List of usage examples for javax.servlet.http HttpServletRequest getHeaders
public Enumeration<String> getHeaders(String name);
Enumeration of String objects. From source file:lucee.runtime.net.rpc.server.RPCServer.java
/** * Process a POST to the servlet by handing it off to the Axis Engine. * Here is where SOAP messages are received * @param req posted request//from w ww.j a va 2 s .c om * @param res respose * @throws ServletException trouble * @throws IOException different trouble */ public void doPost(HttpServletRequest req, HttpServletResponse res, Component component) throws ServletException, IOException { long t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; String soapAction = null; MessageContext msgContext = null; Message rspMsg = null; String contentType = null; InputStream is = null; try { AxisEngine engine = getEngine(); if (engine == null) { // !!! should return a SOAP fault... ServletException se = new ServletException(Messages.getMessage("noEngine00")); log.debug("No Engine!", se); throw se; } res.setBufferSize(1024 * 8); // provide performance boost. /** get message context w/ various properties set */ msgContext = createMessageContext(engine, req, res, component); ComponentController.set(msgContext); // ? OK to move this to 'getMessageContext', // ? where it would also be picked up for 'doGet()' ? if (securityProvider != null) { if (isDebug) { log.debug("securityProvider:" + securityProvider); } msgContext.setProperty(MessageContext.SECURITY_PROVIDER, securityProvider); } is = req.getInputStream(); Message requestMsg = new Message(is, false, req.getHeader(HTTPConstants.HEADER_CONTENT_TYPE), req.getHeader(HTTPConstants.HEADER_CONTENT_LOCATION)); // Transfer HTTP headers to MIME headers for request message. MimeHeaders requestMimeHeaders = requestMsg.getMimeHeaders(); for (Enumeration e = req.getHeaderNames(); e.hasMoreElements();) { String headerName = (String) e.nextElement(); for (Enumeration f = req.getHeaders(headerName); f.hasMoreElements();) { String headerValue = (String) f.nextElement(); requestMimeHeaders.addHeader(headerName, headerValue); } } if (isDebug) { log.debug("Request Message:" + requestMsg); /* Set the request(incoming) message field in the context */ /**********************************************************/ } msgContext.setRequestMessage(requestMsg); String url = HttpUtils.getRequestURL(req).toString().toLowerCase(); msgContext.setProperty(MessageContext.TRANS_URL, url); // put character encoding of request to message context // in order to reuse it during the whole process. try { String reqEnc = (String) requestMsg.getProperty(SOAPMessage.CHARACTER_SET_ENCODING); if (reqEnc != null) msgContext.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, reqEnc); } catch (SOAPException e1) { } try { /** * Save the SOAPAction header in the MessageContext bag. * This will be used to tell the Axis Engine which service * is being invoked. This will save us the trouble of * having to parse the Request message - although we will * need to double-check later on that the SOAPAction header * does in fact match the URI in the body. */ // (is this last stmt true??? (I don't think so - Glen)) /********************************************************/ soapAction = getSoapAction(req); if (soapAction != null) { msgContext.setUseSOAPAction(true); msgContext.setSOAPActionURI(soapAction); } // Create a Session wrapper for the HTTP session. // These can/should be pooled at some point. // (Sam is Watching! :-) msgContext.setSession(new AxisHttpSession(req)); if (tlog.isDebugEnabled()) { t1 = System.currentTimeMillis(); } /* Invoke the Axis engine... */ /*****************************/ if (isDebug) { log.debug("Invoking Axis Engine."); //here we run the message by the engine } //msgContext.setProperty("disablePrettyXML", "false"); engine.invoke(msgContext); if (isDebug) { log.debug("Return from Axis Engine."); } if (tlog.isDebugEnabled()) { t2 = System.currentTimeMillis(); } rspMsg = msgContext.getResponseMessage(); // We used to throw exceptions on null response messages. // They are actually OK in certain situations (asynchronous // services), so fall through here and return an ACCEPTED // status code below. Might want to install a configurable // error check for this later. } catch (AxisFault fault) { //log and sanitize processAxisFault(fault); configureResponseFromAxisFault(res, fault); rspMsg = msgContext.getResponseMessage(); if (rspMsg == null) { rspMsg = new Message(fault); ((org.apache.axis.SOAPPart) rspMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } } catch (Throwable t) { if (t instanceof InvocationTargetException) t = ((InvocationTargetException) t).getTargetException(); // Exception if (t instanceof Exception) { Exception e = (Exception) t; //other exceptions are internal trouble rspMsg = msgContext.getResponseMessage(); res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); rspMsg = convertExceptionToAxisFault(e, rspMsg); ((org.apache.axis.SOAPPart) rspMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } // throwable else { logException(t); //other exceptions are internal trouble rspMsg = msgContext.getResponseMessage(); res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); rspMsg = new Message(new AxisFault(t.toString(), t)); ((org.apache.axis.SOAPPart) rspMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } } } catch (AxisFault fault) { processAxisFault(fault); configureResponseFromAxisFault(res, fault); rspMsg = msgContext.getResponseMessage(); if (rspMsg == null) { rspMsg = new Message(fault); ((org.apache.axis.SOAPPart) rspMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } } finally { IOUtil.closeEL(is); } if (tlog.isDebugEnabled()) { t3 = System.currentTimeMillis(); } // Send response back along the wire... if (rspMsg != null) { // Transfer MIME headers to HTTP headers for response message. MimeHeaders responseMimeHeaders = rspMsg.getMimeHeaders(); for (Iterator i = responseMimeHeaders.getAllHeaders(); i.hasNext();) { MimeHeader responseMimeHeader = (MimeHeader) i.next(); res.addHeader(responseMimeHeader.getName(), responseMimeHeader.getValue()); } // synchronize the character encoding of request and response String responseEncoding = (String) msgContext.getProperty(SOAPMessage.CHARACTER_SET_ENCODING); if (responseEncoding != null) { try { rspMsg.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, responseEncoding); } catch (SOAPException e) { } } //determine content type from message response contentType = rspMsg.getContentType(msgContext.getSOAPConstants()); if (isDebug) log.debug("Returned Content-Type:" + contentType); // write result to response stream try { res.setContentType(contentType); rspMsg.writeTo(res.getOutputStream()); } catch (SOAPException e) { logException(e); } if (!res.isCommitted()) res.flushBuffer(); // Force it right now. } else { // No content, so just indicate accepted res.setStatus(202); } if (isDebug) { log.debug("Response sent."); log.debug("Exit: doPost()"); } if (tlog.isDebugEnabled()) { t4 = System.currentTimeMillis(); tlog.debug("axisServlet.doPost: " + soapAction + " pre=" + (t1 - t0) + " invoke=" + (t2 - t1) + " post=" + (t3 - t2) + " send=" + (t4 - t3) + " " + msgContext.getTargetService() + "." + ((msgContext.getOperation() == null) ? "" : msgContext.getOperation().getName())); } }
From source file:org.codehaus.wadi.web.impl.CommonsHttpProxy.java
protected void doProxy(URI uri, WebInvocation context) throws ProxyingException { HttpServletRequest hreq = context.getHreq(); HttpServletResponse hres = context.getHres(); long startTime = System.currentTimeMillis(); String m = hreq.getMethod();//w ww . j a v a 2 s.co m Class clazz = (Class) _methods.get(m); if (clazz == null) { throw new IrrecoverableException("unsupported http method: " + m); } HttpMethod hm = null; try { hm = (HttpMethod) clazz.newInstance(); } catch (Exception e) { throw new IrrecoverableException("could not create HttpMethod instance", e); // should never happen } String requestURI = getRequestURI(hreq); hm.setPath(requestURI); String queryString = hreq.getQueryString(); if (queryString != null) { hm.setQueryString(queryString); requestURI += queryString; } hm.setFollowRedirects(false); //hm.setURI(new URI(uri)); hm.setStrictMode(false); // check connection header String connectionHdr = hreq.getHeader("Connection"); // TODO - what if there are multiple values ? if (connectionHdr != null) { connectionHdr = connectionHdr.toLowerCase(); if (connectionHdr.equals("keep-alive") || connectionHdr.equals("close")) connectionHdr = null; // TODO ?? } // copy headers boolean xForwardedFor = false; boolean hasContent = false; int contentLength = 0; Enumeration enm = hreq.getHeaderNames(); while (enm.hasMoreElements()) { // TODO could be better than this! - using javax.servlet ? String hdr = (String) enm.nextElement(); String lhdr = hdr.toLowerCase(); if (_DontProxyHeaders.contains(lhdr)) continue; if (connectionHdr != null && connectionHdr.indexOf(lhdr) >= 0) continue; if ("content-length".equals(lhdr)) { try { contentLength = hreq.getIntHeader(hdr); hasContent = contentLength > 0; } catch (NumberFormatException e) { if (_log.isWarnEnabled()) _log.warn("bad Content-Length header value: " + hreq.getHeader(hdr), e); } } if ("content-type".equals(lhdr)) { hasContent = true; } Enumeration vals = hreq.getHeaders(hdr); while (vals.hasMoreElements()) { String val = (String) vals.nextElement(); if (val != null) { hm.addRequestHeader(hdr, val); // if (_log.isInfoEnabled()) _log.info("Request " + hdr + ": " + val); xForwardedFor |= "X-Forwarded-For".equalsIgnoreCase(hdr); // why is this not in the outer loop ? } } } // cookies... // although we copy cookie headers into the request abover - commons-httpclient thinks it knows better and strips them out before sending. // we have to explicitly use their interface to add the cookies - painful... // DOH! - an org.apache.commons.httpclient.Cookie is NOT a // javax.servlet.http.Cookie - and it looks like the two don't // map onto each other without data loss... HttpState state = new HttpState(); javax.servlet.http.Cookie[] cookies = hreq.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { javax.servlet.http.Cookie c = cookies[i]; String domain = c.getDomain(); if (domain == null) { domain = hreq.getServerName(); // TODO - tmp test // _log.warn("defaulting cookie domain"); } // domain=null; String cpath = c.getPath(); if (cpath == null) { cpath = hreq.getContextPath(); // fix for Jetty // _log.warn("defaulting cookie path"); } //if (_log.isTraceEnabled()) _log.trace("PATH: value="+path+" length="+(path==null?0:path.length())); Cookie cookie = new Cookie(domain, c.getName(), c.getValue(), cpath, c.getMaxAge(), c.getSecure()); // TODO - sort out domain //if (_log.isTraceEnabled()) _log.trace("Cookie: "+cookie.getDomain()+","+ cookie.getName()+","+ cookie.getValue()+","+ cookie.getPath()+","+ cookie.getExpiryDate()+","+ cookie.getSecure()); state.addCookie(cookie); //if (_log.isTraceEnabled()) _log.trace("Cookie: "+cookie.toString()); } } // Proxy headers hm.addRequestHeader("Via", "1.1 " + hreq.getLocalName() + ":" + hreq.getLocalPort() + " \"WADI\""); if (!xForwardedFor) hm.addRequestHeader("X-Forwarded-For", hreq.getRemoteAddr()); // Max-Forwards... // a little bit of cache control // String cache_control = hreq.getHeader("Cache-Control"); // if (cache_control != null && (cache_control.indexOf("no-cache") >= 0 || cache_control.indexOf("no-store") >= 0)) // httpMethod.setUseCaches(false); // customize Connection // uc.setDoInput(true); int client2ServerTotal = 0; if (hasContent) { // uc.setDoOutput(true); try { if (hm instanceof EntityEnclosingMethod) ((EntityEnclosingMethod) hm).setRequestBody(hreq.getInputStream()); // TODO - do we need to close response stream at end... ? } catch (IOException e) { throw new IrrecoverableException("could not pss request input across proxy", e); } } try { HttpClient client = new HttpClient(); HostConfiguration hc = new HostConfiguration(); //String host=location.getAddress().getHostAddress(); // inefficient - but stops httpclient from rejecting half our cookies... String host = uri.getHost(); hc.setHost(host, uri.getPort()); client.executeMethod(hc, hm, state); } catch (IOException e) // TODO { _log.warn("problem proxying connection:", e); } InputStream fromServer = null; // handler status codes etc. int code = 502; // String message="Bad Gateway: could not read server response code or message"; code = hm.getStatusCode(); // IOException // message=hm.getStatusText(); // IOException hres.setStatus(code); // hres.setStatus(code, message); - deprecated... try { fromServer = hm.getResponseBodyAsStream(); // IOException } catch (IOException e) { _log.warn("problem acquiring http client output", e); } // clear response defaults. hres.setHeader("Date", null); hres.setHeader("Server", null); // set response headers // TODO - is it a bug in Jetty that I have to start my loop at 1 ? or that key[0]==null ? // Try this inside Tomcat... Header[] headers = hm.getResponseHeaders(); for (int i = 0; i < headers.length; i++) { String h = headers[i].toExternalForm(); int index = h.indexOf(':'); String key = h.substring(0, index).trim().toLowerCase(); String val = h.substring(index + 1, h.length()).trim(); if (val != null && !_DontProxyHeaders.contains(key)) { hres.addHeader(key, val); // if (_log.isInfoEnabled()) _log.info("Response: "+key+" - "+val); } } hres.addHeader("Via", "1.1 (WADI)"); // copy server->client int server2ClientTotal = 0; if (fromServer != null) { try { OutputStream toClient = hres.getOutputStream();// IOException server2ClientTotal += copy(fromServer, toClient, 8192);// IOException } catch (IOException e) { _log.warn("problem proxying server response back to client", e); } finally { try { fromServer.close(); } catch (IOException e) { // well - we did our best... _log.warn("problem closing server response stream", e); } } } long endTime = System.currentTimeMillis(); long elapsed = endTime - startTime; if (_log.isDebugEnabled()) { _log.debug("in:" + client2ServerTotal + ", out:" + server2ClientTotal + ", status:" + code + ", time:" + elapsed + ", uri:" + uri); } }
From source file:com.liferay.portal.action.LoginAction.java
public static void login(HttpServletRequest req, HttpServletResponse res, String login, String password, boolean rememberMe) throws Exception { CookieKeys.validateSupportCookie(req); HttpSession ses = req.getSession();//from w ww.ja v a 2 s . c o m long userId = GetterUtil.getLong(login); int authResult = Authenticator.FAILURE; Company company = PortalUtil.getCompany(req); // boolean ldaplogin = false; if (PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_AUTH_ENABLED).equals("true")) { LdapContext ctx = PortalLDAPUtil.getContext(company.getCompanyId()); String accountname = ""; try { User user1 = UserLocalServiceUtil.getUserByScreenName(company.getCompanyId(), login); Properties env = new Properties(); String baseProviderURL = PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_BASE_PROVIDER_URL); String userDN = PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_USERS_DN); String baseDN = PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_BASE_DN); String filter = PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_AUTH_SEARCH_FILTER); filter = StringUtil.replace(filter, new String[] { "@company_id@", "@email_address@", "@screen_name@", "@user_id@" }, new String[] { String.valueOf(company.getCompanyId()), "", login, login }); try { SearchControls cons = new SearchControls(SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false); NamingEnumeration enu = ctx.search(userDN, filter, cons); if (enu.hasMoreElements()) { SearchResult result = (SearchResult) enu.nextElement(); accountname = result.getName(); } } catch (Exception e1) { e1.printStackTrace(); } env.put(Context.INITIAL_CONTEXT_FACTORY, PrefsPropsUtil.getString(PropsUtil.LDAP_FACTORY_INITIAL)); env.put(Context.PROVIDER_URL, LDAPUtil.getFullProviderURL(baseProviderURL, baseDN)); env.put(Context.SECURITY_PRINCIPAL, accountname + "," + userDN); env.put(Context.SECURITY_CREDENTIALS, password); new InitialLdapContext(env, null); ldaplogin = true; System.out.println("LDAP Login"); } catch (Exception e) { SessionErrors.add(req, "ldapAuthentication"); e.printStackTrace(); System.out.println("LDAP error login"); return; } } // Map headerMap = new HashMap(); Enumeration enu1 = req.getHeaderNames(); while (enu1.hasMoreElements()) { String name = (String) enu1.nextElement(); Enumeration enu2 = req.getHeaders(name); List headers = new ArrayList(); while (enu2.hasMoreElements()) { String value = (String) enu2.nextElement(); headers.add(value); } headerMap.put(name, (String[]) headers.toArray(new String[0])); } Map parameterMap = req.getParameterMap(); if (company.getAuthType().equals(CompanyImpl.AUTH_TYPE_EA)) { authResult = UserLocalServiceUtil.authenticateByEmailAddress(company.getCompanyId(), login, password, headerMap, parameterMap); userId = UserLocalServiceUtil.getUserIdByEmailAddress(company.getCompanyId(), login); } else if (company.getAuthType().equals(CompanyImpl.AUTH_TYPE_SN)) { authResult = UserLocalServiceUtil.authenticateByScreenName(company.getCompanyId(), login, password, headerMap, parameterMap); userId = UserLocalServiceUtil.getUserIdByScreenName(company.getCompanyId(), login); } else if (company.getAuthType().equals(CompanyImpl.AUTH_TYPE_ID)) { authResult = UserLocalServiceUtil.authenticateByUserId(company.getCompanyId(), userId, password, headerMap, parameterMap); } boolean OTPAuth = false; if (GetterUtil.getBoolean(PropsUtil.get("use.yubicoauthentication"), false) == true) { String otppasswd = ParamUtil.getString(req, "otp"); String userslist = GetterUtil.getString(PropsUtil.get("yubico.users.not.require.otp"), "root"); if (userslist.contains(login)) { authResult = Authenticator.SUCCESS; } else { OTPAuth = SecurityUtils.verifyOTP(otppasswd, login); if (authResult == Authenticator.SUCCESS && OTPAuth) { authResult = Authenticator.SUCCESS; } else { authResult = Authenticator.FAILURE; } } } if (PrefsPropsUtil.getString(company.getCompanyId(), PropsUtil.LDAP_AUTH_ENABLED).equals("true")) { if (!login.equals("root")) { if (ldaplogin) { authResult = Authenticator.SUCCESS; } } } if (authResult == Authenticator.SUCCESS) { boolean loginViaPortal = true; setLoginCookies(req, res, ses, userId, rememberMe); // login to epsos String language = GeneralUtils.getLocale(req); SpiritEhrWsClientInterface webService = EpsosHelperService.getInstance().getWebService(req); InitUserObj initUserObj = EpsosHelperImpl.createEpsosUserInformation(req, res, language, webService, userId, company.getCompanyId(), login, loginViaPortal); SpiritUserClientDto usr = initUserObj.getUsr(); Assertion assertion = initUserObj.getAssertion(); if (Validator.isNotNull(usr)) { req.getSession().setAttribute(EpsosHelperService.EPSOS_LOGIN_INFORMATION_ASSERTIONID, assertion.getID()); req.getSession().setAttribute(EpsosHelperService.EPSOS_LOGIN_INFORMATION_ASSERTION, assertion); req.getSession().setAttribute(EPSOS_LOGIN_INFORMATION_ATTRIBUTE, usr); } else { SessionErrors.add(req, "User doesn't belong to epSOS role so you can't login"); } if (Validator.isNull(usr) && (!(login.equals("root")))) { try { Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK); cookie.setMaxAge(0); cookie.setPath("/"); CookieKeys.addCookie(res, cookie); cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK); cookie.setMaxAge(0); cookie.setPath("/"); CookieKeys.addCookie(res, cookie); try { ses.invalidate(); } catch (Exception e) { } } catch (Exception e) { req.setAttribute(PageContext.EXCEPTION, e); } throw new AuthException(); } } else { throw new AuthException(); } }
From source file:org.dspace.authenticate.ShibAuthentication.java
/** * Authenticate the given or implicit credentials. This is the heart of the * authentication method: test the credentials for authenticity, and if * accepted, attempt to match (or optionally, create) an * <code>EPerson</code>. If an <code>EPerson</code> is found it is set in * the <code>Context</code> that was passed. * /*w w w .ja v a 2 s. c o m*/ * DSpace supports authentication using NetID, or email address. A user's NetID * is a unique identifier from the IdP that identifies a particular user. The * NetID can be of almost any form such as a unique integer, string, or with * Shibboleth 2.0 you can use "targeted ids". You will need to coordinate with * your Shibboleth federation or identity provider. There are three ways to * supply identity information to DSpace: * * 1) NetID from Shibboleth Header (best) * * The NetID-based method is superior because users may change their email * address with the identity provider. When this happens DSpace will not be * able to associate their new address with their old account. * * 2) Email address from Shibboleth Header (okay) * * In the case where a NetID header is not available or not found DSpace * will fall back to identifying a user based-upon their email address. * * 3) Tomcat's Remote User (worst) * * In the event that neither Shibboleth headers are found then as a last * resort DSpace will look at Tomcat's remote user field. This is the least * attractive option because Tomcat has no way to supply additional * attributes about a user. Because of this the autoregister option is not * supported if this method is used. * * Identity Scheme Migration Strategies: * * If you are currently using Email based authentication (either 1 or 2) and * want to upgrade to NetID based authentication then there is an easy path. * Simply enable Shibboleth to pass the NetID attribute and set the netid-header * below to the correct value. When a user attempts to log in to DSpace first * DSpace will look for an EPerson with the passed NetID, however when this * fails DSpace will fall back to email based authentication. Then DSpace will * update the user's EPerson account record to set their netid so all future * authentications for this user will be based upon netid. One thing to note * is that DSpace will prevent an account from switching NetIDs. If an account * already has a NetID set and then they try and authenticate with a * different NetID the authentication will fail. * * @param context * DSpace context, will be modified (ePerson set) upon success. * * @param username * Username (or email address) when method is explicit. Use null * for implicit method. * * @param password * Password for explicit auth, or null for implicit method. * * @param realm * Not used by Shibboleth-based authentication * * @param request * The HTTP request that started this operation, or null if not * applicable. * * @return One of: SUCCESS, BAD_CREDENTIALS, CERT_REQUIRED, NO_SUCH_USER, * BAD_ARGS * <p> * Meaning: <br> * SUCCESS - authenticated OK. <br> * BAD_CREDENTIALS - user exists, but credentials (e.g. passwd) * don't match <br> * CERT_REQUIRED - not allowed to login this way without X.509 cert. * <br> * NO_SUCH_USER - user not found using this method. <br> * BAD_ARGS - user/pw not appropriate for this method * @throws SQLException if database error */ @Override public int authenticate(Context context, String username, String password, String realm, HttpServletRequest request) throws SQLException { // Check if sword compatibility is allowed, and if so see if we can // authenticate based upon a username and password. This is really helpful // if your repo uses Shibboleth but you want some accounts to be able use // sword. This allows this compatibility without installing the password-based // authentication method which has side effects such as allowing users to login // with a username and password from the webui. boolean swordCompatibility = configurationService .getBooleanProperty("authentication-shibboleth.sword.compatibility", true); if (swordCompatibility && username != null && username.length() > 0 && password != null && password.length() > 0) { return swordCompatibility(context, username, password, request); } if (request == null) { log.warn("Unable to authenticate using Shibboleth because the request object is null."); return BAD_ARGS; } // Initialize the additional EPerson metadata. initialize(context); // Log all headers received if debugging is turned on. This is enormously // helpful when debugging shibboleth related problems. if (log.isDebugEnabled()) { log.debug("Starting Shibboleth Authentication"); String message = "Received the following headers:\n"; @SuppressWarnings("unchecked") Enumeration<String> headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); @SuppressWarnings("unchecked") Enumeration<String> headerValues = request.getHeaders(headerName); while (headerValues.hasMoreElements()) { String headerValue = headerValues.nextElement(); message += "" + headerName + "='" + headerValue + "'\n"; } } log.debug(message); } // Should we auto register new users. boolean autoRegister = configurationService.getBooleanProperty("authentication-shibboleth.autoregister", true); // Four steps to authenticate a user try { // Step 1: Identify User EPerson eperson = findEPerson(context, request); // Step 2: Register New User, if necessary if (eperson == null && autoRegister) eperson = registerNewEPerson(context, request); if (eperson == null) return AuthenticationMethod.NO_SUCH_USER; // Step 3: Update User's Metadata updateEPerson(context, request, eperson); // Step 4: Log the user in. context.setCurrentUser(eperson); request.getSession().setAttribute("shib.authenticated", true); AuthenticateServiceFactory.getInstance().getAuthenticationService().initEPerson(context, request, eperson); log.info(eperson.getEmail() + " has been authenticated via shibboleth."); return AuthenticationMethod.SUCCESS; } catch (Throwable t) { // Log the error, and undo the authentication before returning a failure. log.error("Unable to successfully authenticate using shibboleth for user because of an exception.", t); context.setCurrentUser(null); return AuthenticationMethod.NO_SUCH_USER; } }
From source file:lux.solr.XQueryComponent.java
private XdmValue buildEXPathRequest(Compiler compiler, Evaluator evaluator, SolrQueryRequest req) throws XPathException { LinkedTreeBuilder builder = new LinkedTreeBuilder( compiler.getProcessor().getUnderlyingConfiguration().makePipelineConfiguration()); builder.startDocument(0);// w w w . j av a2s . com builder.startElement(fQNameFor("http", EXPATH_HTTP_NS, "request"), AnyType.getInstance(), 0, 0); builder.namespace(new NamespaceBinding("http", EXPATH_HTTP_NS), 0); Request requestWrapper = (Request) req.getContext().get(SolrQueryContext.LUX_HTTP_SERVLET_REQUEST); addAttribute(builder, "method", requestWrapper.getMethod()); addAttribute(builder, "servlet", requestWrapper.getServletPath()); HttpServletRequest httpReq = (HttpServletRequest) requestWrapper.getRequest(); addAttribute(builder, "path", httpReq.getServletPath()); String pathInfo = requestWrapper.getPathInfo(); if (pathInfo != null) { addAttribute(builder, "path-info", pathInfo); } builder.startContent(); // child elements StringBuilder buf = new StringBuilder(); // authority buf.append(requestWrapper.getScheme()).append("://").append(requestWrapper.getServerName()).append(':') .append(requestWrapper.getServerPort()); String authority = buf.toString(); addSimpleElement(builder, "authority", authority); // url buf.append(httpReq.getServletPath()); if (httpReq.getQueryString() != null) { buf.append('?').append(httpReq.getQueryString()); } String url = buf.toString(); addSimpleElement(builder, "url", url); // context-root addSimpleElement(builder, "context-root", httpReq.getContextPath()); // path - just one part: we don't do any parsing of the path builder.startElement(fQNameFor("http", EXPATH_HTTP_NS, "path"), BuiltInAtomicType.UNTYPED_ATOMIC, 0, 0); builder.startContent(); addSimpleElement(builder, "part", httpReq.getServletPath()); builder.endElement(); // params Iterator<String> paramNames = req.getParams().getParameterNamesIterator(); while (paramNames.hasNext()) { String param = paramNames.next(); String[] values = req.getParams().getParams(param); for (String value : values) { builder.startElement(fQNameFor("http", EXPATH_HTTP_NS, "param"), BuiltInAtomicType.UNTYPED_ATOMIC, 0, 0); addAttribute(builder, "name", param); addAttribute(builder, "value", value); builder.startContent(); builder.endElement(); } } // headers Enumeration<String> headerNames = httpReq.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); Enumeration<String> headerValues = httpReq.getHeaders(headerName); while (headerValues.hasMoreElements()) { String value = headerValues.nextElement(); builder.startElement(fQNameFor("http", EXPATH_HTTP_NS, "header"), BuiltInAtomicType.UNTYPED_ATOMIC, 0, 0); addAttribute(builder, "name", headerName); addAttribute(builder, "value", value); builder.startContent(); builder.endElement(); } } ArrayList<XdmItem> resultSequence = null; if (req.getContentStreams() != null) { resultSequence = new ArrayList<XdmItem>(); handleContentStreams(builder, req, resultSequence, evaluator); } builder.endElement(); // end request builder.endDocument(); XdmNode expathReq = new XdmNode(builder.getCurrentRoot()); if (resultSequence == null) { return expathReq; } resultSequence.add(0, expathReq); return new XdmValue(resultSequence); }
From source file:org.apache.axis.transport.http.AxisServlet.java
/** * Process a POST to the servlet by handing it off to the Axis Engine. * Here is where SOAP messages are received * @param req posted request//w w w . j ava 2s.c o m * @param res respose * @throws ServletException trouble * @throws IOException different trouble */ public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { long t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0; String soapAction = null; MessageContext msgContext = null; if (isDebug) { log.debug("Enter: doPost()"); } if (tlog.isDebugEnabled()) { t0 = System.currentTimeMillis(); } Message responseMsg = null; String contentType = null; try { AxisEngine engine = getEngine(); if (engine == null) { // !!! should return a SOAP fault... ServletException se = new ServletException(Messages.getMessage("noEngine00")); log.debug("No Engine!", se); throw se; } res.setBufferSize(1024 * 8); // provide performance boost. /** get message context w/ various properties set */ msgContext = createMessageContext(engine, req, res); // ? OK to move this to 'getMessageContext', // ? where it would also be picked up for 'doGet()' ? if (securityProvider != null) { if (isDebug) { log.debug("securityProvider:" + securityProvider); } msgContext.setProperty(MessageContext.SECURITY_PROVIDER, securityProvider); } /* Get request message */ Message requestMsg = new Message(req.getInputStream(), false, req.getHeader(HTTPConstants.HEADER_CONTENT_TYPE), req.getHeader(HTTPConstants.HEADER_CONTENT_LOCATION)); // Transfer HTTP headers to MIME headers for request message. MimeHeaders requestMimeHeaders = requestMsg.getMimeHeaders(); for (Enumeration e = req.getHeaderNames(); e.hasMoreElements();) { String headerName = (String) e.nextElement(); for (Enumeration f = req.getHeaders(headerName); f.hasMoreElements();) { String headerValue = (String) f.nextElement(); requestMimeHeaders.addHeader(headerName, headerValue); } } if (isDebug) { log.debug("Request Message:" + requestMsg); /* Set the request(incoming) message field in the context */ /**********************************************************/ } msgContext.setRequestMessage(requestMsg); String url = HttpUtils.getRequestURL(req).toString(); msgContext.setProperty(MessageContext.TRANS_URL, url); // put character encoding of request to message context // in order to reuse it during the whole process. String requestEncoding; try { requestEncoding = (String) requestMsg.getProperty(SOAPMessage.CHARACTER_SET_ENCODING); if (requestEncoding != null) { msgContext.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, requestEncoding); } } catch (SOAPException e1) { } try { /** * Save the SOAPAction header in the MessageContext bag. * This will be used to tell the Axis Engine which service * is being invoked. This will save us the trouble of * having to parse the Request message - although we will * need to double-check later on that the SOAPAction header * does in fact match the URI in the body. */ // (is this last stmt true??? (I don't think so - Glen)) /********************************************************/ soapAction = getSoapAction(req); if (soapAction != null) { msgContext.setUseSOAPAction(true); msgContext.setSOAPActionURI(soapAction); } // Create a Session wrapper for the HTTP session. // These can/should be pooled at some point. // (Sam is Watching! :-) msgContext.setSession(new AxisHttpSession(req)); if (tlog.isDebugEnabled()) { t1 = System.currentTimeMillis(); } /* Invoke the Axis engine... */ /*****************************/ if (isDebug) { log.debug("Invoking Axis Engine."); //here we run the message by the engine } engine.invoke(msgContext); if (isDebug) { log.debug("Return from Axis Engine."); } if (tlog.isDebugEnabled()) { t2 = System.currentTimeMillis(); } responseMsg = msgContext.getResponseMessage(); // We used to throw exceptions on null response messages. // They are actually OK in certain situations (asynchronous // services), so fall through here and return an ACCEPTED // status code below. Might want to install a configurable // error check for this later. } catch (AxisFault fault) { //log and sanitize processAxisFault(fault); configureResponseFromAxisFault(res, fault); responseMsg = msgContext.getResponseMessage(); if (responseMsg == null) { responseMsg = new Message(fault); ((org.apache.axis.SOAPPart) responseMsg.getSOAPPart()).getMessage() .setMessageContext(msgContext); } } catch (Exception e) { //other exceptions are internal trouble responseMsg = msgContext.getResponseMessage(); res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); responseMsg = convertExceptionToAxisFault(e, responseMsg); ((org.apache.axis.SOAPPart) responseMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } catch (Throwable t) { logException(t); //other exceptions are internal trouble responseMsg = msgContext.getResponseMessage(); res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); responseMsg = new Message(new AxisFault(t.toString(), t)); ((org.apache.axis.SOAPPart) responseMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } } catch (AxisFault fault) { processAxisFault(fault); configureResponseFromAxisFault(res, fault); responseMsg = msgContext.getResponseMessage(); if (responseMsg == null) { responseMsg = new Message(fault); ((org.apache.axis.SOAPPart) responseMsg.getSOAPPart()).getMessage().setMessageContext(msgContext); } } if (tlog.isDebugEnabled()) { t3 = System.currentTimeMillis(); } /* Send response back along the wire... */ /***********************************/ if (responseMsg != null) { // Transfer MIME headers to HTTP headers for response message. MimeHeaders responseMimeHeaders = responseMsg.getMimeHeaders(); for (Iterator i = responseMimeHeaders.getAllHeaders(); i.hasNext();) { MimeHeader responseMimeHeader = (MimeHeader) i.next(); res.addHeader(responseMimeHeader.getName(), responseMimeHeader.getValue()); } // synchronize the character encoding of request and response String responseEncoding = (String) msgContext.getProperty(SOAPMessage.CHARACTER_SET_ENCODING); if (responseEncoding != null) { try { responseMsg.setProperty(SOAPMessage.CHARACTER_SET_ENCODING, responseEncoding); } catch (SOAPException e) { } } //determine content type from message response contentType = responseMsg.getContentType(msgContext.getSOAPConstants()); sendResponse(contentType, res, responseMsg); } else { // No content, so just indicate accepted res.setStatus(202); } if (isDebug) { log.debug("Response sent."); log.debug("Exit: doPost()"); } if (tlog.isDebugEnabled()) { t4 = System.currentTimeMillis(); tlog.debug("axisServlet.doPost: " + soapAction + " pre=" + (t1 - t0) + " invoke=" + (t2 - t1) + " post=" + (t3 - t2) + " send=" + (t4 - t3) + " " + msgContext.getTargetService() + "." + ((msgContext.getOperation() == null) ? "" : msgContext.getOperation().getName())); } }
From source file:org.sakaiproject.portal.util.ErrorReporter.java
@SuppressWarnings("rawtypes") private String requestDisplay(HttpServletRequest request) { ResourceBundle rb = rbDefault; StringBuilder sb = new StringBuilder(); try {/* ww w . ja v a2s . c o m*/ sb.append(rb.getString("bugreport.request")).append("\n"); sb.append(rb.getString("bugreport.request.authtype")).append(request.getAuthType()).append("\n"); sb.append(rb.getString("bugreport.request.charencoding")).append(request.getCharacterEncoding()) .append("\n"); sb.append(rb.getString("bugreport.request.contentlength")).append(request.getContentLength()) .append("\n"); sb.append(rb.getString("bugreport.request.contenttype")).append(request.getContentType()).append("\n"); sb.append(rb.getString("bugreport.request.contextpath")).append(request.getContextPath()).append("\n"); sb.append(rb.getString("bugreport.request.localaddr")).append(request.getLocalAddr()).append("\n"); sb.append(rb.getString("bugreport.request.localname")).append(request.getLocalName()).append("\n"); sb.append(rb.getString("bugreport.request.localport")).append(request.getLocalPort()).append("\n"); sb.append(rb.getString("bugreport.request.method")).append(request.getMethod()).append("\n"); sb.append(rb.getString("bugreport.request.pathinfo")).append(request.getPathInfo()).append("\n"); sb.append(rb.getString("bugreport.request.protocol")).append(request.getProtocol()).append("\n"); sb.append(rb.getString("bugreport.request.querystring")).append(request.getQueryString()).append("\n"); sb.append(rb.getString("bugreport.request.remoteaddr")).append(request.getRemoteAddr()).append("\n"); sb.append(rb.getString("bugreport.request.remotehost")).append(request.getRemoteHost()).append("\n"); sb.append(rb.getString("bugreport.request.remoteport")).append(request.getRemotePort()).append("\n"); sb.append(rb.getString("bugreport.request.requesturl")).append(request.getRequestURL()).append("\n"); sb.append(rb.getString("bugreport.request.scheme")).append(request.getScheme()).append("\n"); sb.append(rb.getString("bugreport.request.servername")).append(request.getServerName()).append("\n"); sb.append(rb.getString("bugreport.request.headers")).append("\n"); for (Enumeration e = request.getHeaderNames(); e.hasMoreElements();) { String headerName = (String) e.nextElement(); boolean censor = (censoredHeaders.get(headerName) != null); for (Enumeration he = request.getHeaders(headerName); he.hasMoreElements();) { String headerValue = (String) he.nextElement(); sb.append(rb.getString("bugreport.request.header")).append(headerName).append(":") .append(censor ? "---censored---" : headerValue).append("\n"); } } sb.append(rb.getString("bugreport.request.parameters")).append("\n"); for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) { String parameterName = (String) e.nextElement(); boolean censor = (censoredParameters.get(parameterName) != null); String[] paramvalues = request.getParameterValues(parameterName); for (int i = 0; i < paramvalues.length; i++) { sb.append(rb.getString("bugreport.request.parameter")).append(parameterName).append(":") .append(i).append(":").append(censor ? "----censored----" : paramvalues[i]) .append("\n"); } } sb.append(rb.getString("bugreport.request.attributes")).append("\n"); for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) { String attributeName = (String) e.nextElement(); Object attribute = request.getAttribute(attributeName); boolean censor = (censoredAttributes.get(attributeName) != null); sb.append(rb.getString("bugreport.request.attribute")).append(attributeName).append(":") .append(censor ? "----censored----" : attribute).append("\n"); } HttpSession session = request.getSession(false); if (session != null) { DateFormat serverLocaleDateFormat = DateFormat.getDateInstance(DateFormat.FULL, Locale.getDefault()); sb.append(rb.getString("bugreport.session")).append("\n"); sb.append(rb.getString("bugreport.session.creation")).append(session.getCreationTime()) .append("\n"); sb.append(rb.getString("bugreport.session.lastaccess")).append(session.getLastAccessedTime()) .append("\n"); sb.append(rb.getString("bugreport.session.creationdatetime")) .append(serverLocaleDateFormat.format(session.getCreationTime())).append("\n"); sb.append(rb.getString("bugreport.session.lastaccessdatetime")) .append(serverLocaleDateFormat.format(session.getLastAccessedTime())).append("\n"); sb.append(rb.getString("bugreport.session.maxinactive")).append(session.getMaxInactiveInterval()) .append("\n"); sb.append(rb.getString("bugreport.session.attributes")).append("\n"); for (Enumeration e = session.getAttributeNames(); e.hasMoreElements();) { String attributeName = (String) e.nextElement(); Object attribute = session.getAttribute(attributeName); boolean censor = (censoredAttributes.get(attributeName) != null); sb.append(rb.getString("bugreport.session.attribute")).append(attributeName).append(":") .append(censor ? "----censored----" : attribute).append("\n"); } } } catch (Exception ex) { M_log.error("Failed to generate request display", ex); sb.append("Error " + ex.getMessage()); } return sb.toString(); }
From source file:org.apache.click.util.ClickUtils.java
/** * Perform an auto post redirect to the specified target using the given * response. If the params Map is defined then the form will post these * values as name value pairs. If the compress value is true, this method * will attempt to gzip compress the response content if requesting * browser accepts "gzip" encoding./* w w w . ja va 2 s .c om*/ * <p/> * Once this method has returned you should not attempt to write to the * servlet response. * * @param request the servlet request * @param response the servlet response * @param target the target URL to send the auto post redirect to * @param params the map of parameter values to post * @param compress the flag to specify whether to attempt gzip compression * of the response content */ public static void autoPostRedirect(HttpServletRequest request, HttpServletResponse response, String target, Map<?, ?> params, boolean compress) { Validate.notNull(request, "Null response parameter"); Validate.notNull(response, "Null response parameter"); Validate.notNull(target, "Null target parameter"); HtmlStringBuffer buffer = new HtmlStringBuffer(1024); buffer.append("<html><body onload=\"document.forms[0].submit();\">"); buffer.append("<form name=\"form\" method=\"post\" style=\"{display:none;}\" action=\""); buffer.append(target); buffer.append("\">"); for (Map.Entry<?, ?> entry : params.entrySet()) { buffer.elementStart("textarea"); buffer.appendAttribute("name", entry.getKey()); buffer.elementEnd(); buffer.append(entry.getValue()); buffer.elementEnd("textarea"); } buffer.append("</form></body></html>"); // Determine whether browser will accept gzip compression if (compress) { compress = false; Enumeration<?> e = request.getHeaders("Accept-Encoding"); while (e.hasMoreElements()) { String name = (String) e.nextElement(); if (name.indexOf("gzip") != -1) { compress = true; break; } } } OutputStream os = null; GZIPOutputStream gos = null; try { response.setContentType("text/html"); if (compress) { response.setHeader("Content-Encoding", "gzip"); os = response.getOutputStream(); gos = new GZIPOutputStream(os); gos.write(buffer.toString().getBytes()); } else { response.setContentLength(buffer.length()); os = response.getOutputStream(); os.write(buffer.toString().getBytes()); } } catch (IOException ex) { ClickUtils.getLogService().error(ex.getMessage(), ex); } finally { ClickUtils.close(gos); ClickUtils.close(os); } }