示例#1
0
 @Override
 public void doFilter(
     @Nonnull ServletRequest request,
     @Nonnull ServletResponse response,
     @Nonnull FilterChain chain)
     throws IOException, ServletException {
   final StopWatch stopWatch = new StopWatch();
   request.setAttribute(CURRENT_REQUEST_STOP_WATCH_ATTRIBUTE_NAME, stopWatch);
   final ScopeMapping globalMapping = _patternToMapping.get(null);
   final ScopeMapping specificMapping =
       request instanceof HttpServletRequest
           ? getMappingFor(((HttpServletRequest) request).getRequestURI())
           : null;
   try {
     chain.doFilter(request, response);
   } finally {
     request.removeAttribute(CURRENT_REQUEST_STOP_WATCH_ATTRIBUTE_NAME);
     final Duration duration = stopWatch.getCurrentDuration();
     final ServletHealthInterceptor interceptor = _interceptor;
     if (interceptor == null
         || interceptor.isRecordAllowed(request, globalMapping, specificMapping)) {
       globalMapping.record(null, duration);
       if (specificMapping != null) {
         final String targetName =
             interceptor != null
                 ? interceptor.getSpecificTargetName(request, specificMapping)
                 : null;
         specificMapping.record(targetName, duration);
       }
     }
   }
 }
示例#2
0
  @Override
  public void doFilter(
      ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
      throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;

    // Skip oauth for local connections
    if (!"127.0.0.1".equals(servletRequest.getRemoteAddr())) {
      // Read the OAuth parameters from the request
      OAuthServletRequest request = new OAuthServletRequest(httpRequest);
      OAuthParameters params = new OAuthParameters();
      params.readRequest(request);

      String consumerKey = params.getConsumerKey();

      // Set the secret(s), against which we will verify the request
      OAuthSecrets secrets = new OAuthSecrets();
      secrets.setConsumerSecret(m_tokenStore.getToken(consumerKey));

      // Check that the timestamp has not expired
      String timestampStr = params.getTimestamp();
      if (timestampStr == null) {
        logger.warn("Missing OAuth headers");
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing OAuth headers");
        return;
      }

      long msgTime = Util.parseLong(timestampStr) * 1000L; // Message time is in seconds
      long currentTime = System.currentTimeMillis();

      // if the message is older than 5 min it is no good
      if (Math.abs(msgTime - currentTime) > 300000) {
        logger.warn(
            "OAuth message time out, msg time: " + msgTime + " current time: " + currentTime);
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Message expired");
        return;
      }

      // Verify the signature
      try {
        if (!OAuthSignature.verify(request, params, secrets)) {
          logger.warn("Invalid OAuth signature");

          httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid OAuth signature");
          return;
        }
      } catch (OAuthSignatureException e) {
        logger.warn("OAuth exception", e);

        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid OAuth request");
        return;
      }
    }

    filterChain.doFilter(servletRequest, servletResponse);
  }
 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
     throws IOException, ServletException {
   final long startTime = System.currentTimeMillis();
   PerformanceFilterResponse filterResponse =
       new PerformanceFilterResponse((HttpServletResponse) response);
   chain.doFilter(request, filterResponse);
   try {
     processResponse(request, filterResponse, startTime);
   } catch (Throwable t) {
     Log logger = LogFactory.getLog(PerformanceMeasurementFilter.class);
     logger.error(t.getMessage(), t);
   }
 }
示例#4
0
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    String userAddy = request.getRemoteHost();
    filterConf.getServletContext().log("Vistor User IP: " + userAddy);
    /*
    // Get the IP address of client machine.
    String ipAddress = request.getRemoteAddr();

    // Log the IP address and current timestamp.
    System.out.println("IP "+ ipAddress + ", Time " + new Date().toString());
    */
    chain.doFilter(request, response);
  }
示例#5
0
  public void doFilter(
      ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
      throws IOException, ServletException {

    HttpSession session = null;
    //        HttpSession session = ((HttpServletRequest) servletRequest).getSession(true);
    //        if (servletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY) == null)
    //            session.setAttribute(SAVED_REQUEST, "/");
    //        if (servletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY) != null &&
    // session.getAttribute(SAVED_REQUEST) != null)
    //            ((HttpServletResponse) servletResponse).sendRedirect((String)
    // session.getAttribute(SAVED_REQUEST));

    if (StringUtils.isEmpty(this.configFile)) return;

    processConfiguration(filterConfig);

    HttpServletRequest request =
        createHttpServletRequestWrapper((HttpServletRequest) servletRequest);
    HttpServletResponse response = (HttpServletResponse) servletResponse;

    try {
      // needs to be done first, *before* accessing any parameters. super.authenticate(..) gets
      // called to late
      String characterEncoding = getCharacterEncoding();

      if (characterEncoding != null) {
        request.setCharacterEncoding(characterEncoding);
      }

      session = request.getSession(true);

      // Eagerly look for Local LogOut
      boolean localLogout = isLocalLogout(request);

      if (localLogout) {
        try {
          sendToLogoutPage(request, response, session);
        } catch (ServletException e) {
          logger.samlLogoutError(e);
          throw new IOException(e);
        }
        return;
      }

      String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY);
      String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY);

      Principal principal = request.getUserPrincipal();

      // If we have already authenticated the user and there is no request from IDP or logout from
      // user
      if (principal != null
          && !(isGlobalLogout(request) || isNotNull(samlRequest) || isNotNull(samlResponse))) {
        filterChain.doFilter(request, response);
      } else {

        // General User Request
        if (!isNotNull(samlRequest) && !isNotNull(samlResponse)) {
          generalUserRequest(request, response);
        }

        // Handle a SAML Response from IDP
        if (isNotNull(samlResponse)) {
          handleSAMLResponse(request, response);
        }

        // Handle SAML Requests from IDP
        if (isNotNull(samlRequest)) {
          handleSAMLRequest(request, response);
        } // end if

        request = createHttpServletRequestWrapper((HttpServletRequest) servletRequest);

        principal = request.getUserPrincipal();

        if (principal != null && !response.isCommitted()) {
          ((HttpServletResponse) servletResponse).sendRedirect("/"); // liferay filter
          return; // liferay filter
          // filterChain.doFilter(request, response);
        } else {
          localAuthentication(request, response);
        }
      }
    } catch (IOException e) {
      //            SPType configuration = getConfiguration();
      //
      //            if (StringUtil.isNotNull(configuration.getErrorPage())) {
      //                try {
      //
      // request.getRequestDispatcher(configuration.getErrorPage()).forward(request, response);
      //                } catch (ServletException e1) {
      //                    logger.samlErrorPageForwardError(configuration.getErrorPage(), e1);
      //                }
      //                response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
      //            } else {
      throw e;
      //            }
    }
  }
示例#6
0
  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    String longAddr = null, shortAddr, s, transactionKey = null;
    int count;
    boolean ignorable = false;

    synchronized (simultaneousRequestsByShortIPAddr) {
      if (totalSimultaneousRequests >= maxTotalSimultaneousRequests) {
        log.error(
            "This system has exceeded the maxTotalSimultaneousRequests limit of "
                + maxTotalSimultaneousRequests);
        log.error(simultaneousRequestsByShortIPAddr);
        for (String str : simultaneousRequests) log.error(str);
        ((HttpServletResponse) response).setStatus(HttpURLConnection.HTTP_UNAVAILABLE);
        response.setContentType("text/html");
        PrintWriter writer = response.getWriter();
        writer.println("<html><body><h1>Service Temporarily Unavailable</h1>");
        writer.println(
            "The system is experiencing a severe load and is temporarily unable to accept new requests");
        if (contactInfo != null)
          writer.println("<p>Contact " + contactInfo + " for more information</p>");
        writer.println("</body></html>");
        writer.close();
        return;
      }
      if (addressInHeader != null) {
        @SuppressWarnings("unchecked")
        Enumeration<String> addrs = ((HttpServletRequest) request).getHeaders(addressInHeader);
        while (addrs.hasMoreElements()) {
          longAddr = addrs.nextElement();
          if (longAddr == null) {
            if (++addressInHeaderErrorCount < 10)
              log.error("Expected a " + addressInHeader + " header but got null");
            continue;
          }
          if (longAddr.lastIndexOf('.') >= 0) break;
        }
      }
      if (longAddr == null) longAddr = request.getRemoteAddr();
      int i = longAddr.lastIndexOf('.');
      if (i < 0) {
        log.error("bogus IP address: '" + longAddr + "'");
        longAddr = "0.0.0.0";
      }
      shortAddr = longAddr.substring(0, i); // trim off 4th number group
      // that lets us spot requests from clusters
      s = equivalentAddresses.get(shortAddr); // map one short addr to another?
      if (s != null) shortAddr = s;
      if (ignorableAddresses.contains(shortAddr)) {
        ignorable = true;
      } else {
        Integer icount = simultaneousRequestsByShortIPAddr.get(shortAddr);
        if (icount != null) count = icount;
        else count = 0;

        int maxSimultaneousRequests =
            (maxTotalSimultaneousRequests - totalSimultaneousRequests) / 4;
        if (maxSimultaneousRequests == 0) maxSimultaneousRequests = 1;
        if (count >= maxSimultaneousRequests) {
          log.error(
              "IP addr "
                  + shortAddr
                  + ".* has exceeded "
                  + maxSimultaneousRequests
                  + " simultaneous requests!");
          log.error("maxTotalSimultaneousRequests=" + maxTotalSimultaneousRequests);
          log.error("totalSimultaneousRequests=" + totalSimultaneousRequests);
          for (String str : simultaneousRequests) log.error(str);
          //
          // ((HttpServletResponse)response).setStatus(HttpURLConnection.HTTP_TOO_MANY_REQUESTS); //
          // someday
          ((HttpServletResponse) response).setStatus(429); // too many requests
          response.setContentType("text/html");
          PrintWriter writer = response.getWriter();
          writer.println(
              "<html><head><title>Too Many Requests</title></head><body><h1>Too Many Requests</h1>");
          writer.println(
              "You have exceeded the maximum simultaneous request value of "
                  + maxSimultaneousRequests);
          writer.println("<p>This message and your IP address have been logged and reported</p>");
          if (contactInfo != null)
            writer.println("<p>Contact " + contactInfo + " for more information</p>");
          writer.println("</body></html>");
          writer.close();
          return;
        }
        simultaneousRequestsByShortIPAddr.put(shortAddr, count + 1);
        icount = totalRequests.get(shortAddr);
        if (icount != null) count = icount;
        else count = 0;
        totalRequests.put(shortAddr, count + 1);
        totalSimultaneousRequests++;
        transactionKey =
            new StringBuilder((new Date(System.currentTimeMillis())).toString())
                .append('|')
                .append(shortAddr)
                .append('|')
                .append(((HttpServletRequest) request).getQueryString())
                .toString();
        simultaneousRequests.add(transactionKey);
      }
    }

    try {
      HttpServletResponseWrapper wrapper =
          new HttpServletResponseWrapper((HttpServletResponse) response);
      chain.doFilter(request, wrapper);
    } finally {
      if (!ignorable)
        synchronized (simultaneousRequestsByShortIPAddr) {
          totalSimultaneousRequests--;
          simultaneousRequests.remove(transactionKey);
          count = simultaneousRequestsByShortIPAddr.get(shortAddr);
          if (count == 1) // prune them from the table
          simultaneousRequestsByShortIPAddr.remove(shortAddr);
          else simultaneousRequestsByShortIPAddr.put(shortAddr, count - 1);
        }
    }

    Calendar c = new GregorianCalendar();
    int hour = c.get(Calendar.HOUR_OF_DAY);
    if (hour == 0 && nextReportingHour == 24) { // new day!
      // you could reset your daily limits table here
      nextReportingHour = 0;
    }

    if (hour >= nextReportingHour) { // generate the hourly report
      // you could reset your hourly limits table here
      nextReportingHour = hour + 1;

      if (log.isInfoEnabled()) {
        HashMap<String, Integer> map = new LinkedHashMap<String, Integer>();
        List<String> yourMapKeys = new ArrayList<String>(totalRequests.keySet());
        List<Integer> yourMapValues = new ArrayList<Integer>(totalRequests.values());
        TreeSet<Integer> sortedSet = new TreeSet<Integer>(yourMapValues);
        Integer[] sortedArray = sortedSet.descendingSet().toArray(new Integer[0]);
        int size = sortedArray.length;

        for (int i = 0; i < size; i++)
          map.put(yourMapKeys.get(yourMapValues.indexOf(sortedArray[i])), sortedArray[i]);
        Iterator<String> it = map.keySet().iterator();
        String key;
        StringBuilder sb = new StringBuilder("Top 10 users in the last hour");
        for (int i = 0; i < 10 && it.hasNext(); i++) {
          key = it.next();
          sb.append("\n    ").append(key).append(" : ").append(map.get(key));
        }
        log.info(sb);
      }
      totalRequests.clear();
    }
  }
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    //		权限判断
    StringBuffer sb = new StringBuffer();
    String actionType = null;
    String queryString = null;
    String userid = null;
    String isCanAccess = "1";
    HttpServletRequest hrequest = (HttpServletRequest) request;
    String strContext = hrequest.getContextPath();

    if (request instanceof HttpServletRequest) {

      // 获取用户信息
      userid = (String) hrequest.getSession().getAttribute("AuthorizedUserID");

      strContext = hrequest.getContextPath();
      queryString = hrequest.getQueryString(); // 整个参数串
      actionType = hrequest.getParameter("actionType"); // 一般操作
      if (actionType == null) {
        actionType = hrequest.getParameter("formSN"); // 针对查询的操作
        if (actionType != null) {
          actionType = "formSN=" + actionType;
        }
      } else {
        actionType = "actionType=" + actionType;
      }
    }

    if (actionType != null) { // 如果参数不为空,则判断权限,通过存储过程判断
      DBConnectionManager dbManager = new DBConnectionManager();
      CallableStatement cstmt = null;
      Connection conn = null;
      try {
        conn = dbManager.getConnection();
        String query = "{call pkg_security.userAccessFunction(?,?,?,?)}";
        cstmt = conn.prepareCall(query);
        cstmt.registerOutParameter(1, OracleTypes.VARCHAR);
        cstmt.setString(2, userid);
        cstmt.setString(3, actionType == null ? null : actionType.trim());
        cstmt.setString(4, queryString == null ? null : queryString.trim());
        cstmt.execute();
        isCanAccess = cstmt.getString(1);

      } catch (SQLException e) {
        e.printStackTrace();
      } finally {
        try {
          if (cstmt != null) {
            cstmt.close();
          }
        } catch (Exception ex) {
          if (conn != null)
            try {
              conn.close();
            } catch (SQLException e1) {
              e1.printStackTrace();
            }
        }
        if (conn != null)
          try {
            conn.close();
          } catch (SQLException e1) {
            e1.printStackTrace();
          }
      }
    }

    // 如果没有权限,定位到提示页面。
    if (!isCanAccess.equals("1")) {
      HttpServletResponse out = (HttpServletResponse) response;
      out.sendRedirect(strContext + "/common/erroraccess.jsp");
      return;
    } else {

      // 汉字问题
      HttpServletRequest httpRequest = (HttpServletRequest) request;
      httpRequest.setCharacterEncoding(encoding);
      //  chain.doFilter(request, response);

      // 压缩传输

      HttpServletResponse httpResponse = (HttpServletResponse) response;
      String uri = httpRequest.getRequestURI();

      String transferEncoding = getGZIPEncoding((HttpServletRequest) request);
      if (transferEncoding == null) {
        setResponseHeader(httpResponse, uri, transferEncoding);
        chain.doFilter(request, response);
      } else {
        if (!uri.endsWith("dd.xml")) // 不处理的有哪些??????
        {
          chain.doFilter(request, response);
        } else {
          System.out.println("FrameworkFilter::  Filter handle dd.xml");
          setResponseHeader(httpResponse, uri, transferEncoding);
          httpResponse.setHeader("Content-Encoding", transferEncoding);
          GZIPEncodableResponse wrappedResponse =
              new GZIPEncodableResponse((HttpServletResponse) response);
          chain.doFilter(request, wrappedResponse);
          wrappedResponse.flush();
        }
      }
    }

    //		 Pass control on to the next filter
    // chain.doFilter(request, response);

  }
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws ServletException, IOException {

    chain.doFilter(request, response);
  }
示例#9
0
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    // create input/output dir patterns
    String contextPath = httpRequest.getContextPath();
    if (this.inDirPattern == null) {
      // NOTE: Have to do this here because the context path is not
      //       available in init().
      this.inDirPattern =
          Pattern.compile("^" + escape(contextPath) + escape(this.inDirName) + "/(.*)");
      this.outDirPattern =
          Pattern.compile("^" + escape(contextPath) + "/help/[a-z]{2}(?:_[A-Z]{2})?/.*");
      if (ZimbraLog.webclient.isDebugEnabled()) {
        ZimbraLog.webclient.debug("### indir pattern:  " + this.inDirPattern.pattern());
        ZimbraLog.webclient.debug("### outdir pattern: " + this.outDirPattern.pattern());
      }
    }

    // check to see if we need to redirect this request
    String requestUri = httpRequest.getRequestURI();
    if (this.outDirPattern.matcher(requestUri).matches()) {
      // allow it to go through
      chain.doFilter(request, response);
      return;
    }

    // make list of potential locales to check
    Locale preferredLocale = getLocale(httpRequest);
    String language = preferredLocale.getLanguage();
    String country = preferredLocale.getCountry();
    Locale[] locales = {preferredLocale, country != null ? new Locale(language) : null, Locale.US};
    if (ZimbraLog.webclient.isDebugEnabled()) {
      for (Locale locale : locales) {
        ZimbraLog.webclient.debug("locale: " + locale);
      }
    }

    // find out which version of the requested file exists
    Locale actualLocale = preferredLocale;
    Matcher matcher = this.inDirPattern.matcher(requestUri);
    if (!matcher.matches()) {
      httpResponse.sendError(
          HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Help URL doesn't match input pattern.");
      return;
    }

    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### filename: " + matcher.group(1));
    }
    String filename = decode(matcher.group(1)).replace('/', File.separatorChar);
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### filename: " + filename);
    }
    File baseDir = new File(this.context.getRealPath("/"));
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("### basedir:  " + baseDir);
    }
    for (Locale locale : locales) {
      if (locale == null) continue;
      File file =
          new File(
              baseDir,
              this.outDirName.replaceAll("\\{locale\\}", locale.toString())
                  + File.separatorChar
                  + filename);
      if (file.exists()) {
        actualLocale = locale;
        break;
      }
    }

    // redirect
    String redirectUrl =
        contextPath
            + this.outDirName.replaceAll("\\{locale\\}", actualLocale.toString())
            + "/"
            + filename;
    if (ZimbraLog.webclient.isDebugEnabled()) {
      ZimbraLog.webclient.debug("redirecting to: " + redirectUrl);
    }
    httpResponse.sendRedirect(redirectUrl);
  }