List of usage examples for javax.servlet FilterChain doFilter
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;
From source file:org.mitre.oauth2.web.CorsFilter.java
@Override public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type, Accept, Authorization"); }/*from ww w .j a va 2 s . c o m*/ filterChain.doFilter(request, response); }
From source file:se.crisp.codekvast.support.web.config.WebjarVersionFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String requestURI = ((HttpServletRequest) request).getRequestURI(); String expandedRequestURI = expandRequestURI(requestURI); if (expandedRequestURI != null) { log.trace("Forwarding {} to {}", requestURI, expandedRequestURI); request.getRequestDispatcher(expandedRequestURI).forward(request, response); } else {/*www . j av a 2s . c om*/ chain.doFilter(request, response); } }
From source file:com.jaspersoft.jasperserver.ps.CORSHandler.SimpleCORSFilter.java
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); response.setHeader("X-Frame-Options", "ALLOW"); response.setHeader("Access-Control-Allow-Credentials", "true"); chain.doFilter(req, res); }
From source file:pl.szcze.userserviceproject.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrfToken = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrfToken != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrfToken.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);/*from w w w .j a v a 2s . co m*/ } } filterChain.doFilter(request, response); }
From source file:programacaovi.rackmanagement.filters.SimpleCORSFilter.java
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "PATCH, POST, GET, PUT, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Location, Origin, X-Requested-With, Content-Type, Accept"); response.setHeader("Access-Control-Expose-Headers", "*"); chain.doFilter(req, res); }
From source file:com.logiclander.jaasmine.authentication.http.SPNegoFilter.java
/** * This implementation will filter requests for credentials and determine if * processing of the FilterChain can proceed. Filtering occurs as follows: * <OL>//from w w w .j ava 2s. c o m * <LI>If the request is not an HttpServletRequest and the response is not * an HttpServletResponse, continue processing the filter chain (this almost * never happens)</LI> * <LI>The HttpServletRequest is checked for a {@code WWW-Authenticate} * request header. If found, it is checked for the scheme used, which must * be set to {@code Negotiate}.</LI> * <LI>If found, the SPNego token is decoded and validated. If it is * valid, processing is allowed to continue. If not, processing will stop * and an HTTP 401 is returned with a {@code WWW-Authenticate} request * header set to {@code Negotiate}.</LI> * <LI>If the request header is not found, an HTTP 401 is returned with a * {@code WWW-Authenticate} request header set to {@code Negotiate}.</LI> * </OL> * * @param request the ServletRequest * @param response the ServletResponse * @param chain the FilterChain * @throws IOException if an I/O error occurs in the FilterChain * @throws ServletException if a processing error occurs in the FilterChain */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug(String.format("%s: entering doFilter", filterName)); } if (!(request instanceof HttpServletRequest) && !(response instanceof HttpServletResponse)) { chain.doFilter(request, response); } else { HttpServletRequest httpReq = (HttpServletRequest) request; HttpServletResponse httpResp = (HttpServletResponse) response; if (logger.isDebugEnabled()) { logger.debug(String.format("Filtering request: %s%s", httpReq.getContextPath(), httpReq.getServletPath())); } String sPNegoToken = getSPNegoToken(httpReq); boolean canExecute = false; SPNegoServer server = null; try { server = new SPNegoServer(sPNegoToken); canExecute = server.isValidToken(); // Wrap the HttpServletRequest with the requester's GSSName // so that additional processing can take place w/out having // to re-examine the SPNego token. httpReq = new JaasmineHttpServletRequest(httpReq, server.getRequesterName()); } catch (GSSException ex) { if (logger.isDebugEnabled()) { logger.debug("Problem with SPNego token", ex); } else { logger.info(String.format("Problem with SPNego token: %s", ex.getMessage())); } canExecute = false; } catch (Exception ex) { if (logger.isFatalEnabled()) { logger.fatal(ex.getMessage(), ex); } canExecute = false; } if (canExecute) { chain.doFilter(httpReq, httpResp); } else { if (!httpResp.isCommitted()) { httpResp.setHeader("WWW-Authenticate", "Negotiate"); httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; } } } }
From source file:com.sfwl.framework.web.casclient.AuthenticationFilter.java
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; if (isRequestUrlExcluded(request)) { logger.debug("Request is ignored."); filterChain.doFilter(request, response); return;/* ww w . j a v a 2 s. com*/ } // URL(js+css+img) if (excepUrlPattern != null && excepUrlPattern.matcher(request.getServletPath()).matches()) { filterChain.doFilter(request, response); return; } final HttpSession session = request.getSession(false); final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null; if (assertion != null) { filterChain.doFilter(request, response); return; } final String serviceUrl = constructServiceUrl(request, response); final String ticket = retrieveTicketFromRequest(request); final boolean wasGatewayed = this.gateway && this.gatewayStorage.hasGatewayedAlready(request, serviceUrl); if (CommonUtils.isNotBlank(ticket) || wasGatewayed) { filterChain.doFilter(request, response); return; } final String modifiedServiceUrl; logger.debug("no ticket and no assertion found"); if (this.gateway) { logger.debug("setting gateway attribute in session"); modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl); } else { modifiedServiceUrl = serviceUrl; } logger.debug("Constructed service url: {}", modifiedServiceUrl); final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway); logger.debug("redirecting to \"{}\"", urlToRedirectTo); this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo); }
From source file:com.leixl.easyframework.web.filter.VcaptchaFilter.java
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; String requestURI = request.getRequestURI(); if (ArrayUtils.contains(includeURIs, requestURI)) { if (!doValidate(request, response)) { ResponseUtils.renderJson(response, resultJson); return; }/*from ww w . j ava2 s .c o m*/ } chain.doFilter(req, resp); }
From source file:nl.mineleni.cbsviewer.servlet.GZipFilter.java
/** * Comprimeert de response met GZip mits de clinet aangeeft dat die gzip * accepteert.//from www . java 2 s .c om * * {@inheritDoc} * * @param request * het request * @param response * de response * @param chain * de filter chain * @throws IOException * Signals that an I/O exception has occurred. * @throws ServletException * the servlet exception * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, * javax.servlet.ServletResponse, javax.servlet.FilterChain) * * */ @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String acceptEncoding = httpRequest.getHeader(HttpHeaders.ACCEPT_ENCODING); if (acceptEncoding != null) { if (acceptEncoding.indexOf("gzip") >= 0) { GZIPHttpServletResponseWrapper gzipResponse = new GZIPHttpServletResponseWrapper(httpResponse); chain.doFilter(request, gzipResponse); gzipResponse.finish(); return; } } chain.doFilter(request, response); }
From source file:com.todo.backend.security.JWTFilter.java
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { try {//from w w w . ja v a 2s . com final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; final Optional<String> jwtToken = extractToken(httpServletRequest); if (jwtToken.isPresent()) { final Authentication authentication = JWTUtils.getAuthentication(jwtToken.get(), secretKey); SecurityContextHolder.getContext().setAuthentication(authentication); } filterChain.doFilter(servletRequest, servletResponse); } catch (ExpiredJwtException e) { log.debug("Security exception for user {} - {}. Expired token.", e.getClaims().getSubject(), e.getMessage()); ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication token expired!"); } catch (JwtException e) { log.debug("Authentication token is invalid. {}", e.getMessage()); ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication token is invalid!"); } }