Exemplo n.º 1
0
  private void describeLimitsForRequest(
      HttpServletRequest request, FilterDirector director, MediaType preferredMediaType) {
    if (preferredMediaType.getMimeType() == MimeType.UNKNOWN) {
      director.setFilterAction(FilterAction.RETURN);
      director.setResponseStatus(HttpStatusCode.NOT_ACCEPTABLE);
    } else {
      // If include absolute limits let request pass thru but prepare the combined
      // (absolute and active) limits when processing the response
      if (includeAbsoluteLimits) {
        director.setFilterAction(FilterAction.PROCESS_RESPONSE);
        director
            .requestHeaderManager()
            .putHeader(CommonHttpHeader.ACCEPT.toString(), MimeType.APPLICATION_XML.toString());
      } else {
        try {
          final MimeType mimeType =
              rateLimitingServiceHelper.queryActiveLimits(
                  request, preferredMediaType, director.getResponseOutputStream());

          director
              .responseHeaderManager()
              .putHeader(CommonHttpHeader.CONTENT_TYPE.toString(), mimeType.toString());
          director.setFilterAction(FilterAction.RETURN);
          director.setResponseStatus(HttpStatusCode.OK);
        } catch (Exception e) {
          consumeException(e, director);
        }
      }
    }
  }
  private FilterDirector updateHttpResponse(FilterDirector director, String wwwAuthenticateHeader) {
    // If in the case that the origin service supports delegated authentication
    // we should then communicate to the client how to authenticate with us
    if (!StringUtilities.isBlank(wwwAuthenticateHeader)
        && wwwAuthenticateHeader.contains("Delegated")) {
      final String replacementWwwAuthenticateHeader = getWWWAuthenticateHeaderContents();
      director
          .responseHeaderManager()
          .putHeader(
              CommonHttpHeader.WWW_AUTHENTICATE.toString(), replacementWwwAuthenticateHeader);
    } else {
      // In the case where authentication has failed and we did not receive
      // a delegated WWW-Authenticate header, this means that our own authentication
      // with the origin service has failed and must then be communicated as
      // a 500 (internal server error) to the client
      director.setResponseStatus(HttpStatusCode.INTERNAL_SERVER_ERROR);
    }

    return director;
  }
    @Test
    public void shouldModifyDelegatedWwwAuthenticateHeaderOn403() {
      when(response.getHeader(CommonHttpHeader.WWW_AUTHENTICATE.toString()))
          .thenReturn("Delegated");
      when(response.getStatus()).thenReturn(403);

      final FilterDirector responseDirector = handler.handleResponse(request, response);

      final String expected = "Keystone uri=" + osauthConfig.getIdentityService().getUri();

      assertEquals(
          "Auth component must pass invalid requests but process their responses",
          expected,
          responseDirector
              .responseHeaderManager()
              .headersToAdd()
              .get(CommonHttpHeader.WWW_AUTHENTICATE.toString())
              .iterator()
              .next());
    }
Exemplo n.º 4
0
  @Override
  public FilterDirector handleResponse(
      HttpServletRequest request, ReadableHttpServletResponse response) {
    final FilterDirector director = new FilterDirectorImpl();

    try {
      final MimeType mimeType =
          rateLimitingServiceHelper.queryCombinedLimits(
              request,
              originalPreferredAccept,
              response.getBufferedOutputAsInputStream(),
              director.getResponseOutputStream());

      director
          .responseHeaderManager()
          .putHeader(CommonHttpHeader.CONTENT_TYPE.toString(), mimeType.toString());
    } catch (Exception e) {
      consumeException(e, director);
    }

    return director;
  }
Exemplo n.º 5
0
  /** @return false if over-limit and response delegation is not enabled */
  private boolean recordLimitedRequest(HttpServletRequest request, FilterDirector director) {
    boolean pass = true;

    try {
      rateLimitingServiceHelper.trackLimits(request);
    } catch (OverLimitException e) {
      new LimitLogger(e.getUser(), request)
          .log(e.getConfiguredLimit(), Integer.toString(e.getCurrentLimitAmount()));
      final HttpDate nextAvailableTime = new HttpDate(e.getNextAvailableTime());

      // Tell the filter we want to return right away
      director.setFilterAction(FilterAction.RETURN);
      pass = false;

      // We use a 413 "Request Entity Too Large" to communicate that the user
      // in question has hit their rate limit for this requested URI
      if (overLimit429ResponseCode) {

        director.setResponseStatus(HttpStatusCode.TOO_MANY_REQUESTS);

      } else {

        director.setResponseStatus(HttpStatusCode.REQUEST_ENTITY_TOO_LARGE);
      }
      director
          .responseHeaderManager()
          .appendHeader(CommonHttpHeader.RETRY_AFTER.toString(), nextAvailableTime.toRFC1123());

    } catch (CacheException e) {
      LOG.error("Failure when tracking limits. Reason: " + e.getMessage(), e);

      director.setFilterAction(FilterAction.RETURN);
      director.setResponseStatus(HttpStatusCode.BAD_GATEWAY);
    }

    return pass;
  }
Exemplo n.º 6
0
  @Override
  public FilterDirector handleResponse(
      HttpServletRequest httpRequest, ReadableHttpServletResponse httpResponse) {
    MutableHttpServletRequest request = MutableHttpServletRequest.wrap(httpRequest);
    MutableHttpServletResponse response =
        MutableHttpServletResponse.wrap(httpRequest, httpResponse);
    final FilterDirector filterDirector = new FilterDirectorImpl();
    filterDirector.setFilterAction(FilterAction.PASS);
    MediaType contentType = getContentType(response.getHeaderValue("Content-Type"));
    List<MediaType> acceptValues =
        getAcceptValues(request.getPreferredHeaders("Accept", DEFAULT_TYPE));
    List<XmlChainPool> pools =
        getHandlerChainPool(
            "",
            contentType,
            acceptValues,
            String.valueOf(response.getStatus()),
            responseProcessors);

    if (pools.isEmpty()) {
      filterDirector.setResponseStatusCode(response.getStatus());
      return filterDirector;
    }

    try {
      filterDirector.setResponseStatusCode(response.getStatus());
      if (response.hasBody()) {
        InputStream in = response.getBufferedOutputAsInputStream();

        TranslationResult result = null;
        for (XmlChainPool pool : pools) {
          if (in.available() > 0) {
            result =
                pool.executePool(
                    new TranslationPreProcessor(in, contentType, true).getBodyStream(),
                    filterDirector.getResponseOutputStream(),
                    getInputParameters(TranslationType.RESPONSE, request, response, result));

            if (result.isSuccess()) {
              result.applyResults(filterDirector);
              if (StringUtilities.isNotBlank(pool.getResultContentType())) {
                filterDirector
                    .requestHeaderManager()
                    .putHeader("content-type", pool.getResultContentType());
                contentType = getContentType(pool.getResultContentType());
              }
              in = new ByteArrayInputStream(filterDirector.getResponseMessageBodyBytes());
            } else {
              filterDirector.setResponseStatus(HttpStatusCode.INTERNAL_SERVER_ERROR);
              response.setContentLength(0);
              filterDirector.responseHeaderManager().removeHeader("Content-Length");
              break;
            }
          }
        }
      }
    } catch (IOException ex) {
      LOG.error("Error executing response transformer chain", ex);
      filterDirector.setResponseStatus(HttpStatusCode.INTERNAL_SERVER_ERROR);
      response.setContentLength(0);
    }

    return filterDirector;
  }