private static boolean isJsonRpcLightUri(HttpServletRequest rq) { String pathInfo = ServletUtils.extractPathInfo(rq); return Iterables.any(JSON_RPC_PATHS, pathInfo::startsWith); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; if (addonKeyExtractor.isAddonRequest(req)) { // Don't accept requests when the normalised and the original request uris are not the same -- see ACDEV-656 if (ServletUtils.normalisedAndOriginalRequestUrisDiffer(req)) { log.warn("Request URI '{}' was deemed as improperly formed as it did not normalise as expected", new Object[]{req.getRequestURI()}); res.sendError(HttpServletResponse.SC_BAD_REQUEST, "The request URI is improperly formed"); return; } // apply scopes if this is an authenticated request from // a/ A server-to-server call using JWT or OAuth // b/ A XDM bridge call from an add-on that declared scopes (== JSON descriptor) String addonKey = addonKeyExtractor.getAddonKeyFromHttpRequest(req); if (addonKey != null) { handleScopedRequest(addonKey, req, res, chain); return; } } chain.doFilter(request, response); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; if (addonKeyExtractor.isAddonRequest(req)) { // Don't accept requests when the normalised and the original request uris are not the same -- see ACDEV-656 if (ServletUtils.normalisedAndOriginalRequestUrisDiffer(req)) { log.warn("Request URI '{}' was deemed as improperly formed as it did not normalise as expected", new Object[]{req.getRequestURI()}); res.sendError(HttpServletResponse.SC_BAD_REQUEST, "The request URI is improperly formed"); return; } // apply scopes if this is an authenticated request from // a/ A server-to-server call using JWT or OAuth // b/ A XDM bridge call from an add-on that declared scopes (== JSON descriptor) String addonKey = addonKeyExtractor.getAddonKeyFromHttpRequest(req); if (addonKey != null) { handleScopedRequest(addonKey, req, res, chain); return; } } chain.doFilter(request, response); }
private static boolean isJsonRpcLightUri(HttpServletRequest rq) { String pathInfo = ServletUtils.extractPathInfo(rq); return Iterables.any(JSON_RPC_PATHS, pathInfo::startsWith); }
public boolean allow(final HttpServletRequest request) { if (!this.httpMethod.equalsIgnoreCase(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); return paths.stream().anyMatch(path -> isRegex ? pathInfo.matches(path) : pathInfo.startsWith(path)); }
public boolean allow(final HttpServletRequest request) { if (!this.httpMethod.equalsIgnoreCase(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); return paths.stream().anyMatch(path -> isRegex ? pathInfo.matches(path) : pathInfo.startsWith(path)); }
public boolean allow(HttpServletRequest request) { final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { String method = extractMethod(request); if (method == null) { return false; } else if (methods.contains(method)) { return true; } } return false; }
public boolean allow(HttpServletRequest request) { final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { String method = extractMethod(request); if (method == null) { return false; } else if (methods.contains(method)) { return true; } } return false; }
public boolean allow(HttpServletRequest request) { if (!httpMethod.equals(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { // methodName not in path so extract it from body String method = extractMethod(request); if (method == null) { return false; } else if (methods.contains(method)) { return true; } } else { // methodName in path String method = pathInfo.replaceAll(path + "/", ""); return methods.contains(method); } return false; }
public boolean allow(HttpServletRequest request) { if (!httpMethod.equals(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { // methodName not in path so extract it from body String method = extractMethod(request); if (method == null) { return false; } else if (methods.contains(method)) { return true; } } else { // methodName in path String method = pathInfo.replaceAll(path + "/", ""); return methods.contains(method); } return false; }
public boolean allow(HttpServletRequest request) { final String pathInfo = ServletUtils.extractPathInfo(request); final String[] elements = StringUtils.split(pathInfo, '/'); if (elements.length > 2 && "rest".equals(elements[0])) { String name = elements[1]; String version = elements[2].toLowerCase(Locale.US); if (!isVersionString(version)) { version = null; } String method = request.getMethod().toLowerCase(Locale.US); String path = StringUtils.join(Arrays.copyOfRange(elements, version == null ? 2 : 3, elements.length), "/"); if (!path.startsWith("/")) { path = "/" + path; } for (RestScope scope : scopes) { if (scope.match(name, version, path, method)) { return true; } } } return false; }
public boolean allow(HttpServletRequest request) { final String pathInfo = ServletUtils.extractPathInfo(request); final String[] elements = StringUtils.split(pathInfo, '/'); if (elements.length > 2 && "rest".equals(elements[0])) { String name = elements[1]; String version = elements[2].toLowerCase(Locale.US); if (!isVersionString(version)) { version = null; } String method = request.getMethod().toLowerCase(Locale.US); String path = StringUtils.join(Arrays.copyOfRange(elements, version == null ? 2 : 3, elements.length), "/"); if (!path.startsWith("/")) { path = "/" + path; } for (RestScope scope : scopes) { if (scope.match(name, version, path, method)) { return true; } } } return false; }
public boolean allow(HttpServletRequest request) { if (!httpMethod.equals(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { Optional<Pair<String, String>> maybeNamespaceAndName = getMethod(request); if (!maybeNamespaceAndName.isPresent()) { return false; } Pair<String, String> namespaceAndName = maybeNamespaceAndName.get(); for (SoapScope scope : soapActions) { if (scope.match(namespaceAndName.left(), namespaceAndName.right())) { return true; } } } return false; }
public boolean allow(HttpServletRequest request) { if (!httpMethod.equals(request.getMethod())) { return false; } final String pathInfo = ServletUtils.extractPathInfo(request); if (path.equals(pathInfo)) { Optional<Pair<String, String>> maybeNamespaceAndName = getMethod(request); if (!maybeNamespaceAndName.isPresent()) { return false; } Pair<String, String> namespaceAndName = maybeNamespaceAndName.get(); for (SoapScope scope : soapActions) { if (scope.match(namespaceAndName.left(), namespaceAndName.right())) { return true; } } } return false; }
/** * Trim potentially sensitive values from REST calls, append method name for SOAP/RPC. * * @param rq * @return a path that is safe to use for analytics */ private static String toAnalyticsSafePath(HttpServletRequest rq) { String path = StringUtils.removeEnd(ServletUtils.extractPathInfo(rq), "/"); if (isXmlRpcUri(path)) { String method = XmlRpcApiScopeHelper.extractMethod(rq); return path + "/" + method; } else if (isJsonRpcUri(path)) { String method = JsonRpcApiScopeHelper.extractMethod(rq); return path + "/" + method; } else if (isSoapUri(path)) { Optional<Pair<String, String>> maybeMethod = RpcEncodedSoapApiScopeHelper.getMethod(rq); if (!maybeMethod.isPresent()) { return path; } // We're ignoring the namespace String method = maybeMethod.get().right(); return path + "/" + method; } else if (isJsonRpcLightUri(rq)) { return path; } else { return trimRestPath(path); } }
/** * Trim potentially sensitive values from REST calls, append method name for SOAP/RPC. * * @param rq * @return a path that is safe to use for analytics */ private static String toAnalyticsSafePath(HttpServletRequest rq) { String path = StringUtils.removeEnd(ServletUtils.extractPathInfo(rq), "/"); if (isXmlRpcUri(path)) { String method = XmlRpcApiScopeHelper.extractMethod(rq); return path + "/" + method; } else if (isJsonRpcUri(path)) { String method = JsonRpcApiScopeHelper.extractMethod(rq); return path + "/" + method; } else if (isSoapUri(path)) { Optional<Pair<String, String>> maybeMethod = RpcEncodedSoapApiScopeHelper.getMethod(rq); if (!maybeMethod.isPresent()) { return path; } // We're ignoring the namespace String method = maybeMethod.get().right(); return path + "/" + method; } else if (isJsonRpcLightUri(rq)) { return path; } else { return trimRestPath(path); } }