Example usage for javax.servlet FilterChain doFilter

List of usage examples for javax.servlet FilterChain doFilter

Introduction

In this page you can find the example usage for javax.servlet FilterChain doFilter.

Prototype

public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;

Source Link

Document

Causes the next filter in the chain to be invoked, or if the calling filter is the last filter in the chain, causes the resource at the end of the chain to be invoked.

Usage

From source file:com.surevine.chat.auth.GroupAuthorisationFilter.java

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
    try {//from  w w  w . j  ava 2s .  c  om
        HttpSession session = ((HttpServletRequest) request).getSession();
        if (session.getAttribute(SESSION_KEY) != null) {
            _logger.debug("Session attribute set:  Allowing");
            chain.doFilter(request, response);
        }
        // If we don't have a user in the session, just continue. This
        // special
        // case is what allows us to work with CAS,
        // _requires_ something like CAS to be secure, and is the reason
        // that we
        // need to code our own filter for this.
        else if (((HttpServletRequest) request).getRemoteUser() == null) {
            _logger.debug("User principal not set - allowing");
            chain.doFilter(request, response);
        } else {

            String userName = ((HttpServletRequest) request).getRemoteUser();
            _logger.debug("Looking up group membership for " + userName);
            if (getGroupMembers(_groupName).contains(userName)) {
                _logger.info("Allowing " + userName + " based on group membership");
                chain.doFilter(request, response);
            } else {
                _logger.info("Forbidden to " + userName);
                ((HttpServletResponse) response).sendError(403,
                        "You are not permitted to use this application");
            }
        }
    } catch (Exception e) {
        throw new RuntimeException("Error occured during group authorisation: " + e, e);
    }
}

From source file:com.github.isrsal.logging.LoggingFilter.java

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
        final FilterChain filterChain) throws ServletException, IOException {

    if (logger.isDebugEnabled()) {
        long requestId = id.incrementAndGet();
        request = new RequestWrapper(requestId, request);
        response = new ResponseWrapper(requestId, response);
    }/*from w  ww .  ja  v a2 s . co  m*/
    try {
        filterChain.doFilter(request, response);
    } finally {
        if (logger.isDebugEnabled()) {
            logRequest(request);
            logResponse((ResponseWrapper) response);
        }
    }
}

From source file:com.iorga.iraj.security.AbstractSecurityFilter.java

protected void doFilterWhenSecurityOK(final HttpServletRequest httpRequest,
        final HttpServletResponse httpResponse, final FilterChain chain, final String accessKeyId,
        final S securityContext) throws IOException, ServletException {
    // By default, security OK, forward to next filter
    chain.doFilter(new HttpServletRequestWrapper(httpRequest) {
        @Override/*from   w  w w  .  j  av a 2s.c o m*/
        public Principal getUserPrincipal() {
            return securityContext;
        }
    }, httpResponse);
}

From source file:com.thoughtworks.go.server.newsecurity.filters.AccessTokenAuthenticationFilter.java

private void filterWhenSecurityEnabled(HttpServletRequest request, HttpServletResponse response,
        FilterChain filterChain, AccessTokenCredential accessTokenCredential)
        throws IOException, ServletException {
    if (accessTokenCredential == null) {
        LOGGER.debug("Bearer auth credentials are not provided in request.");
        filterChain.doFilter(request, response);
    } else {//from  w ww .j ava2s .c om
        accessTokenService.updateLastUsedCacheWith(accessTokenCredential.getAccessToken());
        ACCESS_TOKEN_LOGGER.debug(
                "[Bearer Token Authentication] Authenticating bearer token for: " + "GoCD User: '{}'. "
                        + "GoCD API endpoint: '{}', " + "API Client: '{}', " + "Is Admin Scoped Token: '{}', "
                        + "Current Time: '{}'.",
                accessTokenCredential.getAccessToken().getUsername(), request.getRequestURI(),
                request.getHeader("User-Agent"),
                securityService.isUserAdmin(new Username(accessTokenCredential.getAccessToken().getUsername())),
                new Timestamp(System.currentTimeMillis()));

        try {
            SecurityAuthConfig authConfig = securityAuthConfigService
                    .findProfile(accessTokenCredential.getAccessToken().getAuthConfigId());
            final AuthenticationToken<AccessTokenCredential> authenticationToken = authenticationProvider
                    .authenticateUser(accessTokenCredential, authConfig);
            if (authenticationToken == null) {
                onAuthenticationFailure(request, response, BAD_CREDENTIALS_MSG);
            } else {
                SessionUtils.setAuthenticationTokenAfterRecreatingSession(authenticationToken, request);
                filterChain.doFilter(request, response);
            }
        } catch (AuthenticationException e) {
            LOGGER.debug("Failed to authenticate user.", e);
            onAuthenticationFailure(request, response, e.getMessage());
        }
    }
}

From source file:edu.chalmers.dat076.moviefinder.filter.UserFilter.java

@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain)
        throws ServletException, IOException {
    HttpSession session = req.getSession(true);
    String path = req.getRequestURI().substring(req.getContextPath().length());

    Object o = session.getAttribute("user");

    if (o == null) {
        if (path.toLowerCase().startsWith("/api/login/login")) {
            chain.doFilter(req, res);
            return;
        } else if (path.toLowerCase().startsWith("/api/")) {
            res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        } else {// ww  w.  j a  va2  s  .  c  o  m
            chain.doFilter(req, res);
            return;
        }
    }

    User u = (User) o;
    if (path.toLowerCase().startsWith("/api/admin") && u.getRole() != UserRole.ADMIN) {
        res.setStatus(HttpServletResponse.SC_FORBIDDEN);
        return;
    }

    chain.doFilter(req, res);
}

From source file:com.autentia.wuija.web.LocaleContextFilter.java

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    final HttpServletRequest httpRequest = (HttpServletRequest) request;
    final Locale previousLocale = LocaleContextHolder.getLocale();
    final Locale newLocale = localeResolver.resolveLocale(httpRequest);

    LocaleContextHolder.setLocale(newLocale);

    chain.doFilter(request, response);

    LocaleContextHolder.setLocale(previousLocale);
}

From source file:springfox.test.contract.swagger.CrossOriginFilter.java

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException {

    log.info("Applying CORS filter");
    HttpServletResponse response = (HttpServletResponse) resp;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "0");
    chain.doFilter(req, resp);
}

From source file:org.iti.agrimarket.util.SecurityFilter.java

@Override
protected void doFilterInternal(HttpServletRequest hsr, HttpServletResponse hsr1, FilterChain fc)
        throws ServletException {

    try {// w  ww  . j  a  v  a  2 s .  c om
        //            System.out.println("Hi filter");
        MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(hsr);
        if (autheniticate(multiReadRequest)) {

            fc.doFilter(multiReadRequest, hsr1);
        }
    } catch (ClassNotFoundException ex) {
        Logger.getLogger(SecurityFilter.class.getName()).log(Level.SEVERE, null, ex);
    } catch (IOException ex) {
        Logger.getLogger(SecurityFilter.class.getName()).log(Level.SEVERE, null, ex);
    }

}

From source file:org.shaigor.rest.retro.client.oauth.CustomOAuth2ClientContextFilter.java

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
        throws IOException, ServletException {
    if (servletRequest instanceof HttpServletRequest) {
        HttpServletRequest request = ((HttpServletRequest) servletRequest);
        if (request.getAttribute(OAUTH2_REST_TEMPLATE) == null) {
            request.setAttribute(OAUTH2_REST_TEMPLATE, oauth2RestTemplate);
        }//from  w w  w.j ava  2s.c o m
    }
    chain.doFilter(servletRequest, servletResponse);

}

From source file:org.seasar.extension.filter.RequestDumpFilter.java

public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {
    if (config == null) {
        return;//  w  w w.java 2 s  .  c o  m
    }
    if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
        chain.doFilter(request, response);
        return;
    }
    final HttpServletRequest hrequest = (HttpServletRequest) request;
    final HttpServletResponse hresponse = (HttpServletResponse) response;
    dumpBefore(hrequest);
    try {
        chain.doFilter(request, response);
    } finally {
        dumpAfter(hrequest, hresponse);
    }
}