private void handle(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { if (allowedMethods.contains(request.getMethod())) { chain.doFilter(request, response); } else { LOG.debug("Request with disallowed method {} blocked", request.getMethod()); response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } }
/** * Constructs a new instance from the given HTTP request. * * @param request the current request to save. */ public SavedRequest(HttpServletRequest request) { this.method = request.getMethod(); this.queryString = request.getQueryString(); this.requestURI = request.getRequestURI(); }
void insertIntoMDC(ServletRequest request) { MDC.put(ClassicConstants.REQUEST_REMOTE_HOST_MDC_KEY, request.getRemoteHost()); if (request instanceof HttpServletRequest) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; MDC.put(ClassicConstants.REQUEST_REQUEST_URI, httpServletRequest.getRequestURI()); StringBuffer requestURL = httpServletRequest.getRequestURL(); if (requestURL != null) { MDC.put(ClassicConstants.REQUEST_REQUEST_URL, requestURL.toString()); } MDC.put(ClassicConstants.REQUEST_METHOD, httpServletRequest.getMethod()); MDC.put(ClassicConstants.REQUEST_QUERY_STRING, httpServletRequest.getQueryString()); MDC.put(ClassicConstants.REQUEST_USER_AGENT_MDC_KEY, httpServletRequest.getHeader("User-Agent")); MDC.put(ClassicConstants.REQUEST_X_FORWARDED_FOR, httpServletRequest.getHeader("X-Forwarded-For")); } }
private void logRequest(HttpServletRequest request) { LogFormatUtils.traceDebug(logger, traceOn -> { String params; if (isEnableLoggingRequestDetails()) { params = request.getParameterMap().entrySet().stream() .map(entry -> entry.getKey() + ":" + Arrays.toString(entry.getValue())) .collect(Collectors.joining(", ")); } else { params = (request.getParameterMap().isEmpty() ? "" : "masked"); } String query = StringUtils.isEmpty(request.getQueryString()) ? "" : "?" + request.getQueryString(); String dispatchType = (!request.getDispatcherType().equals(DispatcherType.REQUEST) ? "\"" + request.getDispatcherType().name() + "\" dispatch for " : ""); String message = (dispatchType + request.getMethod() + " \"" + getRequestUri(request) + query + "\", parameters={" + params + "}"); if (traceOn) { List<String> values = Collections.list(request.getHeaderNames()); String headers = values.size() > 0 ? "masked" : ""; if (isEnableLoggingRequestDetails()) { headers = values.stream().map(name -> name + ":" + Collections.list(request.getHeaders(name))) .collect(Collectors.joining(", ")); } return message + ", headers={" + headers + "} in DispatcherServlet '" + getServletName() + "'"; } else { return message; } }); }
@Override public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String uri = request.getRequestURI(); HessianSkeleton skeleton = skeletonMap.get(uri); if (!request.getMethod().equalsIgnoreCase("POST")) { response.setStatus(500); } else { RpcContext.getContext().setRemoteAddress(request.getRemoteAddr(), request.getRemotePort()); Enumeration<String> enumeration = request.getHeaderNames(); while (enumeration.hasMoreElements()) { String key = enumeration.nextElement(); if (key.startsWith(Constants.DEFAULT_EXCHANGER)) { RpcContext.getContext().setAttachment(key.substring(Constants.DEFAULT_EXCHANGER.length()), request.getHeader(key)); } } try { skeleton.invoke(request.getInputStream(), response.getOutputStream()); } catch (Throwable e) { throw new ServletException(e); } } }
private static boolean shouldRequestBeChecked(HttpServletRequest request) { if (UPDATE_METHODS.contains(request.getMethod())) { String path = request.getRequestURI().replaceFirst(request.getContextPath(), ""); return path.startsWith(API_URL); } return false; }
public String getRequestInfo(HttpServletRequest request) { return String.format("URI: %s; Scheme: %s; Host: %s; Port: %s; Origin: %s; Method: %s", request.getRequestURI(), request.getScheme(), request.getServerName(), request.getServerPort(), request.getHeader("Origin"), request.getMethod()); }
if (request.getMethod().equalsIgnoreCase("TRACE") || request.getMethod().equalsIgnoreCase("OPTIONS")) { response.sendError(HttpServletResponse.SC_FORBIDDEN); response.flushBuffer(); ((Request) request).setHandled(true); response.setStatus(HttpServletResponse.SC_OK); response.getWriter().write("For Flume metrics please click" + " <a href = \"./metrics\"> here</a>."); } else if (target.equalsIgnoreCase("/metrics")) { response.setContentType("application/json;charset=utf-8"); response.setStatus(HttpServletResponse.SC_OK); Map<String, Map<String, String>> metricsMap = JMXPollUtil.getAllMBeans(); String json = gson.toJson(metricsMap, mapType); return; response.sendError(HttpServletResponse.SC_NOT_FOUND); response.flushBuffer();
static public String dumpHeaders(HttpServletRequest request) { StringBuilder sb = new StringBuilder(); Enumeration<?> em = request.getHeaderNames(); sb.append('\n'); sb.append("<HEADERS request=\"" + request.getRequestURL().toString()); if (null != request.getQueryString()) sb.append("?" + request.getQueryString()); sb.append("\""); sb.append('\n' + "SESSIONid=\"" + request.getSession().getId() + "\""); sb.append('\n' + "ServerName=\"" + request.getServerName() + "\""); sb.append('\n' + "ServerPort=\"" + request.getServerPort() + "\""); sb.append('\n' + "localAddr=\"" + request.getLocalAddr() + "\""); sb.append('\n' + "localName=\"" + request.getLocalName() + "\""); sb.append('\n' + "localPort=\"" + request.getLocalPort() + "\""); sb.append('\n' + "RemoteAddr=\"" + request.getRemoteAddr() + "\""); sb.append('\n' + "RemoteHost=\"" + request.getRemoteHost() + "\""); sb.append('\n' + "RemotePort=\"" + request.getRemotePort() + "\""); sb.append('\n' + "Encoding=\"" + request.getCharacterEncoding() + "\""); sb.append('\n' + "Method=\"" + request.getMethod() + "\""); sb.append(">"); while (em.hasMoreElements()) { String name = (String) em.nextElement(); sb.append('\n'); sb.append("[" + name + "]:"); sb.append(request.getHeader(name)); } sb.append('\n'); sb.append("</HEADERS>"); return sb.toString(); }
if (resource == null) { logger.debug("Resource not found"); response.sendError(HttpServletResponse.SC_NOT_FOUND); return; if (HttpMethod.OPTIONS.matches(request.getMethod())) { response.setHeader("Allow", getAllowHeader()); return; if (METHOD_HEAD.equals(request.getMethod())) { setHeaders(response, resource, mediaType); return; if (request.getHeader(HttpHeaders.RANGE) == null) { Assert.state(this.resourceHttpMessageConverter != null, "Not initialized"); setHeaders(response, resource, mediaType); try { List<HttpRange> httpRanges = inputMessage.getHeaders().getRange(); response.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT); this.resourceRegionHttpMessageConverter.write( HttpRange.toResourceRegions(httpRanges, resource), mediaType, outputMessage); response.sendError(HttpServletResponse.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { if (request.getMethod().equals("GET") || request.getMethod().equals("HEAD")) { LOGGER.debug("Saving request {}", request.getRequestURI()); SessionUtils.saveRequest(request); } filterChain.doFilter(request, response); } }
@Test public void testNotFound() throws ServletException, IOException { StaticContentServlet servlet = new StaticContentServlet(); ServletContext context = mock(ServletContext.class); when(context.getServletContextName()).thenReturn("foo"); when(context.getMimeType(anyString())).thenReturn("image/jpeg"); ServletConfig config = mock(ServletConfig.class); when(config.getInitParameterNames()).thenReturn(Collections.enumeration(Arrays.asList("root"))); when(config.getInitParameter("root")).thenReturn(getFileSystemRoot()); when(config.getServletContext()).thenReturn(context); servlet.init(config); HttpServletRequest request = mock(HttpServletRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getPathInfo()).thenReturn("/missing.jpg"); when(request.getRequestURI()).thenReturn("/foo/missing.jpg"); when(request.getContextPath()).thenReturn("/foo"); HttpServletResponse response = mock(HttpServletResponse.class); servlet.service(request, response); verify(response).sendError(HttpServletResponse.SC_NOT_FOUND, "/foo/missing.jpg"); }
CorsConfiguration configuration) throws IOException, ServletException { boolean isPreflightRequest = OPTIONS.toString().equals(request.getMethod()); String method = request.getMethod(); if (!isPreflightRequest && !isAllowedMethod(method, configuration)) { logger.debug(String.format("Request with invalid method was rejected: %s", method)); response.sendError(METHOD_NOT_ALLOWED.value(), "Illegal method."); return true; String origin = request.getHeader(ORIGIN); } catch(URISyntaxException e) { logger.debug(String.format("Request with invalid origin was rejected: %s", origin)); response.sendError(FORBIDDEN.value(), "Invalid origin"); return true; response.sendError(FORBIDDEN.value(), "Illegal origin"); return true; String requestUri = request.getRequestURI(); if (!isAllowedRequestUri(requestUri, configuration)) { logger.debug(String.format("Request with URI: %s was rejected because it didn't match allowed URIs", requestUri));
public void handle(String s, Request r, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { if ("GET".equalsIgnoreCase(request.getMethod())) { String qs = request.getQueryString(); if (isNonEmpty(qs)) { for (String qnv : qs.split("&")) { String nv[] = qnv.split("="); response.addHeader(nv[0], nv[1]); } response.setStatus(HttpServletResponse.SC_OK); } else { response.sendError(HttpServletResponse.SC_NOT_ACCEPTABLE); } } else { // this handler is to handle POST request response.sendError(HttpServletResponse.SC_FORBIDDEN); } r.setHandled(true); } }
@Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; if (!request.getMethod().equals(POST.name())) { response.setStatus(HTTP_BAD_REQUEST); return; } logout(request, response); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (isEnabled()) { if ( isMethodAllowed(request) || isEndpointAllowed(request)) { filterChain.doFilter(request, response); } else { logger.debug(format("Operation Not permitted in limited mode for URL:%s and method:%s", request.getRequestURI(), request.getMethod() ) ); Map<String, String> json = getErrorData(); if (acceptsJson(request)) { response.setStatus(SC_SERVICE_UNAVAILABLE); response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); response.getWriter().write(JsonUtils.writeValueAsString(json)); response.getWriter().flush(); response.getWriter().close(); } else { response.sendError(SC_SERVICE_UNAVAILABLE, json.get("description")); } } } else { filterChain.doFilter(request, response); } }
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; if ("GET".equals(httpRequest.getMethod())) { String acceptEncoding = httpRequest.getHeader(HttpHeaders.ACCEPT_ENCODING); if (acceptEncoding == null) { chain.doFilter(addGzipAcceptEncoding(httpRequest), response); return; } if (!acceptEncoding.contains("gzip")) { ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE); return; } } chain.doFilter(request, response); }
@Override public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String uri = request.getRequestURI(); HttpInvokerServiceExporter skeleton = skeletonMap.get(uri); if (!request.getMethod().equalsIgnoreCase("POST")) { response.setStatus(500); } else { RpcContext.getContext().setRemoteAddress(request.getRemoteAddr(), request.getRemotePort()); try { skeleton.handleRequest(request, response); } catch (Throwable e) { throw new ServletException(e); } } }
public static boolean doXsrfFilter(ServletRequest request, ServletResponse response, Set<String> methodsToIgnore, String headerName) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest)request; if (methodsToIgnore == null) { methodsToIgnore = XSRF_METHODS_TO_IGNORE_DEFAULT ; } if (headerName == null ) { headerName = XSRF_HEADER_DEFAULT; } if (methodsToIgnore.contains(httpRequest.getMethod()) || httpRequest.getHeader(headerName) != null) { return true; } else { ((HttpServletResponse)response).sendError( HttpServletResponse.SC_BAD_REQUEST, "Missing Required Header for Vulnerability Protection"); response.getWriter().println( "XSRF filter denial, requests must contain header : " + headerName); return false; } }