List of usage examples for javax.servlet.http HttpServletRequest getHeaders
public Enumeration<String> getHeaders(String name);
Enumeration of String objects. From source file:org.ovirt.engine.api.common.security.CSRFProtectionFilter.java
/** * Checks if the headers contained in the given request indicate that the user wants to enable protection. This * means checking if the {@code Prefer} header exists and has at least one {@code csrf-protection} element. For * example:/*w w w . jav a2 s . c om*/ * * <pre> * GET /ovirt-engine/api HTTP/1.1 * Host: ovirt.example.com * Prefer: persistent-auth, csrf-protection * </pre> * * @param request the HTTP request to check * @return {@code true} if the request contains headers that indicate that protection should be enabled, * {@code false} otherwise */ private boolean isProtectionRequested(HttpServletRequest request) { Enumeration<String> headerValues = request.getHeaders(PREFER_HEADER); while (headerValues.hasMoreElements()) { String headerValue = headerValues.nextElement(); HeaderElement[] headerElements = BasicHeaderValueParser.parseElements(headerValue, null); for (HeaderElement headerElement : headerElements) { String elementName = headerElement.getName(); if (PREFER_ELEMENT.equalsIgnoreCase(elementName)) { return true; } } } return false; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00307.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }//w ww . ja v a2 s . com String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); response.getWriter().write(bar.toCharArray()); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00300.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }// www. j a v a 2s . c om String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); Object[] obj = { "a", bar }; response.getWriter().printf(java.util.Locale.US, "Formatted like: %1$s and %2$s.", obj); }
From source file:org.sakaiproject.entitybroker.util.request.RequestUtils.java
/** * This method will correctly extract the format constant from a request * (extension first and then Accepts header) and then set it in the response * as the correct return type, if none is found then the default will be used * @param req the Servlet request// www . jav a2s .c om * @param res the Servlet response * @param defaultFormat (OPTIONAL) if this is set then it will be the default format assigned when none can be found, * otherwise the default format is {@link Formats#HTML} * @return the extracted format (will never be null), e.g {@link Formats#XML} */ @SuppressWarnings("unchecked") public static String findAndHandleFormat(HttpServletRequest req, HttpServletResponse res, String defaultFormat) { if (defaultFormat == null) { defaultFormat = Formats.HTML; } String path = req.getPathInfo(); String format = TemplateParseUtil.findExtension(path)[2]; if (format == null) { // try to get it from the Accept header for (Enumeration<String> enumHeader = req.getHeaderNames(); enumHeader.hasMoreElements();) { String headerName = enumHeader.nextElement(); if ("accept".equalsIgnoreCase(headerName)) { ArrayList<String> accepts = new ArrayList<String>(); for (Enumeration<String> enumAccepts = req.getHeaders(headerName); enumAccepts .hasMoreElements();) { String mimeType = enumAccepts.nextElement(); if (mimeType == null) { continue; } mimeType = mimeType.trim(); // trim out the optional stuff int pos = mimeType.indexOf(';'); if (pos > 0) { mimeType = mimeType.substring(0, pos).trim(); } accepts.add(mimeType); } // sort the list to longest first and shortest last Collections.sort(accepts, new ShortestStringLastComparator()); for (String mimeType : accepts) { String f = mimeTypeToFormat.get(mimeType); if (f != null) { format = f; break; // FOUND A MIME MATCH } } break; // STOP CHECKING HEADERS } } } if (format == null || "".equals(format)) { // set the default value format = defaultFormat; } RequestUtils.setResponseEncoding(format, res); return format; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02092.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }/*from w w w . j ava2 s .c om*/ String bar = doSomething(param); response.getWriter().print(bar); }
From source file:org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.java
/** * Parse the OAuth header parameters. The parameters will be oauth-decoded. * /*from w w w . ja v a2 s . c om*/ * @param request The request. * @return The parsed parameters, or null if no OAuth authorization header was supplied. */ protected String parseHeaderToken(HttpServletRequest request) { @SuppressWarnings("unchecked") Enumeration<String> headers = request.getHeaders("Authorization"); while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that) String value = headers.nextElement(); if ((value.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase()))) { String authHeaderValue = value.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim(); int commaIndex = authHeaderValue.indexOf(','); if (commaIndex > 0) { authHeaderValue = authHeaderValue.substring(0, commaIndex); } return authHeaderValue; } else { // todo: support additional authorization schemes for different token types, e.g. "MAC" specified by // http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token } } return null; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01206.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }// w ww.j ava 2 s .c o m String bar = new Test().doSomething(param); Object[] obj = { "a", "b" }; response.getWriter().printf(bar, obj); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01212.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }// ww w . j av a 2 s . co m String bar = new Test().doSomething(param); int length = 1; if (bar != null) { length = bar.length(); response.getWriter().write(bar, 0, length); } }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01239.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }/*from w ww . j av a 2s .c om*/ String bar = new Test().doSomething(param); // javax.servlet.http.HttpSession.putValue(java.lang.String^,java.lang.Object) request.getSession().putValue(bar, "10340"); response.getWriter().println("Item: '" + org.owasp.benchmark.helpers.Utils.encodeForHTML(bar) + "' with value: 10340 saved in session."); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00286.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("Referer"); if (headers != null && headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }//w w w . java 2 s . c o m // URL Decode the header value since req.getHeaders() doesn't. Unlike req.getParameters(). param = java.net.URLDecoder.decode(param, "UTF-8"); String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); response.setHeader("X-XSS-Protection", "0"); response.getWriter().write(bar.toCharArray()); }