@Override
  public void handleRequest(HttpServerExchange exchange) throws Exception {
    final String incomingSessionId = servletContext.getSessionConfig().findSessionId(exchange);
    if (incomingSessionId == null || !data.containsKey(incomingSessionId)) {
      next.handleRequest(exchange);
      return;
    }

    // we have some old data
    PersistentSession result = data.remove(incomingSessionId);
    if (result != null) {
      long time = System.currentTimeMillis();
      if (time < result.getExpiration().getTime()) {
        final HttpSessionImpl session = servletContext.getSession(exchange, true);
        final HttpSessionEvent event = new HttpSessionEvent(session);
        for (Map.Entry<String, Object> entry : result.getSessionData().entrySet()) {

          if (entry.getValue() instanceof HttpSessionActivationListener) {
            ((HttpSessionActivationListener) entry.getValue()).sessionDidActivate(event);
          }
          if (entry.getKey().startsWith(HttpSessionImpl.IO_UNDERTOW)) {
            session.getSession().setAttribute(entry.getKey(), entry.getValue());
          } else {
            session.setAttribute(entry.getKey(), entry.getValue());
          }
        }
      }
    }
    next.handleRequest(exchange);
  }
 @Override
 public void handleRequest(HttpServerExchange exchange) throws Exception {
   UndertowHttpFacade facade = new OIDCServletUndertowHttpFacade(exchange);
   final ServletRequestContext servletRequestContext =
       exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
   SessionManagementBridge bridge =
       new SessionManagementBridge(
           userSessionManagement, servletRequestContext.getDeployment().getSessionManager());
   PreAuthActionsHandler handler = new PreAuthActionsHandler(bridge, deploymentContext, facade);
   if (handler.handleRequest()) return;
   next.handleRequest(exchange);
 }
 @Override
 public void parse(HttpHandler handler) throws Exception {
   if (exchange.getAttachment(FORM_DATA) != null) {
     handler.handleRequest(exchange);
     return;
   }
   this.handler = handler;
   StreamSourceChannel channel = exchange.getRequestChannel();
   if (channel == null) {
     throw new IOException(UndertowMessages.MESSAGES.requestChannelAlreadyProvided());
   } else {
     doParse(channel);
     if (state != 4) {
       channel.getReadSetter().set(this);
       channel.resumeReads();
     } else {
       exchange.dispatch(SameThreadExecutor.INSTANCE, handler);
     }
   }
 }
  @Override
  public void handleRequest(final HttpServerExchange exchange) throws Exception {
    final ServletRequestContext servletRequestContext =
        exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    ServletRequest request = servletRequestContext.getServletRequest();
    if (request.getDispatcherType() == DispatcherType.REQUEST) {
      List<SingleConstraintMatch> constraints = servletRequestContext.getRequiredConstrains();
      SecurityContext sc = exchange.getSecurityContext();
      if (!authorizationManager.canAccessResource(
          constraints,
          sc.getAuthenticatedAccount(),
          servletRequestContext.getCurrentServlet().getManagedServlet().getServletInfo(),
          servletRequestContext.getOriginalRequest(),
          servletRequestContext.getDeployment())) {

        HttpServletResponse response =
            (HttpServletResponse) servletRequestContext.getServletResponse();
        response.sendError(403);
        return;
      }
    }
    next.handleRequest(exchange);
  }
예제 #5
0
 public void handleRequest(final HttpServerExchange exchange) throws Exception {
   final ProxyClient.ProxyTarget target = proxyClient.findTarget(exchange);
   if (target == null) {
     log.debugf("No proxy target for request to %s", exchange.getRequestURL());
     next.handleRequest(exchange);
     return;
   }
   final long timeout = maxRequestTime > 0 ? System.currentTimeMillis() + maxRequestTime : 0;
   final ProxyClientHandler clientHandler =
       new ProxyClientHandler(exchange, target, timeout, maxConnectionRetries);
   if (timeout > 0) {
     final XnioExecutor.Key key =
         exchange
             .getIoThread()
             .executeAfter(
                 new Runnable() {
                   @Override
                   public void run() {
                     clientHandler.cancel(exchange);
                   }
                 },
                 maxRequestTime,
                 TimeUnit.MILLISECONDS);
     exchange.putAttachment(TIMEOUT_KEY, key);
     exchange.addExchangeCompleteListener(
         new ExchangeCompletionListener() {
           @Override
           public void exchangeEvent(HttpServerExchange exchange, NextListener nextListener) {
             key.remove();
             nextListener.proceed();
           }
         });
   }
   exchange.dispatch(
       exchange.isInIoThread() ? SameThreadExecutor.INSTANCE : exchange.getIoThread(),
       clientHandler);
 }
예제 #6
0
  @Override
  public void handleRequest(HttpServerExchange exchange) throws Exception {
    HeaderMap requestHeaders = exchange.getRequestHeaders();
    final String sessionId = requestHeaders.getFirst(SSL_SESSION_ID);
    if (sessionId != null) {
      final String cipher = requestHeaders.getFirst(SSL_CIPHER);
      String clientCert = requestHeaders.getFirst(SSL_CLIENT_CERT);
      // the proxy client replaces \n with ' '
      if (clientCert != null && clientCert.length() > 28) {
        StringBuilder sb = new StringBuilder(clientCert.length() + 1);
        sb.append(Certificates.BEGIN_CERT);
        sb.append('\n');
        sb.append(
            clientCert
                .replace(' ', '\n')
                .substring(28, clientCert.length() - 26)); // core certificate data
        sb.append('\n');
        sb.append(Certificates.END_CERT);
        clientCert = sb.toString();
      }

      try {
        SSLSessionInfo info = new BasicSSLSessionInfo(sessionId, cipher, clientCert);
        exchange.setRequestScheme(HTTPS);
        exchange.getConnection().setSslSessionInfo(info);
        exchange.addExchangeCompleteListener(CLEAR_SSL_LISTENER);
      } catch (java.security.cert.CertificateException e) {
        UndertowLogger.REQUEST_LOGGER.debugf(
            e, "Could not create certificate from header %s", clientCert);
      } catch (CertificateException e) {
        UndertowLogger.REQUEST_LOGGER.debugf(
            e, "Could not create certificate from header %s", clientCert);
      }
    }
    next.handleRequest(exchange);
  }
예제 #7
0
 @Override
 public void handleRequest(final HttpServerExchange exchange) throws Exception {
   exchange.setRelativePath(CanonicalPathUtils.canonicalize(exchange.getRelativePath()));
   next.handleRequest(exchange);
 }