/** * <p>The authentication is mandatory if the servlet has http constraints (eg.: {@link * javax.servlet.annotation.HttpConstraint}).</p> * * @param attachment * @return */ private Boolean isMandatory(final ServletRequestContext attachment) { return attachment.getExchange().getSecurityContext() != null && attachment.getExchange().getSecurityContext().isAuthenticationRequired(); }
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
requestURI(src.getExchange()), roles);
/** * <p>The authentication is mandatory if the servlet has http constraints (eg.: {@link * javax.servlet.annotation.HttpConstraint}).</p> * * @param attachment * @return */ private Boolean isMandatory(final ServletRequestContext attachment) { return attachment.getExchange().getSecurityContext() != null && attachment.getExchange().getSecurityContext().isAuthenticationRequired(); }
/** * <p>The authentication is mandatory if the servlet has http constraints (eg.: {@link * javax.servlet.annotation.HttpConstraint}).</p> * * @param attachment * @return */ private Boolean isMandatory(final ServletRequestContext attachment) { return attachment.getExchange().getSecurityContext() != null && attachment.getExchange().getSecurityContext().isAuthenticationRequired(); }
public boolean displayStackTraces() { ServletStackTraces mode = deployment.getDeploymentInfo().getServletStackTraces(); if (mode == ServletStackTraces.NONE) { return false; } else if (mode == ServletStackTraces.ALL) { return true; } else { InetSocketAddress localAddress = getExchange().getSourceAddress(); if(localAddress == null) { return false; } InetAddress address = localAddress.getAddress(); if(address == null) { return false; } if(!address.isLoopbackAddress()) { return false; } return !getExchange().getRequestHeaders().contains(Headers.X_FORWARDED_FOR); } }
private void createChannel() { if (channel == null) { channel = servletRequestContext.getExchange().getResponseChannel(); if (internalListener != null) { channel.getWriteSetter().set(internalListener); } } }
private void writeBufferBlocking(final boolean writeFinal) throws IOException { if (channel == null) { channel = servletRequestContext.getExchange().getResponseChannel(); } buffer.flip(); while (buffer.hasRemaining()) { if (writeFinal) { channel.writeFinal(buffer); } else { channel.write(buffer); } if (buffer.hasRemaining()) { channel.awaitWritable(); } } buffer.clear(); setFlags(FLAG_WRITE_STARTED); }
private void handleError(final Throwable t) { try { servletRequestContext.getCurrentServletContext().invokeRunnable(servletRequestContext.getExchange(), new Runnable() { @Override public void run() { listener.onError(t); } }); } finally { IoUtils.safeClose(channel, servletRequestContext.getExchange().getConnection()); if (pooledBuffer != null) { pooledBuffer.close(); pooledBuffer = null; buffer = null; } } } }
@Override public void run() { if (channel == null) { servletRequestContext.getExchange().getIoThread().execute(new Runnable() { @Override public void run() { internalListener.handleEvent(null); } }); } else { channel.resumeWrites(); } } });
private ByteBuffer buffer() { ByteBuffer buffer = this.buffer; if (buffer != null) { return buffer; } if (bufferSize != null) { this.buffer = ByteBuffer.allocateDirect(bufferSize); return this.buffer; } else { this.pooledBuffer = servletRequestContext.getExchange().getConnection().getByteBufferPool().allocate(); this.buffer = pooledBuffer.getBuffer(); return this.buffer; } }
private void onAsyncError(final Throwable t) { final boolean setupRequired = SecurityActions.currentServletRequestContext() == null; servletRequestContext.getCurrentServletContext().invokeRunnable(servletRequestContext.getExchange(), new Runnable() { @Override public void run() { setupRequestContext(setupRequired); try { for (final BoundAsyncListener listener : asyncListeners) { AsyncEvent event = new AsyncEvent(AsyncContextImpl.this, listener.servletRequest, listener.servletResponse, t); try { listener.asyncListener.onError(event); } catch (IOException e) { UndertowServletLogger.REQUEST_LOGGER.ioExceptionDispatchingAsyncEvent(e); } catch (Throwable t) { UndertowServletLogger.REQUEST_LOGGER.failureDispatchingAsyncEvent(t); } } } finally { tearDownRequestContext(setupRequired); } } }); }
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
private void sessionDestroyedImpl(HttpSessionEvent se) { //we need to get the current account //there are two options here, we can look for the account in the current request //or we can look for the account that has been saved in the session //for maximum compatibility we do both ServletRequestContext src = ServletRequestContext.current(); Account requestAccount = null; if (src != null) { SecurityContext securityContext = src.getExchange().getSecurityContext(); if(securityContext != null) { requestAccount = securityContext.getAuthenticatedAccount(); if (requestAccount != null) { clearAccount(requestAccount); } } } if (se.getSession() instanceof HttpSessionImpl) { final HttpSessionImpl impl = (HttpSessionImpl) se.getSession(); Session session = impl.getSession(); if (session != null) { AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession"); if(authenticatedSession != null) { Account sessionAccount = authenticatedSession.getAccount(); if (sessionAccount != null && !sessionAccount.equals(requestAccount)) { clearAccount(sessionAccount); } } } } }
private void onAsyncStart(final AsyncContext newAsyncContext) { final boolean setupRequired = SecurityActions.currentServletRequestContext() == null; servletRequestContext.getCurrentServletContext().invokeRunnable(servletRequestContext.getExchange(), new Runnable() { @Override public void run() { //now run request listeners setupRequestContext(setupRequired); try { for (final BoundAsyncListener listener : asyncListeners) { //make sure we use the new async context AsyncEvent event = new AsyncEvent(newAsyncContext, listener.servletRequest, listener.servletResponse); try { listener.asyncListener.onStartAsync(event); } catch (IOException e) { UndertowServletLogger.REQUEST_LOGGER.ioExceptionDispatchingAsyncEvent(e); } catch (Throwable t) { UndertowServletLogger.REQUEST_LOGGER.failureDispatchingAsyncEvent(t); } } } finally { tearDownRequestContext(setupRequired); } } }); }
private void onAsyncComplete() { final boolean setupRequired = SecurityActions.currentServletRequestContext() == null; servletRequestContext.getCurrentServletContext().invokeRunnable(servletRequestContext.getExchange(), new Runnable() { @Override public void run() { //now run request listeners setupRequestContext(setupRequired); try { for (final BoundAsyncListener listener : asyncListeners) { AsyncEvent event = new AsyncEvent(AsyncContextImpl.this, listener.servletRequest, listener.servletResponse); try { listener.asyncListener.onComplete(event); } catch (IOException e) { UndertowServletLogger.REQUEST_LOGGER.ioExceptionDispatchingAsyncEvent(e); } catch (Throwable t) { UndertowServletLogger.REQUEST_LOGGER.failureDispatchingAsyncEvent(t); } } } finally { tearDownRequestContext(setupRequired); } } }); }
channel = servletRequestContext.getExchange().getResponseChannel();
requestURI(src.getExchange()), roles);
servletRequestContext.setSession(null); servletRequestContext.setCurrentServletContext(this.servletContext); this.servletContext.invokeAction(servletRequestContext.getExchange(), new ThreadSetupHandler.Action<Void, Object>() { @Override public Void call(HttpServerExchange exchange, Object context) throws Exception { servletRequestContext.setCurrentServletContext(oldServletContext); servletRequestContext.getCurrentServletContext().updateSessionAccessTime(servletRequestContext.getExchange());
/** * {@inheritDoc} */ public void flush() throws IOException { //according to the servlet spec we ignore a flush from within an include if (servletRequestContext.getOriginalRequest().getDispatcherType() == DispatcherType.INCLUDE || servletRequestContext.getOriginalResponse().isTreatAsCommitted()) { return; } if (servletRequestContext.getDeployment().getDeploymentInfo().isIgnoreFlush() && servletRequestContext.getExchange().isRequestComplete() && servletRequestContext.getOriginalResponse().getHeader(Headers.TRANSFER_ENCODING_STRING) == null) { //we mark the stream as flushed, but don't actually flush //because in most cases flush just kills performance //we only do this if the request is fully read, so that http tunneling scenarios still work servletRequestContext.getOriginalResponse().setIgnoredFlushPerformed(true); return; } flushInternal(); }