List of usage examples for javax.servlet ServletRequest setAttribute
public void setAttribute(String name, Object o);
From source file:com.xpn.xwiki.web.ActionFilter.java
/** * {@inheritDoc}// www .j a va 2s.c om * * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ @SuppressWarnings("unchecked") public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // Only HTTP requests can be dispatched. if (request instanceof HttpServletRequest && !Boolean.valueOf((String) request.getAttribute(ATTRIBUTE_ACTION_DISPATCHED))) { HttpServletRequest hrequest = (HttpServletRequest) request; Enumeration<String> parameterNames = hrequest.getParameterNames(); while (parameterNames.hasMoreElements()) { String parameter = parameterNames.nextElement(); if (parameter.startsWith(ACTION_PREFIX)) { String targetURL = getTargetURL(hrequest, parameter); RequestDispatcher dispatcher = hrequest.getRequestDispatcher(targetURL); if (dispatcher != null) { LOG.debug("Forwarding request to " + targetURL); request.setAttribute(ATTRIBUTE_ACTION_DISPATCHED, "true"); dispatcher.forward(hrequest, response); // Allow multiple calls to this filter as long as they are not nested. request.removeAttribute(ATTRIBUTE_ACTION_DISPATCHED); // If the request was forwarder to another path, don't continue the normal processing chain. return; } } } } // Let the request pass through unchanged. chain.doFilter(request, response); }
From source file:net.lightbody.bmp.proxy.jetty.jetty.servlet.ServletHolder.java
/** Service a request with this servlet. *///from www. j a v a 2s.c o m public void handle(ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException { if (_class == null) throw new UnavailableException("Servlet Not Initialized"); Servlet servlet = (!_initOnStartup || _servlets != null) ? getServlet() : _servlet; if (servlet == null) throw new UnavailableException("Could not instantiate " + _class); // Service the request boolean servlet_error = true; Principal user = null; HttpRequest http_request = null; try { // Handle aliased path if (_forcedPath != null) // TODO complain about poor naming to the Jasper folks request.setAttribute("org.apache.catalina.jsp_file", _forcedPath); // Handle run as if (_runAs != null && _realm != null) { http_request = getHttpContext().getHttpConnection().getRequest(); user = _realm.pushRole(http_request.getUserPrincipal(), _runAs); http_request.setUserPrincipal(user); } servlet.service(request, response); servlet_error = false; } catch (UnavailableException e) { if (_servlets != null && servlet != null) stop(); makeUnavailable(e); } finally { // pop run-as role if (_runAs != null && _realm != null && user != null) { user = _realm.popRole(user); http_request.setUserPrincipal(user); } // Handle error params. if (servlet_error) request.setAttribute("javax.servlet.error.servlet_name", getName()); // Return to singleThreaded pool synchronized (this) { if (_servlets != null && servlet != null) _servlets.push(servlet); } } }
From source file:de.innovationgate.wgpublisher.filter.WGAFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { WGARequestInformation info = new WGARequestInformation(); try {/*from w w w . j av a 2s. c o m*/ info.setStartTime(System.currentTimeMillis()); info.setThread(Thread.currentThread()); request.setAttribute(WGARequestInformation.REQUEST_ATTRIBUTENAME, info); _wgaFilterChain.init(request, chain); _currentRequests.put(request, info); // F000037B2 if (_core.getCharacterEncoding() != null) { request.setCharacterEncoding(_core.getCharacterEncoding()); // B000041DA response.setCharacterEncoding(_core.getCharacterEncoding()); } // add/ delete jvmRoute String lbRoute = _core.getClusterService().getLBRoute(); if (lbRoute != null && !lbRoute.trim().equals("")) { WGCookie jvmRouteCookie = new WGCookie(COOKIE_NAME_LBROUTE, lbRoute); jvmRouteCookie.setPath("/"); jvmRouteCookie.setMaxAge(-1); jvmRouteCookie.addCookieHeader((HttpServletResponse) response); } else { Cookie cookie = getCookie((HttpServletRequest) request, COOKIE_NAME_LBROUTE); if (cookie != null) { WGCookie jvmRouteCookie = WGCookie.from(cookie); jvmRouteCookie.setMaxAge(0); jvmRouteCookie.addCookieHeader((HttpServletResponse) response); } } RequestWrapper wrappedRequest = createRequestWrapper(response, (HttpServletRequest) request); /* * #00005078: don't store original URL. Store converted URL instead. * Will be used in WGA.urlBuilder() and other sources */ request.setAttribute(REQATTRIB_ORIGINAL_URL, wrappedRequest.getRequestURL().toString()); request.setAttribute(REQATTRIB_ORIGINAL_URI, wrappedRequest.getRequestURI()); request.setAttribute(REQATTRIB_ORIGINAL_QUERYSTRING, wrappedRequest.getQueryString()); FinalCharacterEncodingResponseWrapper wrappedResponse = createResponseWrapper(response, wrappedRequest); _holdRequestsLock.readLock().lock(); try { _wgaFilterChain.doFilter(wrappedRequest, wrappedResponse); } finally { _holdRequestsLock.readLock().unlock(); } info.setStatusCode(wrappedResponse.getStatusCode()); info.setStatusMessage(wrappedResponse.getStatusMessage()); AbstractWGAHttpSessionManager sessionManager = _core.getHttpSessionManager(); if (sessionManager != null) { sessionManager.requestFinished(wrappedRequest, wrappedResponse); } } catch (ServletException e) { info.setStatusCode(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); info.setStatusMessage(e.getMessage()); _core.getLog().error("Internal Server Error.", e); throw e; } finally { info.setEndTime(System.currentTimeMillis()); try { WGALoggerWrapper logger = _core.getAccessLogger(); if (logger != null) { logger.logRequest(request); } } catch (Exception e) { _core.getLog().error("Unable to log request.", e); } WGFactory.getInstance().closeSessions(); if (!Boolean.TRUE.equals(request.getAttribute(WGPDeployer.REQATTRIB_TML_DEPLOYED)) && info.getEndTime() > info.getStartTime() + REQUEST_LENGTH_NOTIFICATION_THRESHOLD) { String uri = ((HttpServletRequest) request).getRequestURI(); Problem.Vars vars = Problem.var("reqinfo", info) .var("completeurl", ((HttpServletRequest) request).getRequestURL().toString()) .var("host", ((HttpServletRequest) request).getServerName()).var("uri", uri); String problemKey = "requestProblem.longRequest#" + uri; if (info.getDatabase() != null) { _core.getProblemRegistry() .addProblem(Problem.create(new FilterRequestOccasion(), new DatabaseScope(info.getDatabase().getDbReference()), problemKey, ProblemSeverity.LOW, vars)); } else { _core.getProblemRegistry().addProblem( Problem.create(new FilterRequestOccasion(), problemKey, ProblemSeverity.LOW, vars)); } } // close opened lucene-resultsets LuceneManager luceneManager = _core.getLuceneManager(); if (luceneManager != null) { luceneManager.closeOpenedResultSets(); } _currentRequests.remove(request); } }
From source file:org.sakaiproject.nakamura.http.qos.QoSFilter.java
private QoSToken getQoSControl(ServletRequest request) { QoSToken control = (QoSToken) request.getAttribute(QoSToken.CONTROL_ATTR); if (control != null) { return control; }/*from w w w .j a v a 2 s .c o m*/ QoSControl qoSControl = null; HttpServletRequest hrequest = (HttpServletRequest) request; String requestPath = hrequest.getRequestURI(); String[] pathElements = StringUtils.split(requestPath, "/", 1); if (pathElements != null && pathElements.length > 0) { String method = StringUtils.lowerCase(hrequest.getMethod()); qoSControl = qoSControMap.get(method + ":" + pathElements[0]); if (qoSControl == null) { qoSControl = qoSControMap.get("*:" + pathElements[0]); } } if (qoSControl == null) { qoSControl = defaultQoSControl; } QoSToken qoSToken = new QoSTokenImpl(qoSControl, request); request.setAttribute(QoSToken.CONTROL_ATTR, qoSToken); return qoSToken; }
From source file:uk.ac.cam.ucs.webauth.RavenFilter.java
@Override public void doFilter(ServletRequest servletReq, ServletResponse servletResp, FilterChain chain) throws IOException, ServletException { // Only process http requests. if ((servletReq instanceof HttpServletRequest) == false) { String msg = "Configuration Error. RavenFilter can only handle Http requests. The rest of the filter chain will NOT be processed."; log.error(msg);//from ww w.j av a 2s . c o m return; } if (testingMode) { servletReq.setAttribute(ATTR_REMOTE_USER, "test"); ((HttpServletRequest) servletReq).getSession().setAttribute(ATTR_REMOTE_USER, "test"); chain.doFilter(servletReq, servletResp); return; } HttpServletRequest request = (HttpServletRequest) servletReq; HttpServletResponse response = (HttpServletResponse) servletResp; HttpSession session = request.getSession(); log.debug("RavenFilter running for: " + request.getServletPath()); // Check for an authentication reply in the request // If its a POST request then we cannot read parameters because this // trashes the inputstream which we want to pass to the servlet. So, if // its a post request then assume that there is no WLS-RESPONSE in the // request. This is reasonable because WLS-Response is sent from the // raven server and it won't do that with a POST request. String wlsResponse = null; if (!"POST".equals(request.getMethod())) { wlsResponse = request.getParameter(WLS_RESPONSE_PARAM); log.debug("WLS-Response is " + wlsResponse); } else { log.debug("Not checking WLS-Response because we have a POST request"); } // WebauthResponse storedResponse = (WebauthResponse) // session.getAttribute(WLS_RESPONSE_PARAM); WebauthRequest storedRavenReq = (WebauthRequest) session.getAttribute(SESS_RAVEN_REQ_KEY); log.debug("Stored raven request is " + storedRavenReq); RavenState storedState = (RavenState) session.getAttribute(SESS_STORED_STATE_KEY); log.debug("Stored state is " + storedState); /* * Check the stored state if we have it */ if (storedState != null) { if (storedState.status != 200) { session.setAttribute(SESS_STORED_STATE_KEY, null); response.sendError(storedState.status); return; } /* * We do not check for expiry of the state because in this * implementation we simply use the session expiry the web admin has * configured in Tomcat (since the Raven authentication is only used * to set up the session, it makes sense to use the session's expiry * rather than Raven's). */ /* * We do not check for state.last or state.issue being in the * future. State.issue is already checked in the WebauthValidator * when the state is initially created. State.last is set by * System.currentTimeMillis at state creation time and therefore * cannot be in the future. */ if (wlsResponse == null || wlsResponse.length() == 0) { log.debug("Accepting stored session"); if (allowedPrincipals == null || allowedPrincipals.contains(storedState.principal.getName())) { chain.doFilter(request, response); return; } else { response.sendError(403, "You are not authorized to view this page."); return; } } } // end if (storedState != null) /* * Check the received response if we have it. * * Note - if we have both a stored state and a WLS-Response, we let the * WLS-Response override the stored state (this is no worse than if the * same request arrived a few minutes later when the first session would * have expired, thus removing the stored state) */ if (wlsResponse != null && wlsResponse.length() > 0) { WebauthResponse webauthResponse = new WebauthResponse(wlsResponse); session.setAttribute(WLS_RESPONSE_PARAM, webauthResponse); try { log.debug("Validating received response with stored request"); if (storedRavenReq == null) { response.sendError(500, "Failed to find a stored Raven request in the user's session."); return; } this.getWebauthValidator().validate(storedRavenReq, webauthResponse); RavenPrincipal principal = new RavenPrincipal(webauthResponse.get("principal")); RavenState state = new RavenState(200, webauthResponse.get("issue"), webauthResponse.get("life"), webauthResponse.get("id"), principal, webauthResponse.get("auth"), webauthResponse.get("sso"), webauthResponse.get("params")); log.debug("Storing new state " + state.toString()); session.setAttribute(SESS_STORED_STATE_KEY, state); session.setAttribute(ATTR_REMOTE_USER, state.principal.getName()); request.setAttribute(ATTR_REMOTE_USER, state.principal.getName()); /* * We do a redirect here so the user doesn't see the * WLS-Response in his browser location */ response.sendRedirect(webauthResponse.get("url")); return; } catch (WebauthException e) { log.debug("Response validation failed - " + e.getMessage()); try { int status = webauthResponse.getInt("status"); if (status > 0) response.sendError(status, e.getMessage()); else response.sendError(500, "Response validation failed - " + e.getMessage()); } catch (Exception e2) { response.sendError(500, "Response validation failed - " + e.getMessage()); } return; } } else { /* * No WLS-Response, no stored state. Redirect the user to Raven to * log in */ WebauthRequest webauthReq = new WebauthRequest(); StringBuffer url = request.getRequestURL(); if (serverURLPrefix != null) { // strip off everything up to and including the servlet path and // replace with the prefix String contextPath = request.getContextPath(); log.debug("Context path is: " + contextPath); log.debug("Request url is: " + request.getRequestURL()); int index = url.indexOf(contextPath); if (index == -1) { log.error("Failed to find context path (" + contextPath + ") in request url " + url); } else { url = new StringBuffer(serverURLPrefix + url.substring(index + contextPath.length())); } } if (request.getQueryString() != null && request.getQueryString().length() > 0) { url.append('?'); url.append(request.getQueryString()); } log.debug("Redirecting with url " + url.toString()); webauthReq.set("url", url.toString()); session.setAttribute(SESS_RAVEN_REQ_KEY, webauthReq); response.sendRedirect(sRavenAuthenticatePage + "?" + webauthReq.toQString()); return; } }
From source file:com.adito.vfs.webdav.DAVServlet.java
public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; debugRequest(req);//from w w w . ja v a 2 s . co m DAVTransaction transaction = null; try { transaction = new DAVTransaction(req, res); DAVProcessor processor = null; try { processor = DAVServlet.getDAVProcessor(req); } catch (CoreException e) { ActionMessages mesgs = (ActionMessages) request.getAttribute(Globals.ERROR_KEY); if (mesgs == null) { mesgs = new ActionMessages(); request.setAttribute(Globals.ERROR_KEY, mesgs); } mesgs.add(Globals.MESSAGE_KEY, e.getBundleActionMessage()); return; } catch (Exception e1) { throw new IOException(e1.getMessage()); } /** * LDP - JB I have removed the authentication code here and instead * placed in DAVTransaction. This allows the transaction to * correctly obtain sessionInfo through WEBDav. */ /* Mark our presence */ res.setHeader("Server", this.context.getServerInfo() + " WebDAV"); res.setHeader("MS-Author-Via", "DAV"); res.setHeader("DAV", "1"); /* * Get the current SessionInfo if possible, but do not request * authentication yet This is because the VFSResource that we want * is in a mount that does not require Adito authentication * (required for some ActiveX and Applet extensions). * * SessionInfo will be null if session can yet be determined */ if (!transaction.attemptToAuthorize()) { return; } SessionInfo sessionInfo = transaction.getSessionInfo(); // Timeout block is not needed if we have no session int timeoutId = sessionInfo == null ? -1 : LogonControllerFactory.getInstance().addSessionTimeoutBlock( transaction.getSessionInfo().getHttpSession(), "DAV Transaction"); ; try { processor.process(transaction); } catch (DAVAuthenticationRequiredException dare) { /* * If the session is temporary, then we are probably dealing * with a client that doesn't support cookies. This means that * secondary authentication that may be required for some mounts * won't work as we cannot have two different sets of * credentials without session tracking */ if (sessionInfo != null && sessionInfo.isTemporary()) { throw new IOException("Mount requires further authentication. This cannot work " + "on WebDAV clients that do not support cookies."); } else { throw dare; } } finally { if (timeoutId != -1) LogonControllerFactory.getInstance() .removeSessionTimeoutBlock(transaction.getSessionInfo().getHttpSession(), timeoutId); } } catch (DAVRedirection redir) { String redirPath = "/fs" + redir.getLocation().getFullPath(); req.getRequestDispatcher(redirPath).forward(req, res); } catch (DAVAuthenticationRequiredException e) { // We need to be able to authenticate the Adito session was // well // sendAuthorizationError(req, res, e.getMount().getMountString()); sendAuthorizationError(req, res, e.getHttpRealm()); } catch (DAVBundleActionMessageException ex) { log.error("Network Places Request Failed: " + req.getPathInfo(), ex); BundleActionMessage bam = ex.getBundleActionMessage(); MessageResources mr = CoreUtil.getMessageResources(req.getSession(), bam.getBundle()); // TODO locale String val = mr == null ? null : mr.getMessage(bam.getKey()); res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, val == null ? (ex.getMessage() == null ? "No message supplied." : ex.getMessage()) : val); } catch (DAVException ex) { res.setStatus(ex.getStatus()); } catch (LockedException ex) { res.sendError(DAVStatus.SC_LOCKED, ex.getMessage()); } catch (Throwable t) { log.error("Network Places Request Failed: " + req.getPathInfo(), t); res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, t.getMessage() == null ? "<null>" : t.getMessage()); } finally { if (transaction != null && transaction.getSessionInfo() != null && transaction.getSessionInfo().isTemporary()) { transaction.getSessionInfo().getHttpSession().invalidate(); } } }
From source file:com.sslexplorer.vfs.webdav.DAVServlet.java
public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; debugRequest(req);// w w w . ja va2 s . co m DAVTransaction transaction = null; try { transaction = new DAVTransaction(req, res); DAVProcessor processor = null; try { processor = DAVServlet.getDAVProcessor(req); } catch (CoreException e) { ActionMessages mesgs = (ActionMessages) request.getAttribute(Globals.ERROR_KEY); if (mesgs == null) { mesgs = new ActionMessages(); request.setAttribute(Globals.ERROR_KEY, mesgs); } mesgs.add(Globals.MESSAGE_KEY, e.getBundleActionMessage()); return; } catch (Exception e1) { throw new IOException(e1.getMessage()); } /** * LDP - JB I have removed the authentication code here and instead * placed in DAVTransaction. This allows the transaction to * correctly obtain sessionInfo through WEBDav. */ /* Mark our presence */ res.setHeader("Server", this.context.getServerInfo() + " WebDAV"); res.setHeader("MS-Author-Via", "DAV"); res.setHeader("DAV", "1"); /* * Get the current SessionInfo if possible, but do not request * authentication yet This is because the VFSResource that we want * is in a mount that does not require SSL-Explorer authentication * (required for some ActiveX and Applet extensions). * * SessionInfo will be null if session can yet be determined */ if (!transaction.attemptToAuthorize()) { return; } SessionInfo sessionInfo = transaction.getSessionInfo(); // Timeout block is not needed if we have no session int timeoutId = sessionInfo == null ? -1 : LogonControllerFactory.getInstance().addSessionTimeoutBlock( transaction.getSessionInfo().getHttpSession(), "DAV Transaction"); ; try { processor.process(transaction); } catch (DAVAuthenticationRequiredException dare) { /* * If the session is temporary, then we are probably dealing * with a client that doesn't support cookies. This means that * secondary authentication that may be required for some mounts * won't work as we cannot have two different sets of * credentials without session tracking */ if (sessionInfo != null && sessionInfo.isTemporary()) { throw new IOException("Mount requires further authentication. This cannot work " + "on WebDAV clients that do not support cookies."); } else { throw dare; } } finally { if (timeoutId != -1) LogonControllerFactory.getInstance() .removeSessionTimeoutBlock(transaction.getSessionInfo().getHttpSession(), timeoutId); } } catch (DAVRedirection redir) { String redirPath = "/fs" + redir.getLocation().getFullPath(); req.getRequestDispatcher(redirPath).forward(req, res); } catch (DAVAuthenticationRequiredException e) { // We need to be able to authenticate the SSL-Explorer session was // well // sendAuthorizationError(req, res, e.getMount().getMountString()); sendAuthorizationError(req, res, e.getHttpRealm()); } catch (DAVBundleActionMessageException ex) { log.error("Network Places Request Failed: " + req.getPathInfo(), ex); BundleActionMessage bam = ex.getBundleActionMessage(); MessageResources mr = CoreUtil.getMessageResources(req.getSession(), bam.getBundle()); // TODO locale String val = mr == null ? null : mr.getMessage(bam.getKey()); res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, val == null ? (ex.getMessage() == null ? "No message supplied." : ex.getMessage()) : val); } catch (DAVException ex) { res.setStatus(ex.getStatus()); } catch (LockedException ex) { res.sendError(DAVStatus.SC_LOCKED, ex.getMessage()); } catch (Throwable t) { log.error("Network Places Request Failed: " + req.getPathInfo(), t); res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, t.getMessage() == null ? "<null>" : t.getMessage()); } finally { if (transaction != null && transaction.getSessionInfo() != null && transaction.getSessionInfo().isTemporary()) { transaction.getSessionInfo().getHttpSession().invalidate(); } } }
From source file:org.qifu.sys.GreenStepBaseFormAuthenticationFilter.java
/** * ? core-web ? , gsbsc-web, qcharts-web * //from ww w . j ava 2 s . co m * @param request * @param response * @return * @throws Exception */ private boolean loginUseCurrentCookieForGeneralPackage(ServletRequest request, ServletResponse response) throws Exception { Map<String, String> dataMap = UserCurrentCookie.getCurrentData((HttpServletRequest) request); if (dataMap == null) { return false; } String currentId = dataMap.get("currentId"); String accountId = dataMap.get("account"); if (StringUtils.isBlank(currentId) || StringUtils.isBlank(accountId)) { return false; } // tb_sys_usess current_id db if (this.uSessLogHelper.countByCurrent(accountId, currentId) < 1) { // core-web , TB_SYS_USESS return false; } String captchaStr = "0123"; // ? captcha ??? , ? core-web ? request.setAttribute(this.captchaParam, captchaStr); ((HttpServletRequest) request).getSession() .setAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY, captchaStr); ShiroLoginSupport loginSupport = new ShiroLoginSupport(); AccountVO account = loginSupport.queryUserValidate(accountId); loginSupport.forceCreateLoginSubject((HttpServletRequest) request, (HttpServletResponse) response, accountId, captchaStr); // set session this.setUserSession((HttpServletRequest) request, (HttpServletResponse) response, account); return true; }
From source file:gov.nih.nci.system.security.acegi.ui.globus.X509InitializationFilter.java
/** * This method checks the X509 certificate chain in globus context and then puts it in the session under property name of * javax.servlet.request.X509Certificate * @param request DOCUMENT ME!//from w ww . j a v a 2 s .c o m * @param response DOCUMENT ME! * @param filterChain DOCUMENT ME! * * @throws IOException DOCUMENT ME! * @throws javax.servlet.ServletException DOCUMENT ME! */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (!(request instanceof HttpServletRequest)) { throw new ServletException("Can only process HttpServletRequest"); } if (!(response instanceof HttpServletResponse)) { throw new ServletException("Can only process HttpServletResponse"); } HttpServletRequest httpRequest = (HttpServletRequest) request; if (logger.isDebugEnabled()) { logger.debug("Checking HTTP Request for Globus Context "); } try { Object obj = httpRequest.getAttribute(GSIConstants.GSI_CONTEXT); if (obj != null) { GlobusGSSContextImpl ctx = (GlobusGSSContextImpl) obj; X509Certificate[] certChain = (X509Certificate[]) ctx.inquireByOid(GSSConstants.X509_CERT_CHAIN); if (certChain != null) { X509Certificate[] idCertChain = new X509Certificate[] { BouncyCastleUtil.getIdentityCertificate(certChain) }; request.setAttribute("javax.servlet.request.X509Certificate", idCertChain); } } } catch (Exception e) { logger.error("Error getting X509Certificate chain from the globus context:", e); } filterChain.doFilter(request, response); }
From source file:com.redhat.rhn.frontend.servlets.EnvironmentFilter.java
/** * {@inheritDoc}/* w w w .j a v a2s . c om*/ */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = new RhnHttpServletRequest((HttpServletRequest) request); HttpServletResponse hres = new RhnHttpServletResponse((HttpServletResponse) response, hreq); boolean sslAvail = ConfigDefaults.get().isSSLAvailable(); // There are a list of pages that don't require SSL, that list should // be called out here. String path = hreq.getRequestURI(); // Have to make this decision here, because once we pass the request // off to the next filter, that filter can do work that sends data to // the client, meaning that we can't redirect. if (RhnHelper.pathNeedsSecurity(nosslurls, path) && !hreq.isSecure() && sslAvail) { if (log.isDebugEnabled()) { log.debug("redirecting to secure: " + path); } redirectToSecure(hreq, hres); return; } // Set request attributes we may need later HttpServletRequest req = (HttpServletRequest) request; request.setAttribute(RequestContext.REQUESTED_URI, req.getRequestURI()); if (log.isDebugEnabled()) { log.debug("set REQUESTED_URI: " + req.getRequestURI()); } // add messages that were put on the request path. addParameterizedMessages(req); // Done, go up chain chain.doFilter(hreq, hres); }