List of usage examples for javax.servlet.http HttpServletRequest getHeader
public String getHeader(String name);
String. From source file:com.googlesource.gerrit.plugins.gitblit.auth.GerritAuthenticationFilter.java
public boolean doFilter(final DynamicItem<WebSession> webSession, ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; String hdr = httpRequest.getHeader("Authorization"); if (hdr != null) { return filterBasicAuth((HttpServletRequest) request, (HttpServletResponse) response, hdr); } else if (webSession.get().isSignedIn()) { return filterSessionAuth(webSession, (HttpServletRequest) request); } else {/*from w ww . j a va 2 s. c o m*/ return true; } }
From source file:nanshen.service.impl.SpringSecureChannelProcessor.java
@Override public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException { Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided"); for (ConfigAttribute attribute : config) { if (supports(attribute)) { HttpServletRequest httpRequest = invocation.getHttpRequest(); if (!httpRequest.isSecure() && StringUtils.isBlank(httpRequest.getHeader("HTTPS"))) { getEntryPoint().commence(invocation.getRequest(), invocation.getResponse()); }/*from w w w . j a v a 2 s. c o m*/ } } }
From source file:com.boxedfolder.carrot.config.security.filter.XAuthTokenFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { try {/* w ww. j a va2s . co m*/ HttpServletRequest httpServletRequest = (HttpServletRequest) request; String authToken = httpServletRequest.getHeader("x-auth-token"); if (StringUtils.hasText(authToken)) { String username = tokenUtils.getUserNameFromToken(authToken); UserDetails details = detailsService.loadUserByUsername(username); if (tokenUtils.validateToken(authToken, details)) { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(details, details.getPassword(), details.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(token); } } filterChain.doFilter(request, response); } catch (Exception exception) { throw new RuntimeException(exception); } }
From source file:cherry.foundation.springmvc.RefererRequestMatcher.java
@Override public boolean matches(HttpServletRequest request) { String ref = request.getHeader("referer"); if (StringUtils.isEmpty(ref)) { return matchesIfEmpty; }//from www .j a v a 2 s . c om Matcher m = uriPattern.matcher(ref); if (!m.matches()) { return matchesIfInvalid; } if (!verify(referer, ref)) { return false; } if (!verify(scheme, m.group(2))) { return false; } if (!verify(authority, m.group(4))) { return false; } if (!verify(path, m.group(5))) { return false; } if (!verify(query, m.group(7))) { return false; } if (!verify(fragment, m.group(9))) { return false; } return true; }
From source file:cltestgrid.GetBlob2.java
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { String userAgent = req.getHeader("User-Agent"); if (userAgent != null && userAgent.contains("Baiduspider")) { resp.setStatus(SC_MOVED_PERMANENTLY); resp.setHeader("Location", "http://www.baidu.com/search/spider.html"); resp.setHeader("X-READ-ME", "Please honor robots.txt and don't waste our resources. http://cl-test-grid.appspot.com/robots.txt"); return;/*from w ww .j av a2 s . c o m*/ } final String key = req.getParameter("key"); GcsFilename filename = new GcsFilename("cl-test-grid-logs", key); GcsInputChannel readChannel = null; InputStream inputStream = null; try { final boolean lock = false; //readChannel = FileServiceFactory.getFileService().openReadChannel(file, lock); readChannel = GcsServiceFactory.createGcsService().openReadChannel(filename, 0); inputStream = Channels.newInputStream(readChannel); resp.setContentType("text/plain"); // The log files are gzipped, but the Cloud Storage Client Library ungzips them automatically. // After we return this data, GAE gzips our output in case client accepts 'gzip' contect encoding. IOUtils.copy(new BufferedInputStream(inputStream, 100 * 1024), resp.getOutputStream()); resp.getOutputStream().flush(); } finally { IOUtils.closeQuietly(inputStream); IOUtils.closeQuietly(readChannel); } }
From source file:com.mycompany.springrest.token.JwtAuthenticationFilter.java
@Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { String header = request.getHeader("Authorization"); if (header == null || !header.startsWith("Bearer ")) { throw new JwtTokenMissingException("No JWT token found in request headers"); }/*from w ww. j a v a 2s . c om*/ String authToken = header.substring(7); JwtAuthenticationToken authRequest = new JwtAuthenticationToken(authToken); return getAuthenticationManager().authenticate(authRequest); }
From source file:com.telefonica.euro_iaas.sdc.puppetwrapper.aspects.MdcInterceptor.java
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String txId = request.getHeader("txId"); if (txId != null) { MDC.put("txId", txId); } else {/*w w w. ja v a2 s. c o m*/ MDC.put("txId", ((HttpServletRequest) request).getSession().getId()); } return true; }
From source file:org.oncoblocks.centromere.web.security.AuthenticationTokenProcessingFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new RuntimeException("Expecting an HTTP request."); }/*w w w .ja v a 2 s . com*/ HttpServletRequest httpRequest = (HttpServletRequest) request; String authToken = httpRequest.getHeader("X-Auth-Token"); if (authToken == null) { authToken = httpRequest.getParameter("token"); } String username = tokenOperations.getUserNameFromToken(authToken); if (username != null) { UserDetails userDetails = userDetailsService.loadUserByUsername(username); if (tokenOperations.validateToken(authToken, userDetails)) { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities()); authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest)); SecurityContextHolder.getContext().setAuthentication(authentication); } } chain.doFilter(request, response); }
From source file:cltestgrid.GetBlob.java
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { String userAgent = req.getHeader("User-Agent"); if (userAgent != null && userAgent.contains("Baiduspider")) { resp.setStatus(SC_MOVED_PERMANENTLY); resp.setHeader("Location", "http://www.baidu.com/search/spider.html"); resp.setHeader("X-READ-ME", "Please honor robots.txt and don't waste our resources. http://cl-test-grid.appspot.com/robots.txt"); return;/*from www .j a v a2 s .c om*/ } final String key = req.getParameter("key"); String filename = "/gs/cl-test-grid-logs/" + key; AppEngineFile file = new AppEngineFile(filename); FileReadChannel readChannel = null; InputStream inputStream = null; try { final boolean lock = false; readChannel = FileServiceFactory.getFileService().openReadChannel(file, lock); inputStream = Channels.newInputStream(readChannel); resp.setContentType("text/plain"); // The log files are gzipped, but we can't serve gzipped content, // because GAE gzips servlet output itlself and so logs would end-up gzipped twice. // Therefore we need to ungzip the log. InputStream ungzipper = new GZIPInputStream(new BufferedInputStream(inputStream, 100 * 1024)); IOUtils.copy(ungzipper, resp.getOutputStream()); resp.getOutputStream().flush(); } finally { IOUtils.closeQuietly(inputStream); IOUtils.closeQuietly(readChannel); } }
From source file:nl.knmi.adaguc.services.oauth2.OAuth2Handler.java
public static UserInfo verifyAndReturnUserIdentifier(HttpServletRequest request) throws JSONException, WebRequestBadStatusException, IOException, ElementNotFoundException { // 1) Find the Authorization header containing the access_token String access_token = request.getHeader("Authorization"); if (access_token == null) { // No access token, probably not an OAuth2 request, skip. return null; }//from w w w. j a va2 s .co m Debug.println("Authorization : " + access_token); // 2) Find the Discovery service, it might have been passed in the // request headers: String discoveryURL = request.getHeader("Discovery"); if (discoveryURL == null) { discoveryURL = "https://accounts.google.com/.well-known/openid-configuration"; } Debug.println("Discovery : " + discoveryURL); // 3 Retrieve the Discovery service, so we get all service endpoints String discoveryData = HTTPTools.makeHTTPGetRequest(discoveryURL); JSONObject jsonObject = (JSONObject) new JSONTokener(discoveryData).nextValue(); // 4) Retrieve userinfo endpoint String userInfoEndpoint = jsonObject.getString("userinfo_endpoint"); Debug.println("userInfoEndpoint:" + userInfoEndpoint); // 5) Make a get request with Authorization headers set, the // access_token is used here as Bearer. KVPKey key = new KVPKey(); key.addKVP("Authorization", access_token); Debug.println("Starting request"); String id_token = HTTPTools.makeHTTPGetRequestWithHeaders(userInfoEndpoint, key);// ,"Authorization: // Bearer // "+access_token); Debug.println("Finished request"); // 6) The ID token is retrieved, now return the identifier from this // token. Debug.println("Retrieved id_token=" + id_token); return getIdentifierFromJWTPayload(id_token); }