SCHEMES_KEY, schemes); HttpSession session = httpreq.getSession(false); Deque<AuthenticationProfile> stack = null; if (session != null) { stack = (Deque<AuthenticationProfile>) session.getAttribute(STACK_ATTR); } if (stack == null) { stack = new ArrayDeque<>(); stack.addAll(profiles); } doAuth(httpreq, (HttpServletResponse) rsp, stack); if (!stack.isEmpty()) { httpreq.getSession(true).setAttribute(STACK_ATTR, stack); } else { if (session != null) { session.removeAttribute(STACK_ATTR); } chain.doFilter(req, rsp); } } }
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) { HttpServletRequest r = (HttpServletRequest) req; // Some info LOG.log(Level.INFO, "URL={0}", r.getRequestURL()); LOG.log(Level.INFO, "URI={0}", r.getRequestURI()); LOG.log(Level.INFO, "SERVLET PATH={0}", r.getServletPath()); LOG.log(Level.INFO, "PATH INFO={0}", r.getPathInfo()); LOG.log(Level.INFO, "QUERY={0}", r.getQueryString()); LOG.log(Level.INFO, "--------------------------"); String uri = r.getRequestURI(); String path = r.getServletPath(); try { // Pass through resources if (resources.matcher(uri).matches()) { chain.doFilter(req, res); } else if (path.equals("/") || path.equals("/home")) { req.getRequestDispatcher(TEMPLATE + "?partial=home").forward(req, res); } else { chain.doFilter(req, res); } } catch (IOException | ServletException ex) { LOG.log(Level.WARNING, ex.getMessage()); try { req.setAttribute("error", ex.getMessage()); req.getRequestDispatcher(TEMPLATE + "?partial=error").forward(req, res); } catch (ServletException | IOException ex1) { LOG.log(Level.SEVERE, ex1.getMessage()); } } }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (response instanceof HttpServletResponse && request instanceof HttpServletRequest) { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; // skip auth for static content, middle of auth flow, notify servlet if (httpRequest.getRequestURI().startsWith("/static") || httpRequest.getRequestURI().equals("/oauth2callback") || httpRequest.getRequestURI().contains("/_ah")) { LOG.info("Skipping auth check for certain urls"); filterChain.doFilter(request, response); return; } LOG.fine("Checking to see if anyone is logged in"); if (AuthUtil.getUserId(httpRequest) == null || AuthUtil.getCredential(AuthUtil.getUserId(httpRequest)) == null || AuthUtil.getCredential(AuthUtil.getUserId(httpRequest)).getAccessToken() == null) { // redirect to auth flow httpResponse.sendRedirect(WebUtil.buildUrl(httpRequest, "/oauth2callback")); return; } // Things checked out OK :) filterChain.doFilter(request, response); } else { LOG.warning("Unexpected non HTTP servlet response. Proceeding anyway."); filterChain.doFilter(request, response); } }