Example usage for javax.servlet ServletRequest setAttribute

List of usage examples for javax.servlet ServletRequest setAttribute

Introduction

In this page you can find the example usage for javax.servlet ServletRequest setAttribute.

Prototype

public void setAttribute(String name, Object o);

Source Link

Document

Stores an attribute in this request.

Usage

From source file:com.xpn.xwiki.web.ActionFilter.java

/**
 * {@inheritDoc}// www .j a va  2s.c om
 * 
 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
 */
@SuppressWarnings("unchecked")
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    // Only HTTP requests can be dispatched.
    if (request instanceof HttpServletRequest
            && !Boolean.valueOf((String) request.getAttribute(ATTRIBUTE_ACTION_DISPATCHED))) {
        HttpServletRequest hrequest = (HttpServletRequest) request;
        Enumeration<String> parameterNames = hrequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String parameter = parameterNames.nextElement();
            if (parameter.startsWith(ACTION_PREFIX)) {
                String targetURL = getTargetURL(hrequest, parameter);
                RequestDispatcher dispatcher = hrequest.getRequestDispatcher(targetURL);
                if (dispatcher != null) {
                    LOG.debug("Forwarding request to " + targetURL);
                    request.setAttribute(ATTRIBUTE_ACTION_DISPATCHED, "true");
                    dispatcher.forward(hrequest, response);
                    // Allow multiple calls to this filter as long as they are not nested.
                    request.removeAttribute(ATTRIBUTE_ACTION_DISPATCHED);
                    // If the request was forwarder to another path, don't continue the normal processing chain.
                    return;
                }
            }
        }
    }
    // Let the request pass through unchanged.
    chain.doFilter(request, response);
}

From source file:net.lightbody.bmp.proxy.jetty.jetty.servlet.ServletHolder.java

/** Service a request with this servlet.
 *///from   www.  j  a  v a 2s.c  o  m
public void handle(ServletRequest request, ServletResponse response)
        throws ServletException, UnavailableException, IOException {
    if (_class == null)
        throw new UnavailableException("Servlet Not Initialized");

    Servlet servlet = (!_initOnStartup || _servlets != null) ? getServlet() : _servlet;
    if (servlet == null)
        throw new UnavailableException("Could not instantiate " + _class);

    // Service the request
    boolean servlet_error = true;
    Principal user = null;
    HttpRequest http_request = null;
    try {
        // Handle aliased path
        if (_forcedPath != null)
            // TODO complain about poor naming to the Jasper folks
            request.setAttribute("org.apache.catalina.jsp_file", _forcedPath);

        // Handle run as
        if (_runAs != null && _realm != null) {
            http_request = getHttpContext().getHttpConnection().getRequest();
            user = _realm.pushRole(http_request.getUserPrincipal(), _runAs);
            http_request.setUserPrincipal(user);
        }

        servlet.service(request, response);
        servlet_error = false;
    } catch (UnavailableException e) {
        if (_servlets != null && servlet != null)
            stop();
        makeUnavailable(e);
    } finally {
        // pop run-as role
        if (_runAs != null && _realm != null && user != null) {
            user = _realm.popRole(user);
            http_request.setUserPrincipal(user);
        }

        // Handle error params.
        if (servlet_error)
            request.setAttribute("javax.servlet.error.servlet_name", getName());

        // Return to singleThreaded pool
        synchronized (this) {
            if (_servlets != null && servlet != null)
                _servlets.push(servlet);
        }
    }
}

From source file:de.innovationgate.wgpublisher.filter.WGAFilter.java

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    WGARequestInformation info = new WGARequestInformation();
    try {/*from  w  w w  . j av  a  2s. c o  m*/
        info.setStartTime(System.currentTimeMillis());
        info.setThread(Thread.currentThread());
        request.setAttribute(WGARequestInformation.REQUEST_ATTRIBUTENAME, info);

        _wgaFilterChain.init(request, chain);

        _currentRequests.put(request, info);

        // F000037B2
        if (_core.getCharacterEncoding() != null) {
            request.setCharacterEncoding(_core.getCharacterEncoding());
            // B000041DA
            response.setCharacterEncoding(_core.getCharacterEncoding());
        }

        // add/ delete jvmRoute
        String lbRoute = _core.getClusterService().getLBRoute();
        if (lbRoute != null && !lbRoute.trim().equals("")) {
            WGCookie jvmRouteCookie = new WGCookie(COOKIE_NAME_LBROUTE, lbRoute);
            jvmRouteCookie.setPath("/");
            jvmRouteCookie.setMaxAge(-1);
            jvmRouteCookie.addCookieHeader((HttpServletResponse) response);
        } else {
            Cookie cookie = getCookie((HttpServletRequest) request, COOKIE_NAME_LBROUTE);
            if (cookie != null) {
                WGCookie jvmRouteCookie = WGCookie.from(cookie);
                jvmRouteCookie.setMaxAge(0);
                jvmRouteCookie.addCookieHeader((HttpServletResponse) response);
            }
        }

        RequestWrapper wrappedRequest = createRequestWrapper(response, (HttpServletRequest) request);
        /*
         *  #00005078: don't store original URL. Store converted URL instead.
         *  Will be used in WGA.urlBuilder() and other sources 
         */
        request.setAttribute(REQATTRIB_ORIGINAL_URL, wrappedRequest.getRequestURL().toString());
        request.setAttribute(REQATTRIB_ORIGINAL_URI, wrappedRequest.getRequestURI());
        request.setAttribute(REQATTRIB_ORIGINAL_QUERYSTRING, wrappedRequest.getQueryString());

        FinalCharacterEncodingResponseWrapper wrappedResponse = createResponseWrapper(response, wrappedRequest);

        _holdRequestsLock.readLock().lock();
        try {
            _wgaFilterChain.doFilter(wrappedRequest, wrappedResponse);
        } finally {
            _holdRequestsLock.readLock().unlock();
        }

        info.setStatusCode(wrappedResponse.getStatusCode());
        info.setStatusMessage(wrappedResponse.getStatusMessage());

        AbstractWGAHttpSessionManager sessionManager = _core.getHttpSessionManager();
        if (sessionManager != null) {
            sessionManager.requestFinished(wrappedRequest, wrappedResponse);
        }
    } catch (ServletException e) {
        info.setStatusCode(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        info.setStatusMessage(e.getMessage());
        _core.getLog().error("Internal Server Error.", e);
        throw e;
    } finally {
        info.setEndTime(System.currentTimeMillis());
        try {
            WGALoggerWrapper logger = _core.getAccessLogger();
            if (logger != null) {
                logger.logRequest(request);
            }
        } catch (Exception e) {
            _core.getLog().error("Unable to log request.", e);
        }

        WGFactory.getInstance().closeSessions();

        if (!Boolean.TRUE.equals(request.getAttribute(WGPDeployer.REQATTRIB_TML_DEPLOYED))
                && info.getEndTime() > info.getStartTime() + REQUEST_LENGTH_NOTIFICATION_THRESHOLD) {

            String uri = ((HttpServletRequest) request).getRequestURI();
            Problem.Vars vars = Problem.var("reqinfo", info)
                    .var("completeurl", ((HttpServletRequest) request).getRequestURL().toString())
                    .var("host", ((HttpServletRequest) request).getServerName()).var("uri", uri);

            String problemKey = "requestProblem.longRequest#" + uri;

            if (info.getDatabase() != null) {
                _core.getProblemRegistry()
                        .addProblem(Problem.create(new FilterRequestOccasion(),
                                new DatabaseScope(info.getDatabase().getDbReference()), problemKey,
                                ProblemSeverity.LOW, vars));
            } else {
                _core.getProblemRegistry().addProblem(
                        Problem.create(new FilterRequestOccasion(), problemKey, ProblemSeverity.LOW, vars));
            }
        }

        // close opened lucene-resultsets
        LuceneManager luceneManager = _core.getLuceneManager();
        if (luceneManager != null) {
            luceneManager.closeOpenedResultSets();
        }

        _currentRequests.remove(request);
    }
}

From source file:org.sakaiproject.nakamura.http.qos.QoSFilter.java

private QoSToken getQoSControl(ServletRequest request) {
    QoSToken control = (QoSToken) request.getAttribute(QoSToken.CONTROL_ATTR);
    if (control != null) {
        return control;
    }/*from  w w  w .j a v a  2  s  .c  o  m*/

    QoSControl qoSControl = null;

    HttpServletRequest hrequest = (HttpServletRequest) request;
    String requestPath = hrequest.getRequestURI();
    String[] pathElements = StringUtils.split(requestPath, "/", 1);
    if (pathElements != null && pathElements.length > 0) {
        String method = StringUtils.lowerCase(hrequest.getMethod());

        qoSControl = qoSControMap.get(method + ":" + pathElements[0]);
        if (qoSControl == null) {
            qoSControl = qoSControMap.get("*:" + pathElements[0]);
        }
    }
    if (qoSControl == null) {
        qoSControl = defaultQoSControl;
    }
    QoSToken qoSToken = new QoSTokenImpl(qoSControl, request);
    request.setAttribute(QoSToken.CONTROL_ATTR, qoSToken);
    return qoSToken;
}

From source file:uk.ac.cam.ucs.webauth.RavenFilter.java

@Override
public void doFilter(ServletRequest servletReq, ServletResponse servletResp, FilterChain chain)
        throws IOException, ServletException {

    // Only process http requests.
    if ((servletReq instanceof HttpServletRequest) == false) {
        String msg = "Configuration Error.  RavenFilter can only handle Http requests. The rest of the filter chain will NOT be processed.";
        log.error(msg);//from  ww w.j  av  a 2s  . c o  m
        return;
    }

    if (testingMode) {
        servletReq.setAttribute(ATTR_REMOTE_USER, "test");
        ((HttpServletRequest) servletReq).getSession().setAttribute(ATTR_REMOTE_USER, "test");
        chain.doFilter(servletReq, servletResp);
        return;
    }

    HttpServletRequest request = (HttpServletRequest) servletReq;
    HttpServletResponse response = (HttpServletResponse) servletResp;
    HttpSession session = request.getSession();

    log.debug("RavenFilter running for: " + request.getServletPath());

    // Check for an authentication reply in the request
    // If its a POST request then we cannot read parameters because this
    // trashes the inputstream which we want to pass to the servlet. So, if
    // its a post request then assume that there is no WLS-RESPONSE in the
    // request. This is reasonable because WLS-Response is sent from the
    // raven server and it won't do that with a POST request.
    String wlsResponse = null;
    if (!"POST".equals(request.getMethod())) {
        wlsResponse = request.getParameter(WLS_RESPONSE_PARAM);
        log.debug("WLS-Response is " + wlsResponse);
    } else {
        log.debug("Not checking WLS-Response because we have a POST request");
    }

    // WebauthResponse storedResponse = (WebauthResponse)
    // session.getAttribute(WLS_RESPONSE_PARAM);
    WebauthRequest storedRavenReq = (WebauthRequest) session.getAttribute(SESS_RAVEN_REQ_KEY);
    log.debug("Stored raven request is " + storedRavenReq);
    RavenState storedState = (RavenState) session.getAttribute(SESS_STORED_STATE_KEY);
    log.debug("Stored state is " + storedState);
    /*
     * Check the stored state if we have it
     */
    if (storedState != null) {
        if (storedState.status != 200) {
            session.setAttribute(SESS_STORED_STATE_KEY, null);
            response.sendError(storedState.status);
            return;
        }

        /*
         * We do not check for expiry of the state because in this
         * implementation we simply use the session expiry the web admin has
         * configured in Tomcat (since the Raven authentication is only used
         * to set up the session, it makes sense to use the session's expiry
         * rather than Raven's).
         */

        /*
         * We do not check for state.last or state.issue being in the
         * future. State.issue is already checked in the WebauthValidator
         * when the state is initially created. State.last is set by
         * System.currentTimeMillis at state creation time and therefore
         * cannot be in the future.
         */

        if (wlsResponse == null || wlsResponse.length() == 0) {
            log.debug("Accepting stored session");
            if (allowedPrincipals == null || allowedPrincipals.contains(storedState.principal.getName())) {
                chain.doFilter(request, response);
                return;
            } else {
                response.sendError(403, "You are not authorized to view this page.");
                return;
            }
        }
    } // end if (storedState != null)

    /*
     * Check the received response if we have it.
     * 
     * Note - if we have both a stored state and a WLS-Response, we let the
     * WLS-Response override the stored state (this is no worse than if the
     * same request arrived a few minutes later when the first session would
     * have expired, thus removing the stored state)
     */
    if (wlsResponse != null && wlsResponse.length() > 0) {
        WebauthResponse webauthResponse = new WebauthResponse(wlsResponse);
        session.setAttribute(WLS_RESPONSE_PARAM, webauthResponse);
        try {
            log.debug("Validating received response with stored request");
            if (storedRavenReq == null) {
                response.sendError(500, "Failed to find a stored Raven request in the user's session.");
                return;
            }
            this.getWebauthValidator().validate(storedRavenReq, webauthResponse);

            RavenPrincipal principal = new RavenPrincipal(webauthResponse.get("principal"));
            RavenState state = new RavenState(200, webauthResponse.get("issue"), webauthResponse.get("life"),
                    webauthResponse.get("id"), principal, webauthResponse.get("auth"),
                    webauthResponse.get("sso"), webauthResponse.get("params"));

            log.debug("Storing new state " + state.toString());
            session.setAttribute(SESS_STORED_STATE_KEY, state);
            session.setAttribute(ATTR_REMOTE_USER, state.principal.getName());
            request.setAttribute(ATTR_REMOTE_USER, state.principal.getName());

            /*
             * We do a redirect here so the user doesn't see the
             * WLS-Response in his browser location
             */
            response.sendRedirect(webauthResponse.get("url"));
            return;
        } catch (WebauthException e) {
            log.debug("Response validation failed - " + e.getMessage());
            try {
                int status = webauthResponse.getInt("status");
                if (status > 0)
                    response.sendError(status, e.getMessage());
                else
                    response.sendError(500, "Response validation failed - " + e.getMessage());
            } catch (Exception e2) {
                response.sendError(500, "Response validation failed - " + e.getMessage());
            }
            return;
        }
    } else {
        /*
         * No WLS-Response, no stored state. Redirect the user to Raven to
         * log in
         */
        WebauthRequest webauthReq = new WebauthRequest();

        StringBuffer url = request.getRequestURL();
        if (serverURLPrefix != null) {
            // strip off everything up to and including the servlet path and
            // replace with the prefix
            String contextPath = request.getContextPath();
            log.debug("Context path is: " + contextPath);
            log.debug("Request url is: " + request.getRequestURL());
            int index = url.indexOf(contextPath);
            if (index == -1) {
                log.error("Failed to find context path (" + contextPath + ") in request url " + url);
            } else {
                url = new StringBuffer(serverURLPrefix + url.substring(index + contextPath.length()));
            }
        }

        if (request.getQueryString() != null && request.getQueryString().length() > 0) {
            url.append('?');
            url.append(request.getQueryString());
        }
        log.debug("Redirecting with url " + url.toString());
        webauthReq.set("url", url.toString());
        session.setAttribute(SESS_RAVEN_REQ_KEY, webauthReq);
        response.sendRedirect(sRavenAuthenticatePage + "?" + webauthReq.toQString());
        return;
    }
}

From source file:com.adito.vfs.webdav.DAVServlet.java

public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    debugRequest(req);//from   w w  w .  ja  v a  2 s .  co m
    DAVTransaction transaction = null;
    try {
        transaction = new DAVTransaction(req, res);
        DAVProcessor processor = null;
        try {
            processor = DAVServlet.getDAVProcessor(req);
        } catch (CoreException e) {
            ActionMessages mesgs = (ActionMessages) request.getAttribute(Globals.ERROR_KEY);
            if (mesgs == null) {
                mesgs = new ActionMessages();
                request.setAttribute(Globals.ERROR_KEY, mesgs);
            }
            mesgs.add(Globals.MESSAGE_KEY, e.getBundleActionMessage());
            return;
        } catch (Exception e1) {
            throw new IOException(e1.getMessage());
        }

        /**
         * LDP - JB I have removed the authentication code here and instead
         * placed in DAVTransaction. This allows the transaction to
         * correctly obtain sessionInfo through WEBDav.
         */
        /* Mark our presence */
        res.setHeader("Server", this.context.getServerInfo() + " WebDAV");
        res.setHeader("MS-Author-Via", "DAV");
        res.setHeader("DAV", "1");

        /*
         * Get the current SessionInfo if possible, but do not request
         * authentication yet This is because the VFSResource that we want
         * is in a mount that does not require Adito authentication
         * (required for some ActiveX and Applet extensions).
         * 
         * SessionInfo will be null if session can yet be determined
         */
        if (!transaction.attemptToAuthorize()) {
            return;
        }
        SessionInfo sessionInfo = transaction.getSessionInfo();

        // Timeout block is not needed if we have no session
        int timeoutId = sessionInfo == null ? -1
                : LogonControllerFactory.getInstance().addSessionTimeoutBlock(
                        transaction.getSessionInfo().getHttpSession(), "DAV Transaction");
        ;
        try {
            processor.process(transaction);
        } catch (DAVAuthenticationRequiredException dare) {
            /*
             * If the session is temporary, then we are probably dealing
             * with a client that doesn't support cookies. This means that
             * secondary authentication that may be required for some mounts
             * won't work as we cannot have two different sets of
             * credentials without session tracking
             */
            if (sessionInfo != null && sessionInfo.isTemporary()) {
                throw new IOException("Mount requires further authentication. This cannot work "
                        + "on WebDAV clients that do not support cookies.");
            } else {
                throw dare;
            }

        } finally {
            if (timeoutId != -1)
                LogonControllerFactory.getInstance()
                        .removeSessionTimeoutBlock(transaction.getSessionInfo().getHttpSession(), timeoutId);
        }
    } catch (DAVRedirection redir) {
        String redirPath = "/fs" + redir.getLocation().getFullPath();
        req.getRequestDispatcher(redirPath).forward(req, res);
    } catch (DAVAuthenticationRequiredException e) {
        // We need to be able to authenticate the Adito session was
        // well
        // sendAuthorizationError(req, res, e.getMount().getMountString());
        sendAuthorizationError(req, res, e.getHttpRealm());
    } catch (DAVBundleActionMessageException ex) {
        log.error("Network Places Request Failed: " + req.getPathInfo(), ex);
        BundleActionMessage bam = ex.getBundleActionMessage();
        MessageResources mr = CoreUtil.getMessageResources(req.getSession(), bam.getBundle());
        // TODO locale
        String val = mr == null ? null : mr.getMessage(bam.getKey());
        res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR,
                val == null ? (ex.getMessage() == null ? "No message supplied." : ex.getMessage()) : val);
    } catch (DAVException ex) {
        res.setStatus(ex.getStatus());
    } catch (LockedException ex) {
        res.sendError(DAVStatus.SC_LOCKED, ex.getMessage());
    } catch (Throwable t) {
        log.error("Network Places Request Failed: " + req.getPathInfo(), t);
        res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, t.getMessage() == null ? "<null>" : t.getMessage());
    } finally {
        if (transaction != null && transaction.getSessionInfo() != null
                && transaction.getSessionInfo().isTemporary()) {
            transaction.getSessionInfo().getHttpSession().invalidate();
        }
    }
}

From source file:com.sslexplorer.vfs.webdav.DAVServlet.java

public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    debugRequest(req);// w  w w  .  ja va2  s  . co m
    DAVTransaction transaction = null;
    try {
        transaction = new DAVTransaction(req, res);
        DAVProcessor processor = null;
        try {
            processor = DAVServlet.getDAVProcessor(req);
        } catch (CoreException e) {
            ActionMessages mesgs = (ActionMessages) request.getAttribute(Globals.ERROR_KEY);
            if (mesgs == null) {
                mesgs = new ActionMessages();
                request.setAttribute(Globals.ERROR_KEY, mesgs);
            }
            mesgs.add(Globals.MESSAGE_KEY, e.getBundleActionMessage());
            return;
        } catch (Exception e1) {
            throw new IOException(e1.getMessage());
        }

        /**
         * LDP - JB I have removed the authentication code here and instead
         * placed in DAVTransaction. This allows the transaction to
         * correctly obtain sessionInfo through WEBDav.
         */
        /* Mark our presence */
        res.setHeader("Server", this.context.getServerInfo() + " WebDAV");
        res.setHeader("MS-Author-Via", "DAV");
        res.setHeader("DAV", "1");

        /*
         * Get the current SessionInfo if possible, but do not request
         * authentication yet This is because the VFSResource that we want
         * is in a mount that does not require SSL-Explorer authentication
         * (required for some ActiveX and Applet extensions).
         * 
         * SessionInfo will be null if session can yet be determined
         */
        if (!transaction.attemptToAuthorize()) {
            return;
        }
        SessionInfo sessionInfo = transaction.getSessionInfo();

        // Timeout block is not needed if we have no session
        int timeoutId = sessionInfo == null ? -1
                : LogonControllerFactory.getInstance().addSessionTimeoutBlock(
                        transaction.getSessionInfo().getHttpSession(), "DAV Transaction");
        ;
        try {
            processor.process(transaction);
        } catch (DAVAuthenticationRequiredException dare) {
            /*
             * If the session is temporary, then we are probably dealing
             * with a client that doesn't support cookies. This means that
             * secondary authentication that may be required for some mounts
             * won't work as we cannot have two different sets of
             * credentials without session tracking
             */
            if (sessionInfo != null && sessionInfo.isTemporary()) {
                throw new IOException("Mount requires further authentication. This cannot work "
                        + "on WebDAV clients that do not support cookies.");
            } else {
                throw dare;
            }

        } finally {
            if (timeoutId != -1)
                LogonControllerFactory.getInstance()
                        .removeSessionTimeoutBlock(transaction.getSessionInfo().getHttpSession(), timeoutId);
        }
    } catch (DAVRedirection redir) {
        String redirPath = "/fs" + redir.getLocation().getFullPath();
        req.getRequestDispatcher(redirPath).forward(req, res);
    } catch (DAVAuthenticationRequiredException e) {
        // We need to be able to authenticate the SSL-Explorer session was
        // well
        // sendAuthorizationError(req, res, e.getMount().getMountString());
        sendAuthorizationError(req, res, e.getHttpRealm());
    } catch (DAVBundleActionMessageException ex) {
        log.error("Network Places Request Failed: " + req.getPathInfo(), ex);
        BundleActionMessage bam = ex.getBundleActionMessage();
        MessageResources mr = CoreUtil.getMessageResources(req.getSession(), bam.getBundle());
        // TODO locale
        String val = mr == null ? null : mr.getMessage(bam.getKey());
        res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR,
                val == null ? (ex.getMessage() == null ? "No message supplied." : ex.getMessage()) : val);
    } catch (DAVException ex) {
        res.setStatus(ex.getStatus());
    } catch (LockedException ex) {
        res.sendError(DAVStatus.SC_LOCKED, ex.getMessage());
    } catch (Throwable t) {
        log.error("Network Places Request Failed: " + req.getPathInfo(), t);
        res.sendError(DAVStatus.SC_INTERNAL_SERVER_ERROR, t.getMessage() == null ? "<null>" : t.getMessage());
    } finally {
        if (transaction != null && transaction.getSessionInfo() != null
                && transaction.getSessionInfo().isTemporary()) {
            transaction.getSessionInfo().getHttpSession().invalidate();
        }
    }
}

From source file:org.qifu.sys.GreenStepBaseFormAuthenticationFilter.java

/**
 * ? core-web ? ,  gsbsc-web, qcharts-web 
 * //from ww  w  . j  ava 2 s . co  m
 * @param request
 * @param response
 * @return
 * @throws Exception
 */
private boolean loginUseCurrentCookieForGeneralPackage(ServletRequest request, ServletResponse response)
        throws Exception {

    Map<String, String> dataMap = UserCurrentCookie.getCurrentData((HttpServletRequest) request);
    if (dataMap == null) {
        return false;
    }
    String currentId = dataMap.get("currentId");
    String accountId = dataMap.get("account");
    if (StringUtils.isBlank(currentId) || StringUtils.isBlank(accountId)) {
        return false;
    }
    //  tb_sys_usess  current_id  db   
    if (this.uSessLogHelper.countByCurrent(accountId, currentId) < 1) { //  core-web ,  TB_SYS_USESS 
        return false;
    }
    String captchaStr = "0123"; // ? captcha ??? , ? core-web ?       
    request.setAttribute(this.captchaParam, captchaStr);
    ((HttpServletRequest) request).getSession()
            .setAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY, captchaStr);

    ShiroLoginSupport loginSupport = new ShiroLoginSupport();
    AccountVO account = loginSupport.queryUserValidate(accountId);
    loginSupport.forceCreateLoginSubject((HttpServletRequest) request, (HttpServletResponse) response,
            accountId, captchaStr);

    // set session
    this.setUserSession((HttpServletRequest) request, (HttpServletResponse) response, account);
    return true;
}

From source file:gov.nih.nci.system.security.acegi.ui.globus.X509InitializationFilter.java

/**
 * This method checks the X509 certificate chain in globus context and then puts it in the session under property name of
 * javax.servlet.request.X509Certificate 
 * @param request DOCUMENT ME!//from  w ww .  j a  v a  2  s .c o  m
 * @param response DOCUMENT ME!
 * @param filterChain DOCUMENT ME!
 *
 * @throws IOException DOCUMENT ME!
 * @throws javax.servlet.ServletException DOCUMENT ME!
 */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {
    if (!(request instanceof HttpServletRequest)) {
        throw new ServletException("Can only process HttpServletRequest");
    }

    if (!(response instanceof HttpServletResponse)) {
        throw new ServletException("Can only process HttpServletResponse");
    }

    HttpServletRequest httpRequest = (HttpServletRequest) request;

    if (logger.isDebugEnabled()) {
        logger.debug("Checking HTTP Request for Globus Context ");
    }

    try {
        Object obj = httpRequest.getAttribute(GSIConstants.GSI_CONTEXT);
        if (obj != null) {
            GlobusGSSContextImpl ctx = (GlobusGSSContextImpl) obj;
            X509Certificate[] certChain = (X509Certificate[]) ctx.inquireByOid(GSSConstants.X509_CERT_CHAIN);
            if (certChain != null) {
                X509Certificate[] idCertChain = new X509Certificate[] {
                        BouncyCastleUtil.getIdentityCertificate(certChain) };
                request.setAttribute("javax.servlet.request.X509Certificate", idCertChain);
            }
        }
    } catch (Exception e) {
        logger.error("Error getting X509Certificate chain from the globus context:", e);
    }
    filterChain.doFilter(request, response);
}

From source file:com.redhat.rhn.frontend.servlets.EnvironmentFilter.java

/**
 * {@inheritDoc}/* w  w w  .j a v  a2s  . c om*/
 */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest hreq = new RhnHttpServletRequest((HttpServletRequest) request);
    HttpServletResponse hres = new RhnHttpServletResponse((HttpServletResponse) response, hreq);

    boolean sslAvail = ConfigDefaults.get().isSSLAvailable();

    // There are a list of pages that don't require SSL, that list should
    // be called out here.
    String path = hreq.getRequestURI();
    // Have to make this decision here, because once we pass the request
    // off to the next filter, that filter can do work that sends data to
    // the client, meaning that we can't redirect.
    if (RhnHelper.pathNeedsSecurity(nosslurls, path) && !hreq.isSecure() && sslAvail) {
        if (log.isDebugEnabled()) {
            log.debug("redirecting to secure: " + path);
        }
        redirectToSecure(hreq, hres);
        return;
    }

    // Set request attributes we may need later
    HttpServletRequest req = (HttpServletRequest) request;
    request.setAttribute(RequestContext.REQUESTED_URI, req.getRequestURI());

    if (log.isDebugEnabled()) {
        log.debug("set REQUESTED_URI: " + req.getRequestURI());
    }

    // add messages that were put on the request path.
    addParameterizedMessages(req);

    // Done, go up chain
    chain.doFilter(hreq, hres);
}