List of usage examples for javax.servlet ServletRequest getParameterMap
public Map<String, String[]> getParameterMap();
From source file:org.zht.framework.web.bind.resolver.FormModelMethodArgumentResolver.java
/** * {@inheritDoc}//from w w w. j a va2 s. c o m * <p>Downcast {@link org.springframework.web.bind.WebDataBinder} to {@link org.springframework.web.bind.ServletRequestDataBinder} before binding. * * @throws Exception * @see org.springframework.web.servlet.mvc.method.annotation.ServletRequestDataBinderFactory */ protected void bindRequestParameters(ModelAndViewContainer mavContainer, WebDataBinderFactory binderFactory, WebDataBinder binder, NativeWebRequest request, MethodParameter parameter) throws Exception { Map<String, Boolean> hasProcessedPrefixMap = new HashMap<String, Boolean>(); Class<?> targetType = binder.getTarget().getClass(); ServletRequest servletRequest = prepareServletRequest(binder.getTarget(), request, parameter); WebDataBinder simpleBinder = binderFactory.createBinder(request, null, null); if (Collection.class.isAssignableFrom(targetType)) {//bind collection or array Type type = parameter.getGenericParameterType(); Class<?> componentType = Object.class; Collection target = (Collection) binder.getTarget(); List targetList = new ArrayList(target); if (type instanceof ParameterizedType) { componentType = (Class<?>) ((ParameterizedType) type).getActualTypeArguments()[0]; } if (parameter.getParameterType().isArray()) { componentType = parameter.getParameterType().getComponentType(); } for (Object key : servletRequest.getParameterMap().keySet()) { String prefixName = getPrefixName((String) key); //?prefix ?? if (hasProcessedPrefixMap.containsKey(prefixName)) { continue; } else { hasProcessedPrefixMap.put(prefixName, Boolean.TRUE); } if (isSimpleComponent(prefixName)) { //bind simple type Map<String, Object> paramValues = WebUtils.getParametersStartingWith(servletRequest, prefixName); Matcher matcher = INDEX_PATTERN.matcher(prefixName); if (!matcher.matches()) { //? array=1&array=2 for (Object value : paramValues.values()) { targetList.add(simpleBinder.convertIfNecessary(value, componentType)); } } else { //? array[0]=1&array[1]=2 int index = Integer.valueOf(matcher.group(1)); if (targetList.size() <= index) { growCollectionIfNecessary(targetList, index); } targetList.set(index, simpleBinder.convertIfNecessary(paramValues.values(), componentType)); } } else { //? votes[1].title=votes[1].title&votes[0].title=votes[0].title&votes[0].id=0&votes[1].id=1 Object component = null; //? ????? Matcher matcher = INDEX_PATTERN.matcher(prefixName); if (!matcher.matches()) { throw new IllegalArgumentException("bind collection error, need integer index, key:" + key); } int index = Integer.valueOf(matcher.group(1)); if (targetList.size() <= index) { growCollectionIfNecessary(targetList, index); } Iterator iterator = targetList.iterator(); for (int i = 0; i < index; i++) { iterator.next(); } component = iterator.next(); if (component == null) { component = BeanUtils.instantiate(componentType); } WebDataBinder componentBinder = binderFactory.createBinder(request, component, null); component = componentBinder.getTarget(); if (component != null) { ServletRequestParameterPropertyValues pvs = new ServletRequestParameterPropertyValues( servletRequest, prefixName, ""); componentBinder.bind(pvs); validateIfApplicable(componentBinder, parameter); if (componentBinder.getBindingResult().hasErrors()) { if (isBindExceptionRequired(componentBinder, parameter)) { throw new BindException(componentBinder.getBindingResult()); } } targetList.set(index, component); } } target.clear(); target.addAll(targetList); } } else if (MapWapper.class.isAssignableFrom(targetType)) { Type type = parameter.getGenericParameterType(); Class<?> keyType = Object.class; Class<?> valueType = Object.class; if (type instanceof ParameterizedType) { keyType = (Class<?>) ((ParameterizedType) type).getActualTypeArguments()[0]; valueType = (Class<?>) ((ParameterizedType) type).getActualTypeArguments()[1]; } MapWapper mapWapper = ((MapWapper) binder.getTarget()); Map target = mapWapper.getInnerMap(); if (target == null) { target = new HashMap(); mapWapper.setInnerMap(target); } for (Object key : servletRequest.getParameterMap().keySet()) { String prefixName = getPrefixName((String) key); //?prefix ?? if (hasProcessedPrefixMap.containsKey(prefixName)) { continue; } else { hasProcessedPrefixMap.put(prefixName, Boolean.TRUE); } Object keyValue = simpleBinder.convertIfNecessary(getMapKey(prefixName), keyType); if (isSimpleComponent(prefixName)) { //bind simple type Map<String, Object> paramValues = WebUtils.getParametersStartingWith(servletRequest, prefixName); for (Object value : paramValues.values()) { target.put(keyValue, simpleBinder.convertIfNecessary(value, valueType)); } } else { Object component = target.get(keyValue); if (component == null) { component = BeanUtils.instantiate(valueType); } WebDataBinder componentBinder = binderFactory.createBinder(request, component, null); component = componentBinder.getTarget(); if (component != null) { ServletRequestParameterPropertyValues pvs = new ServletRequestParameterPropertyValues( servletRequest, prefixName, ""); componentBinder.bind(pvs); validateComponent(componentBinder, parameter); target.put(keyValue, component); } } } } else {//bind model ServletRequestDataBinder servletBinder = (ServletRequestDataBinder) binder; servletBinder.bind(servletRequest); } }
From source file:com.redhat.rhn.frontend.taglibs.ListDisplayTag.java
private void renderAlphabar(Writer out) throws IOException { StringBuilder target = new StringBuilder(); target.append("<div class=\"spacewalk-alphabar\">"); target.append("<ul class=\"pagination pagination-sm\">"); StringBuilder enabled = new StringBuilder("<li><a href=\""); enabled.append("?lower={1}"); /**/*w w w . j a va 2 s . com*/ * Add any query args we got to alphabar links. * We do it this way to ensure that any variables set on the page * carry from form submission (by pressing the pagination buttons) * to the alphabar links and vice-versa. */ ServletRequest rq = pageContext.getRequest(); String formvars = rq.getParameter("formvars"); if (formvars != null) { //get vars from form submission String[] keys = formvars.split(",\\s?"); for (int j = 0; j < keys.length; j++) { if (keys[j].equals("submitted")) { continue; } if (!PAGINATION_WASH_SET.contains(keys[j])) { String encodedParam = StringUtil.urlEncode(rq.getParameter(keys[j])); enabled.append("&" + keys[j] + "=" + encodedParam); } } } else { //get vars from url Map qvars = rq.getParameterMap(); qvars.remove("lower"); //don't repeat lower Iterator iter = qvars.keySet().iterator(); while (iter.hasNext()) { String key = (String) iter.next(); if (key.equals("submitted")) { continue; } if (!PAGINATION_WASH_SET.contains(key)) { String encodedParam = StringUtil.urlEncode(rq.getParameter(key)); enabled.append("&" + key + "=" + encodedParam); } } } enabled.append("\">{0}</a><li>"); AlphaBar ab = new AlphaBar(enabled.toString(), "<li class=\"disabled\"><span>{0}</span></li>"); target.append(ab.getAlphaList(getPageList().getIndex())); target.append("</ul>"); target.append("</div>"); out.append(target.toString()); }
From source file:com.mirth.connect.connectors.http.HttpReceiver.java
private ConstraintSecurityHandler createSecurityHandler(Handler handler) throws Exception { final Authenticator authenticator = authenticatorProvider.getAuthenticator(); final String authMethod; switch (authProps.getAuthType()) { case BASIC://from w w w. java 2s . c o m authMethod = Constraint.__BASIC_AUTH; break; case DIGEST: authMethod = Constraint.__DIGEST_AUTH; break; default: authMethod = "customauth"; } Constraint constraint = new Constraint(); constraint.setName(authMethod); constraint.setRoles(new String[] { "user" }); constraint.setAuthenticate(true); ConstraintMapping constraintMapping = new ConstraintMapping(); constraintMapping.setConstraint(constraint); constraintMapping.setPathSpec("/*"); ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); securityHandler.setAuthenticator(new org.eclipse.jetty.security.Authenticator() { @Override public void setConfiguration(AuthConfiguration configuration) { } @Override public String getAuthMethod() { return authMethod; } @Override public void prepareRequest(ServletRequest request) { } @Override public Authentication validateRequest(final ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String remoteAddress = StringUtils.trimToEmpty(request.getRemoteAddr()); int remotePort = request.getRemotePort(); String localAddress = StringUtils.trimToEmpty(request.getLocalAddr()); int localPort = request.getLocalPort(); String protocol = StringUtils.trimToEmpty(request.getProtocol()); String method = StringUtils.trimToEmpty(request.getMethod()); String requestURI = StringUtils.trimToEmpty(request.getRequestURI()); Map<String, List<String>> headers = HttpMessageConverter.convertFieldEnumerationToMap(request); Map<String, List<String>> queryParameters = new LinkedHashMap<String, List<String>>(); for (Entry<String, String[]> entry : req.getParameterMap().entrySet()) { queryParameters.put(entry.getKey(), Arrays.asList(entry.getValue())); } EntityProvider entityProvider = new EntityProvider() { @Override public byte[] getEntity() throws IOException { byte[] entity = (byte[]) req.getAttribute(ATTRIBUTE_NAME); if (entity == null) { entity = IOUtils.toByteArray(req.getInputStream()); req.setAttribute(ATTRIBUTE_NAME, entity); } return entity; } }; RequestInfo requestInfo = new RequestInfo(remoteAddress, remotePort, localAddress, localPort, protocol, method, requestURI, headers, queryParameters, entityProvider, configuration.getRequestInformation(request)); try { AuthenticationResult result = authenticator.authenticate(requestInfo); for (Entry<String, List<String>> entry : result.getResponseHeaders().entrySet()) { if (StringUtils.isNotBlank(entry.getKey()) && entry.getValue() != null) { for (int i = 0; i < entry.getValue().size(); i++) { if (i == 0) { response.setHeader(entry.getKey(), entry.getValue().get(i)); } else { response.addHeader(entry.getKey(), entry.getValue().get(i)); } } } } switch (result.getStatus()) { case CHALLENGED: response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return org.eclipse.jetty.server.Authentication.SEND_CONTINUE; case SUCCESS: Principal userPrincipal = new KnownUser(StringUtils.trimToEmpty(result.getUsername()), null); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); return new UserAuthentication(getAuthMethod(), new DefaultUserIdentity(subject, userPrincipal, new String[] { "user" })); case FAILURE: default: response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return org.eclipse.jetty.server.Authentication.SEND_FAILURE; } } catch (Throwable t) { logger.error("Error in HTTP authentication for " + connectorProperties.getName() + " (" + connectorProperties.getName() + " \"Source\" on channel " + getChannelId() + ").", t); eventController.dispatchEvent(new ErrorEvent(getChannelId(), getMetaDataId(), null, ErrorEventType.DESTINATION_CONNECTOR, "Source", connectorProperties.getName(), "Error in HTTP authentication for " + connectorProperties.getName(), t)); throw new ServerAuthException(t); } } @Override public boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException { return true; } }); securityHandler.addConstraintMapping(constraintMapping); securityHandler.setHandler(handler); return securityHandler; }
From source file:org.codeconsole.web.analytics.AnalyticsFilter.java
/** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) *//*from w ww . j a v a2 s . c om*/ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpStatusExposingServletResponse httpResponse = new HttpStatusExposingServletResponse( (HttpServletResponse) response); AnalyticsSession analyticsSession = (AnalyticsSession) httpRequest.getSession() .getAttribute(sessionAttributeName); if (analyticsSession == null) { analyticsSession = new AnalyticsSession(maxHistorySize, httpRequest.getHeader("referer"), getIp(httpRequest)); httpRequest.getSession().setAttribute(sessionAttributeName, analyticsSession); } String compareUrl = getComparisonUrl((HttpServletRequest) request); if (compareUrl.endsWith(analyticsUrl)) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<html><head><title>Analytics Report</title></head><body>"); if (ServletRequestUtils.getBooleanParameter(request, "send", false)) { if (analyticsGateway != null) { analyticsGateway.sendAnalytics(analyticsSession); } else { out.println( "<div>Warning: Can't send report. No Spring application context specified/configured.</div>"); } out.println("<div>Message: Report Sent!</div>"); } if (ServletRequestUtils.getBooleanParameter(request, "clear", false)) { analyticsSession.clear(); httpRequest.getSession().setAttribute(sessionAttributeName, analyticsSession); out.println("<div>Message: History Cleared!</div>"); } out.print( "<div><a href=\"?\">Refresh</a> <a href=\"?clear=true\">Clear</a> <a href=\"?send=true\">Send</a> <a href=\"?send=true&clear=true\">Send and Clear</a></div>"); out.print(analyticsSession.toHtmlString()); out.println("</body></html>"); out.close(); } else { String sourceRevision = sourceRevisionResolver == null ? null : sourceRevisionResolver.getRevision(httpRequest); Map<String, String[]> filteredParamMap = request.getParameterMap(); if (!excludedUrlPatterns.isEmpty()) { filteredParamMap = new HashMap<String, String[]>(); for (Iterator<Map.Entry<String, String[]>> it = request.getParameterMap().entrySet().iterator(); it .hasNext();) { Entry<String, String[]> next = it.next(); for (Pattern exclude : excludedUrlPatterns) { if (exclude.matcher(compareUrl).matches()) { filteredParamMap.put(next.getKey(), new String[] { "**FILTERED**" }); } else { filteredParamMap.put(next.getKey(), next.getValue()); } } } } @SuppressWarnings("unchecked") AnalyticsHttpRequest rq = new AnalyticsHttpRequest(httpRequest.getMethod(), httpRequest.getRequestURL().toString(), httpRequest.getQueryString(), filteredParamMap, sourceRevision); try { chain.doFilter(request, httpResponse); } catch (IOException e) { rq.setException(e); throw e; } catch (ServletException e) { rq.setException(e); throw e; } catch (RuntimeException e) { rq.setException(e); throw e; } finally { rq.setCompletionTime(System.currentTimeMillis()); rq.setStatus(httpResponse.getStatus()); boolean ignore = false; if (rq.getStatus() == 200 || rq.getStatus() == 304) { for (Pattern exclude : excludedUrlPatterns) { if (exclude.matcher(compareUrl).matches()) { ignore = true; break; } } } if (!ignore) { analyticsSession.appendHistory(rq); } Serializable userDetails = userDetailsResolver == null ? null : userDetailsResolver.getUserDetails(httpRequest); if (userDetails != null && (analyticsSession.getUserDetails() == null || !analyticsSession.getUserDetails().equals(userDetails))) { analyticsSession.setUserDetails(userDetails); } // in case of clustered sessions, always update the session object to propagate the update. if (!httpResponse.isCommitted()) { httpRequest.getSession().setAttribute(sessionAttributeName, analyticsSession); } if (rq.getWrappedException() != null && analyticsGateway != null) { analyticsGateway.sendAnalytics(analyticsSession); } } } }
From source file:it.drwolf.ridire.filters.TmpResourcesFilter.java
@SuppressWarnings("unchecked") public void doFilter(ServletRequest req, ServletResponse resp, FilterChain arg2) throws IOException, ServletException { String filename = req.getParameter("filename"); String encoding = req.getParameter("encoding"); String tempDir = System.getProperty("java.io.tmpdir"); String freqList = req.getParameter("freqList"); String tsvList = req.getParameter("tsvList"); if (filename != null && encoding != null && filename.indexOf(tempDir) != -1) { try {/*from w ww .j a v a 2s . com*/ Lifecycle.beginCall(); if (resp instanceof HttpServletResponse) { HttpServletResponse response = (HttpServletResponse) resp; response.setContentType("text/html"); response.setCharacterEncoding(encoding); response.setHeader("Expires", "0"); response.setHeader("Date", new Date().toString()); response.setHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0"); response.setHeader("Pragma", "public"); File file = new File(filename); if (file.exists() && file.canRead()) { String ret = FileUtils.readFileToString(file, encoding); response.getWriter().write(ret); response.getWriter().flush(); response.getWriter().close(); } // FacesContext.getCurrentInstance().responseComplete(); } } catch (Exception e) { e.printStackTrace(); } finally { Lifecycle.endCall(); } } else if (freqList != null && freqList.trim().length() > 0 || tsvList != null && tsvList.trim().length() > 0) { try { Lifecycle.beginCall(); String contentType = "application/vnd.oasis.opendocument.spreadsheet"; File file = null; if (freqList != null) { file = new File(TmpResourcesFilter.LF_DIR + freqList + ".ods"); if (freqList.equals("RIDIRE_LF")) { file = new File(TmpResourcesFilter.LF_DIR + freqList + ".zip"); contentType = "application/zip"; } } else { String zipFileName = tsvList.replaceAll("\\s\\(TSV\\)", ""); file = new File(TmpResourcesFilter.LF_DIR + zipFileName + ".zip"); contentType = "application/zip"; } if (file.exists() && file.canRead()) { if (resp instanceof HttpServletResponse) { HttpServletResponse response = (HttpServletResponse) resp; response.setContentType(contentType); response.setHeader("Expires", "0"); if (freqList != null) { if (freqList.equals("RIDIRE_LF")) { response.addHeader("Content-disposition", "attachment; filename=\"" + freqList + ".zip\""); } else { response.addHeader("Content-disposition", "attachment; filename=\"" + freqList + ".ods\""); } } else if (tsvList != null) { response.addHeader("Content-disposition", "attachment; filename=\"" + tsvList + ".zip\""); } response.setHeader("Date", new Date().toString()); response.setHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0"); response.setHeader("Pragma", "public"); byte[] lf = FileUtils.readFileToByteArray(file); response.getOutputStream().write(lf); response.getOutputStream().flush(); response.getOutputStream().close(); } } } catch (Exception e) { e.printStackTrace(); } finally { Lifecycle.endCall(); } } else { Map<String, String[]> pMap = req.getParameterMap(); final Map<String, String[]> additionalParams = new HashMap<String, String[]>(); for (String key : pMap.keySet()) { // if (key.equals("forma") || key.equals("lemma") // || key.equals("pos") || key.equals("phrase") // || key.startsWith("pattern")) { String[] values = pMap.get(key); if (values != null && values.length == 1) { byte[] bytes = values[0].getBytes("ISO-8859-1"); additionalParams.put(key, new String[] { new String(bytes, "UTF-8") }); } // } } HttpServletRequest httpServletRequest = new PrettyFacesWrappedRequest((HttpServletRequest) req, additionalParams); arg2.doFilter(httpServletRequest, resp); } }
From source file:nl.nn.adapterframework.webcontrol.ParamWrapperFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // to prevent NPE (????) request.getParameterMap(); ParamFilteredRequest wrapper = null; if (request instanceof HttpServletRequest) wrapper = new ParamFilteredRequest(request, pattern); if (wrapper != null) chain.doFilter(wrapper, response); else//from w w w . jav a 2 s. c om chain.doFilter(request, response); }
From source file:no.kantega.commons.filter.ParamEncodingFilter.java
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { if (((HttpServletRequest) servletRequest).getMethod().equals("POST")) { servletRequest.setCharacterEncoding(encoding); } else {//from w ww . ja v a2 s . c o m servletRequest.setCharacterEncoding(GETencoding); } for (String s : servletRequest.getParameterMap().keySet()) { servletRequest.getParameter(s); } filterChain.doFilter(servletRequest, servletResponse); }
From source file:optional.BasicFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //extract actionname cut of ".do" results in /actionname String look = getActionMappingName(((HttpServletRequest) request).getServletPath()); System.out.println(">>" + look); boolean isMultipart = ServletFileUpload.isMultipartContent((HttpServletRequest) request); try {/* w w w.ja v a 2s .c o m*/ // Create a factory for disk-based file items FileItemFactory factory = new DiskFileItemFactory(); // Create a new file upload handler ServletFileUpload upload = new ServletFileUpload(factory); // Parse the request List /* FileItem */ items = upload.parseRequest((HttpServletRequest) request); } catch (FileUploadException e) { } System.out.println(request.getParameterMap()); ConfigWrapper config = (ConfigWrapper) actions.get(look); if (config == null) { return; } try { DirectInterface bean = (DirectInterface) config.getActionclass().newInstance(); BeanUtils.populate(bean, request.getParameterMap()); bean.doexecute((HttpServletRequest) request, (HttpServletResponse) response); } catch (Exception e) { System.out.println(); } //chain.doFilter(request, response); //RequestDispatcher rd = request.getRequestDispatcher("/home.jsp"); RequestDispatcher rd = request.getRequestDispatcher("/blank_view.jsp"); rd.forward(request, response); }
From source file:org.kuali.rice.krad.web.bind.UifServletRequestDataBinder.java
/** * Attempts to get a view instance by looking for a view type name in the request or the form and querying * that view type with the request parameters * * @param request request instance to pull parameters from * @param form form instance to pull values from * @return View instance if found or null *//*from ww w . j a v a 2 s . c o m*/ protected View getViewByType(ServletRequest request, UifFormBase form) { View view = null; String viewTypeName = request.getParameter(UifParameters.VIEW_TYPE_NAME); ViewType viewType = StringUtils.isBlank(viewTypeName) ? form.getViewTypeName() : ViewType.valueOf(viewTypeName); if (viewType != null) { Map<String, String> parameterMap = KRADUtils.translateRequestParameterMap(request.getParameterMap()); view = getViewService().getViewByType(viewType, parameterMap); } return view; }
From source file:org.lockss.servlet.LockssOiosamlSpFilter.java
/** * Check whether the user is authenticated i.e. having session with a valid * assertion. If the user is not authenticated an <AuthnRequest> is sent * to the Login Site./*from w ww .j av a 2 s. c o m*/ * * @param request * The servletRequest * @param response * The servletResponse */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final String DEBUG_HEADER = "doFilter(): "; if (log.isDebug2()) log.debug2(DEBUG_HEADER + "Starting..."); if (!(request instanceof HttpServletRequest)) { throw new RuntimeException("Not supported operation..."); } HttpServletRequest servletRequest = ((HttpServletRequest) request); Audit.init(servletRequest); if (!isFilterInitialized()) { if (log.isDebug3()) log.debug3(DEBUG_HEADER + "isFilterInitialized() = false"); try { Configuration conf = SAMLConfigurationFactory.getConfiguration().getSystemConfiguration(); setRuntimeConfiguration(conf); } catch (IllegalStateException e) { request.getRequestDispatcher("/saml/configure").forward(request, response); if (log.isDebug2()) { log.debug2(DEBUG_HEADER + "Forwarded to /saml/configure."); log.debug2(DEBUG_HEADER + "Done."); } return; } } else { if (log.isDebug3()) log.debug3(DEBUG_HEADER + "isFilterInitialized() = true"); } if (conf.getSystemConfiguration().getBoolean(Constants.PROP_DEVEL_MODE, false)) { log.warning("Running in developer mode, skipped regular filter."); develMode.doFilter(servletRequest, (HttpServletResponse) response, chain, conf.getSystemConfiguration()); if (log.isDebug2()) log.debug2(DEBUG_HEADER + "Done."); return; } if (cleanerRunning.compareAndSet(false, true)) { int maxInactiveInterval = ((HttpServletRequest) request).getSession().getMaxInactiveInterval(); if (log.isDebug3()) log.debug3(DEBUG_HEADER + "maxInactiveInterval = " + maxInactiveInterval); if (maxInactiveInterval < 0) { maxInactiveInterval = 3600; } SessionCleaner.startCleaner(sessionHandlerFactory.getHandler(), maxInactiveInterval, 30); } SessionHandler sessionHandler = sessionHandlerFactory.getHandler(); if (servletRequest.getServletPath() .equals(conf.getSystemConfiguration().getProperty(Constants.PROP_SAML_SERVLET))) { if (log.isDebug()) log.debug(DEBUG_HEADER + "Request to SAML servlet, access granted"); chain.doFilter(new SAMLHttpServletRequest(servletRequest, hostname, null), response); if (log.isDebug2()) log.debug2(DEBUG_HEADER + "Done."); return; } final HttpSession session = servletRequest.getSession(); if (log.isDebug()) log.debug(DEBUG_HEADER + "session.getId() = " + session.getId()); Boolean forceAuthn = false; if (request.getParameterMap().containsKey(Constants.QUERY_STRING_FORCE_AUTHN)) { String forceAuthnAsString = request.getParameter(Constants.QUERY_STRING_FORCE_AUTHN); if (log.isDebug3()) log.debug3(DEBUG_HEADER + "forceAuthnAsString = " + forceAuthnAsString); forceAuthn = forceAuthnAsString.toLowerCase().equals("true"); } if (log.isDebug3()) log.debug3(DEBUG_HEADER + "forceAuthn = " + forceAuthn); // Is the user logged in? if (sessionHandler.isLoggedIn(session.getId()) && session.getAttribute(Constants.SESSION_USER_ASSERTION) != null && !forceAuthn) { int actualAssuranceLevel = sessionHandler.getAssertion(session.getId()).getAssuranceLevel(); if (log.isDebug3()) log.debug3(DEBUG_HEADER + "actualAssuranceLevel = " + actualAssuranceLevel); int assuranceLevel = conf.getSystemConfiguration().getInt(Constants.PROP_ASSURANCE_LEVEL); if (log.isDebug3()) log.debug3(DEBUG_HEADER + "assuranceLevel = " + assuranceLevel); if (actualAssuranceLevel > 0 && actualAssuranceLevel < assuranceLevel) { sessionHandler.logOut(session); log.warning("Assurance level too low: " + actualAssuranceLevel + ", required: " + assuranceLevel); throw new RuntimeException( "Assurance level too low: " + actualAssuranceLevel + ", required: " + assuranceLevel); } UserAssertion ua = (UserAssertion) session.getAttribute(Constants.SESSION_USER_ASSERTION); if (log.isDebug()) { log.debug(DEBUG_HEADER + "Everything is OK."); log.debug(DEBUG_HEADER + "Subject: " + ua.getSubject()); log.debug(DEBUG_HEADER + "NameID Format: " + ua.getNameIDFormat()); log.debug(DEBUG_HEADER + "Common Name: " + ua.getCommonName()); log.debug(DEBUG_HEADER + "UserId: " + ua.getUserId()); log.debug(DEBUG_HEADER + "Authenticated?: " + ua.isAuthenticated()); log.debug(DEBUG_HEADER + "Signed?: " + ua.isSigned()); } Audit.log(Operation.ACCESS, servletRequest.getRequestURI()); try { UserAssertionHolder.set(ua); HttpServletRequestWrapper requestWrap = new SAMLHttpServletRequest(servletRequest, ua, hostname); chain.doFilter(requestWrap, response); if (log.isDebug2()) log.debug2(DEBUG_HEADER + "Done."); return; } finally { UserAssertionHolder.set(null); } } else { session.removeAttribute(Constants.SESSION_USER_ASSERTION); UserAssertionHolder.set(null); saveRequestAndGotoLogin((HttpServletResponse) response, servletRequest); } if (log.isDebug2()) log.debug2(DEBUG_HEADER + "Done."); }