Example usage for javax.servlet FilterChain doFilter

List of usage examples for javax.servlet FilterChain doFilter

Introduction

In this page you can find the example usage for javax.servlet FilterChain doFilter.

Prototype

public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;

Source Link

Document

Causes the next filter in the chain to be invoked, or if the calling filter is the last filter in the chain, causes the resource at the end of the chain to be invoked.

Usage

From source file:org.mitre.oauth2.web.CorsFilter.java

@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {

    response.addHeader("Access-Control-Allow-Origin", "*");
    if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
        // CORS "pre-flight" request
        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        response.addHeader("Access-Control-Allow-Headers",
                "X-Requested-With,Origin,Content-Type, Accept, Authorization");
    }/*from  ww w .j  a va 2 s  .  c o  m*/
    filterChain.doFilter(request, response);
}

From source file:se.crisp.codekvast.support.web.config.WebjarVersionFilter.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    String requestURI = ((HttpServletRequest) request).getRequestURI();
    String expandedRequestURI = expandRequestURI(requestURI);
    if (expandedRequestURI != null) {
        log.trace("Forwarding {} to {}", requestURI, expandedRequestURI);
        request.getRequestDispatcher(expandedRequestURI).forward(request, response);
    } else {/*www . j  av  a 2s  . c om*/
        chain.doFilter(request, response);
    }
}

From source file:com.jaspersoft.jasperserver.ps.CORSHandler.SimpleCORSFilter.java

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
    response.setHeader("X-Frame-Options", "ALLOW");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    chain.doFilter(req, res);
}

From source file:pl.szcze.userserviceproject.CsrfHeaderFilter.java

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
        FilterChain filterChain) throws ServletException, IOException {
    CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName());

    if (csrfToken != null) {
        Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
        String token = csrfToken.getToken();

        if (cookie == null || token != null && !token.equals(cookie.getValue())) {
            cookie = new Cookie("XSRF-TOKEN", token);
            cookie.setPath("/");
            response.addCookie(cookie);/*from w w w  .j  a  v  a 2s .  co  m*/
        }
    }

    filterChain.doFilter(request, response);
}

From source file:programacaovi.rackmanagement.filters.SimpleCORSFilter.java

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "PATCH, POST, GET, PUT, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Allow-Headers",
            "Location, Origin, X-Requested-With, Content-Type, Accept");
    response.setHeader("Access-Control-Expose-Headers", "*");
    chain.doFilter(req, res);
}

From source file:com.logiclander.jaasmine.authentication.http.SPNegoFilter.java

/**
 * This implementation will filter requests for credentials and determine if
 * processing of the FilterChain can proceed.  Filtering occurs as follows:
 * <OL>//from  w  w w  .j ava  2s. c o  m
 *  <LI>If the request is not an HttpServletRequest and the response is not
 * an HttpServletResponse, continue processing the filter chain (this almost
 * never happens)</LI>
 *  <LI>The HttpServletRequest is checked for a {@code WWW-Authenticate}
 * request header.  If found, it is checked for the scheme used, which must
 * be set to {@code Negotiate}.</LI>
 *  <LI>If found, the SPNego token is decoded and validated.  If it is
 * valid, processing is allowed to continue.  If not, processing will stop
 * and an HTTP 401 is returned with a {@code WWW-Authenticate} request
 * header set to {@code Negotiate}.</LI>
 *  <LI>If the request header is not found, an HTTP 401 is returned with a
 * {@code WWW-Authenticate} request header set to {@code Negotiate}.</LI>
 * </OL>
 *
 * @param request the ServletRequest
 * @param response the ServletResponse
 * @param chain the FilterChain
 * @throws IOException if an I/O error occurs in the FilterChain
 * @throws ServletException if a processing error occurs in the FilterChain
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    if (logger.isDebugEnabled()) {
        logger.debug(String.format("%s: entering doFilter", filterName));
    }

    if (!(request instanceof HttpServletRequest) && !(response instanceof HttpServletResponse)) {

        chain.doFilter(request, response);

    } else {

        HttpServletRequest httpReq = (HttpServletRequest) request;
        HttpServletResponse httpResp = (HttpServletResponse) response;

        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Filtering request: %s%s", httpReq.getContextPath(),
                    httpReq.getServletPath()));
        }

        String sPNegoToken = getSPNegoToken(httpReq);
        boolean canExecute = false;
        SPNegoServer server = null;

        try {

            server = new SPNegoServer(sPNegoToken);
            canExecute = server.isValidToken();

            // Wrap the HttpServletRequest with the requester's GSSName
            // so that additional processing can take place w/out having
            // to re-examine the SPNego token.
            httpReq = new JaasmineHttpServletRequest(httpReq, server.getRequesterName());

        } catch (GSSException ex) {

            if (logger.isDebugEnabled()) {

                logger.debug("Problem with SPNego token", ex);

            } else {

                logger.info(String.format("Problem with SPNego token: %s", ex.getMessage()));

            }

            canExecute = false;

        } catch (Exception ex) {

            if (logger.isFatalEnabled()) {
                logger.fatal(ex.getMessage(), ex);
            }

            canExecute = false;

        }

        if (canExecute) {

            chain.doFilter(httpReq, httpResp);

        } else {

            if (!httpResp.isCommitted()) {
                httpResp.setHeader("WWW-Authenticate", "Negotiate");
                httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                return;
            }

        }
    }
}

From source file:com.sfwl.framework.web.casclient.AuthenticationFilter.java

public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
        final FilterChain filterChain) throws IOException, ServletException {

    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;

    if (isRequestUrlExcluded(request)) {
        logger.debug("Request is ignored.");
        filterChain.doFilter(request, response);
        return;/* ww  w . j a v  a 2  s.  com*/
    }

    // URL(js+css+img)
    if (excepUrlPattern != null && excepUrlPattern.matcher(request.getServletPath()).matches()) {
        filterChain.doFilter(request, response);
        return;
    }

    final HttpSession session = request.getSession(false);
    final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;

    if (assertion != null) {
        filterChain.doFilter(request, response);
        return;
    }

    final String serviceUrl = constructServiceUrl(request, response);
    final String ticket = retrieveTicketFromRequest(request);
    final boolean wasGatewayed = this.gateway && this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);

    if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
        filterChain.doFilter(request, response);
        return;
    }

    final String modifiedServiceUrl;

    logger.debug("no ticket and no assertion found");
    if (this.gateway) {
        logger.debug("setting gateway attribute in session");
        modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
    } else {
        modifiedServiceUrl = serviceUrl;
    }

    logger.debug("Constructed service url: {}", modifiedServiceUrl);

    final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl,
            getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);

    logger.debug("redirecting to \"{}\"", urlToRedirectTo);
    this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
}

From source file:com.leixl.easyframework.web.filter.VcaptchaFilter.java

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;

    String requestURI = request.getRequestURI();

    if (ArrayUtils.contains(includeURIs, requestURI)) {
        if (!doValidate(request, response)) {
            ResponseUtils.renderJson(response, resultJson);
            return;
        }/*from   ww w  .  j  ava2 s .c o  m*/
    }
    chain.doFilter(req, resp);
}

From source file:nl.mineleni.cbsviewer.servlet.GZipFilter.java

/**
 * Comprimeert de response met GZip mits de clinet aangeeft dat die gzip
 * accepteert.//from  www . java 2 s .c  om
 * 
 * {@inheritDoc}
 * 
 * @param request
 *            het request
 * @param response
 *            de response
 * @param chain
 *            de filter chain
 * @throws IOException
 *             Signals that an I/O exception has occurred.
 * @throws ServletException
 *             the servlet exception
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
 *      javax.servlet.ServletResponse, javax.servlet.FilterChain)
 * 
 * 
 */
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    String acceptEncoding = httpRequest.getHeader(HttpHeaders.ACCEPT_ENCODING);
    if (acceptEncoding != null) {
        if (acceptEncoding.indexOf("gzip") >= 0) {
            GZIPHttpServletResponseWrapper gzipResponse = new GZIPHttpServletResponseWrapper(httpResponse);
            chain.doFilter(request, gzipResponse);
            gzipResponse.finish();
            return;
        }
    }
    chain.doFilter(request, response);
}

From source file:com.todo.backend.security.JWTFilter.java

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {
    try {//from w w  w . ja v  a 2s  . com
        final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        final Optional<String> jwtToken = extractToken(httpServletRequest);
        if (jwtToken.isPresent()) {
            final Authentication authentication = JWTUtils.getAuthentication(jwtToken.get(), secretKey);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    } catch (ExpiredJwtException e) {
        log.debug("Security exception for user {} - {}. Expired token.", e.getClaims().getSubject(),
                e.getMessage());
        ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED,
                "Authentication token expired!");
    } catch (JwtException e) {
        log.debug("Authentication token is invalid. {}", e.getMessage());
        ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED,
                "Authentication token is invalid!");
    }
}