List of usage examples for javax.servlet FilterChain doFilter
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;
From source file:com.surevine.chat.auth.GroupAuthorisationFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { try {//from w w w . j ava 2s . c om HttpSession session = ((HttpServletRequest) request).getSession(); if (session.getAttribute(SESSION_KEY) != null) { _logger.debug("Session attribute set: Allowing"); chain.doFilter(request, response); } // If we don't have a user in the session, just continue. This // special // case is what allows us to work with CAS, // _requires_ something like CAS to be secure, and is the reason // that we // need to code our own filter for this. else if (((HttpServletRequest) request).getRemoteUser() == null) { _logger.debug("User principal not set - allowing"); chain.doFilter(request, response); } else { String userName = ((HttpServletRequest) request).getRemoteUser(); _logger.debug("Looking up group membership for " + userName); if (getGroupMembers(_groupName).contains(userName)) { _logger.info("Allowing " + userName + " based on group membership"); chain.doFilter(request, response); } else { _logger.info("Forbidden to " + userName); ((HttpServletResponse) response).sendError(403, "You are not permitted to use this application"); } } } catch (Exception e) { throw new RuntimeException("Error occured during group authorisation: " + e, e); } }
From source file:com.github.isrsal.logging.LoggingFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException { if (logger.isDebugEnabled()) { long requestId = id.incrementAndGet(); request = new RequestWrapper(requestId, request); response = new ResponseWrapper(requestId, response); }/*from w ww . ja v a2 s . co m*/ try { filterChain.doFilter(request, response); } finally { if (logger.isDebugEnabled()) { logRequest(request); logResponse((ResponseWrapper) response); } } }
From source file:com.iorga.iraj.security.AbstractSecurityFilter.java
protected void doFilterWhenSecurityOK(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final FilterChain chain, final String accessKeyId, final S securityContext) throws IOException, ServletException { // By default, security OK, forward to next filter chain.doFilter(new HttpServletRequestWrapper(httpRequest) { @Override/*from w w w . j av a 2s.c o m*/ public Principal getUserPrincipal() { return securityContext; } }, httpResponse); }
From source file:com.thoughtworks.go.server.newsecurity.filters.AccessTokenAuthenticationFilter.java
private void filterWhenSecurityEnabled(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain, AccessTokenCredential accessTokenCredential) throws IOException, ServletException { if (accessTokenCredential == null) { LOGGER.debug("Bearer auth credentials are not provided in request."); filterChain.doFilter(request, response); } else {//from w ww .j ava2s .c om accessTokenService.updateLastUsedCacheWith(accessTokenCredential.getAccessToken()); ACCESS_TOKEN_LOGGER.debug( "[Bearer Token Authentication] Authenticating bearer token for: " + "GoCD User: '{}'. " + "GoCD API endpoint: '{}', " + "API Client: '{}', " + "Is Admin Scoped Token: '{}', " + "Current Time: '{}'.", accessTokenCredential.getAccessToken().getUsername(), request.getRequestURI(), request.getHeader("User-Agent"), securityService.isUserAdmin(new Username(accessTokenCredential.getAccessToken().getUsername())), new Timestamp(System.currentTimeMillis())); try { SecurityAuthConfig authConfig = securityAuthConfigService .findProfile(accessTokenCredential.getAccessToken().getAuthConfigId()); final AuthenticationToken<AccessTokenCredential> authenticationToken = authenticationProvider .authenticateUser(accessTokenCredential, authConfig); if (authenticationToken == null) { onAuthenticationFailure(request, response, BAD_CREDENTIALS_MSG); } else { SessionUtils.setAuthenticationTokenAfterRecreatingSession(authenticationToken, request); filterChain.doFilter(request, response); } } catch (AuthenticationException e) { LOGGER.debug("Failed to authenticate user.", e); onAuthenticationFailure(request, response, e.getMessage()); } } }
From source file:edu.chalmers.dat076.moviefinder.filter.UserFilter.java
@Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException { HttpSession session = req.getSession(true); String path = req.getRequestURI().substring(req.getContextPath().length()); Object o = session.getAttribute("user"); if (o == null) { if (path.toLowerCase().startsWith("/api/login/login")) { chain.doFilter(req, res); return; } else if (path.toLowerCase().startsWith("/api/")) { res.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } else {// ww w. j a va2 s . c o m chain.doFilter(req, res); return; } } User u = (User) o; if (path.toLowerCase().startsWith("/api/admin") && u.getRole() != UserRole.ADMIN) { res.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } chain.doFilter(req, res); }
From source file:com.autentia.wuija.web.LocaleContextFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; final Locale previousLocale = LocaleContextHolder.getLocale(); final Locale newLocale = localeResolver.resolveLocale(httpRequest); LocaleContextHolder.setLocale(newLocale); chain.doFilter(request, response); LocaleContextHolder.setLocale(previousLocale); }
From source file:springfox.test.contract.swagger.CrossOriginFilter.java
@Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { log.info("Applying CORS filter"); HttpServletResponse response = (HttpServletResponse) resp; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "0"); chain.doFilter(req, resp); }
From source file:org.iti.agrimarket.util.SecurityFilter.java
@Override protected void doFilterInternal(HttpServletRequest hsr, HttpServletResponse hsr1, FilterChain fc) throws ServletException { try {// w ww . j a v a 2 s . c om // System.out.println("Hi filter"); MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(hsr); if (autheniticate(multiReadRequest)) { fc.doFilter(multiReadRequest, hsr1); } } catch (ClassNotFoundException ex) { Logger.getLogger(SecurityFilter.class.getName()).log(Level.SEVERE, null, ex); } catch (IOException ex) { Logger.getLogger(SecurityFilter.class.getName()).log(Level.SEVERE, null, ex); } }
From source file:org.shaigor.rest.retro.client.oauth.CustomOAuth2ClientContextFilter.java
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { if (servletRequest instanceof HttpServletRequest) { HttpServletRequest request = ((HttpServletRequest) servletRequest); if (request.getAttribute(OAUTH2_REST_TEMPLATE) == null) { request.setAttribute(OAUTH2_REST_TEMPLATE, oauth2RestTemplate); }//from w w w.j ava 2s.c o m } chain.doFilter(servletRequest, servletResponse); }
From source file:org.seasar.extension.filter.RequestDumpFilter.java
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { if (config == null) { return;// w w w.java 2 s . c o m } if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) { chain.doFilter(request, response); return; } final HttpServletRequest hrequest = (HttpServletRequest) request; final HttpServletResponse hresponse = (HttpServletResponse) response; dumpBefore(hrequest); try { chain.doFilter(request, response); } finally { dumpAfter(hrequest, hresponse); } }