@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (response instanceof HttpServletResponse) { final HttpServletResponse resp = (HttpServletResponse) response; resp.setHeader("Cache-Control", CACHE_SETTINGS); } chain.doFilter(request, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { HttpServletRequest requestToUse = request; if ("POST".equals(request.getMethod()) && request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) == null) { String paramValue = request.getParameter(this.methodParam); if (StringUtils.hasLength(paramValue)) { String method = paramValue.toUpperCase(Locale.ENGLISH); if (ALLOWED_METHODS.contains(method)) { requestToUse = new HttpMethodRequestWrapper(request, method); } } } filterChain.doFilter(requestToUse, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { final HttpSession session = request.getSession(); LOGGER.debug("Session info for url: {}, Current session: {}, Requested session id: {}", request.getRequestURI(), session.getId(), request.getRequestedSessionId()); filterChain.doFilter(request, response); }
@Override public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpSession httpSession = httpRequest.getSession(); if (null == httpSession.getAttribute(RegistryCenterRestfulApi.REG_CENTER_CONFIG_KEY)) { loadActivatedRegCenter(httpSession); } if (null == httpSession.getAttribute(EventTraceDataSourceRestfulApi.DATA_SOURCE_CONFIG_KEY)) { loadActivatedEventTraceDataSource(httpSession); } filterChain.doFilter(servletRequest, servletResponse); }
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (!request.getRequestURI().contains("/login") && !request.getRequestURI().contains("/acd/appconfig")) { RequestDispatcher dispatcher; HttpSession session = request.getSession(); if (session != null) { if (session.getAttribute("authName") == null || session.getAttribute("authRole") == null) { response.sendRedirect("/login"); return; } } else { request.setAttribute("fail_msg", "Session timed out!"); dispatcher = request.getRequestDispatcher("/Login"); dispatcher.forward(request, response); return; } } fc.doFilter(req, res); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (request instanceof HttpServletRequest && !Telemetry.isDisabled()) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; String language = httpServletRequest.getHeader("Accept-Language"); if (language != null) { if (!requestsByLanguage.containsKey(language)) { requestsByLanguage.put(language, new AtomicLong(0)); } requestsByLanguage.get(language).incrementAndGet(); } } chain.doFilter(request, response); }
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; /* allow signup from the Jenkins home page, or /manage, which is where a /configureSecurity form redirects to */ if(req.getRequestURI().equals(req.getContextPath()+"/") || req.getRequestURI().equals(req.getContextPath() + "/manage")) { if (needsToCreateFirstUser()) { ((HttpServletResponse)response).sendRedirect("securityRealm/firstUser"); } else {// the first user already created. the role of this filter is over. PluginServletFilter.removeFilter(this); chain.doFilter(request,response); } } else chain.doFilter(request,response); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; if ("GET".equals(httpRequest.getMethod())) { String acceptEncoding = httpRequest.getHeader(HttpHeaders.ACCEPT_ENCODING); if (acceptEncoding == null) { chain.doFilter(addGzipAcceptEncoding(httpRequest), response); return; } if (!acceptEncoding.contains("gzip")) { ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE); return; } } chain.doFilter(request, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (request.getMethod().equals("GET") || request.getMethod().equals("HEAD")) { LOGGER.debug("Saving request {}", request.getRequestURI()); SessionUtils.saveRequest(request); } filterChain.doFilter(request, response); } }
HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); String loginURL = request.getContextPath() + "/login.xhtml"; boolean loggedIn = (session != null) && (session.getAttribute("user") != null); boolean loginRequest = request.getRequestURI().equals(loginURL); boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER + "/"); boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request")); response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies. chain.doFilter(request, response); // So, just continue request.
@Override public void doFilterUnlessIgnored(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (HttpServletRequest.class.isAssignableFrom(request.getClass())) { ((HttpServletRequest) request).getSession(); } filterChain.doFilter(request, response); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; String path = httpServletRequest.getRequestURI().replaceFirst(httpServletRequest.getContextPath(), ""); if (!URL_PATTERN.matches(path)) { chain.doFilter(request, response); return; } httpServletResponse.setContentType(HTML); httpServletResponse.setCharacterEncoding(UTF_8.name().toLowerCase(ENGLISH)); httpServletResponse.setHeader(CACHE_CONTROL_HEADER, CACHE_CONTROL_VALUE); String htmlContent = requireNonNull(webPagesCache.getContent(path)); write(htmlContent, httpServletResponse.getOutputStream(), UTF_8); }
HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; String authorization = req.getHeader("Authorization"); chain.doFilter(request,response); } finally { SecurityContextHolder.clearContext(); rsp.setHeader("WWW-Authenticate","Basic realm=\"Jenkins user\""); return; chain.doFilter(request,response); } finally { SecurityContextHolder.clearContext(); rsp.setHeader("Location",path);
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!SessionUtils.hasAuthenticationToken(request)) { LOGGER.debug("Authentication token is not created for the request."); filterChain.doFilter(request, response); return; } final AuthenticationToken<?> authenticationToken = SessionUtils.getAuthenticationToken(request); Assert.notNull(authenticationToken); synchronized (request.getSession(false).getId().intern()) { long localCopyOfLastChangedTime = lastChangedTime;//This is so that the volatile variable is accessed only once. Long previousLastChangedTime = (Long) request.getSession().getAttribute(SECURITY_CONFIG_LAST_CHANGE); if (previousLastChangedTime == null) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); } else if (previousLastChangedTime < localCopyOfLastChangedTime) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); LOGGER.debug("Invalidating existing token {}", authenticationToken); authenticationToken.invalidate(); } } filterChain.doFilter(request, response); }
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; HttpSession session = httpRequest.getSession(); String url = httpRequest.getRequestURI(); String USER_ACCOUNT = (String) session.getAttribute("USER_ACCOUNT"); // if (url.indexOf("login") > 0 || url.indexOf("authcode") >= 0) { // filterChain.doFilter(servletRequest, servletResponse); // } // if (StringUtils.isNotBlank(USER_ACCOUNT)) { // filterChain.doFilter(servletRequest, servletResponse); // } else { // httpResponse.sendRedirect("/sys/tologin"); // } filterChain.doFilter(servletRequest, servletResponse); }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException { try { final HttpServletRequest request = (HttpServletRequest) servletRequest; String ua = request.getHeader( "User-Agent" ); if ( ua != null && !ua.isEmpty() ) { output.add( ua.split( " " )[0] ); } } catch ( RuntimeException e ) { // We're fine with that } filterChain.doFilter( servletRequest, servletResponse ); }
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletResponse httpResp = (HttpServletResponse) resp; Enumeration e = config.getInitParameterNames(); // for each configuration element... while(e.hasMoreElements()) { String headerName = (String) e.nextElement(); String headerValue = config.getInitParameter(headerName); // set the header with the given name and value httpResp.setHeader(headerName, headerValue); } chain.doFilter(req, resp); }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { request.setAttribute("http.route", ((HttpServletRequest) request).getRequestURI()); chain.doFilter(request, response); }
@Override public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type, Accept, Authorization"); } filterChain.doFilter(request, response); }
private static void doHttpFilter(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain) throws IOException, ServletException { // SONAR-6881 Disable OPTIONS and TRACE methods if (!ALLOWED_HTTP_METHODS.contains(httpRequest.getMethod())) { httpResponse.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); return; } // WARNING, headers must be added before the doFilter, otherwise they won't be added when response is already committed (for instance when a WS is called) // Clickjacking protection // See https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_EE // The protection is disabled on purpose for integration in external systems like VSTS (/integration/vsts/index.html). String path = httpRequest.getRequestURI().replaceFirst(httpRequest.getContextPath(), ""); if (!path.startsWith("/integration/")) { httpResponse.addHeader("X-Frame-Options", "SAMEORIGIN"); } // Cross-site scripting // See https://www.owasp.org/index.php/List_of_useful_HTTP_headers httpResponse.addHeader("X-XSS-Protection", "1; mode=block"); // MIME-sniffing // See https://www.owasp.org/index.php/List_of_useful_HTTP_headers httpResponse.addHeader("X-Content-Type-Options", "nosniff"); chain.doFilter(httpRequest, httpResponse); }