List of usage examples for javax.servlet FilterChain doFilter
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException;
From source file:com.ar.dev.tierra.api.config.CsrfHeaderFilter.java
/** * Metodo para agregar cookie contra CRSF * @param request// www . ja v a 2s . c om * @param response * @param filterChain * @throws ServletException * @throws IOException */ @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie); } } filterChain.doFilter(request, response); }
From source file:eu.trentorise.smartcampus.resourceprovider.filter.ResourceFilter.java
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { final boolean debug = logger.isDebugEnabled(); final HttpServletRequest request = (HttpServletRequest) req; final HttpServletResponse response = (HttpServletResponse) res; try {/*from w ww . j av a 2 s. c om*/ String tokenValue = parseToken(request); if (HttpMethod.OPTIONS.equals(HttpMethod.valueOf(request.getMethod()))) { chain.doFilter(request, response); // throw new OAuth2Exception("options"); } else if (tokenValue == null) { if (debug) { logger.debug("No token in request, will continue chain."); } throw new OAuth2Exception("empty token"); } else { ResourceCallAuthenticationToken authentication = new ResourceCallAuthenticationToken(tokenValue, ""); request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, tokenValue); authentication.setDetails(authenticationDetailsSource.buildDetails(request)); authentication.setRequestPath(getFullURL(request)); authentication.setHttpMethod(HttpMethod.valueOf(request.getMethod())); Authentication authResult = authenticationManager.authenticate(authentication); SecurityContextHolder.getContext().setAuthentication(authResult); chain.doFilter(request, response); } } catch (OAuth2Exception failed) { SecurityContextHolder.clearContext(); if (debug) { logger.debug("Authentication request failed: " + failed); } authenticationEntryPoint.commence(request, response, new InsufficientAuthenticationException(failed.getMessage(), failed)); return; } }
From source file:org.apereo.openlrs.CORSFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (log.isDebugEnabled()) { log.debug("CORSFilter invoked"); }//from w ww. j av a2 s . co m response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with, " + XApiConstants.XAPI_VERSION_HEADER + ", Authorization, Content-Type"); filterChain.doFilter(request, response); }
From source file:org.appverse.web.framework.backend.security.authentication.userpassword.filters.CustomUserNamePasswordAuthenticationFilter.java
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { final boolean debug = logger.isDebugEnabled(); String uri = request.getRequestURI().substring(request.getContextPath().length()); if (userNamePasswordAuthenticationUri == null || !uri.equals(userNamePasswordAuthenticationUri)) { chain.doFilter(request, response); return;// ww w. j av a2 s .co m } try { String[] tokens = extractUserNameAndPassword(request); assert tokens.length == 2; String username = tokens[0]; if (debug) { logger.debug("Username and password attributes found for user '" + username + "'"); } if (authenticationIsRequired(username)) { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]); authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); Authentication authResult = authenticationManager.authenticate(authRequest); if (debug) { logger.debug("Authentication success: " + authResult); } SecurityContextHolder.getContext().setAuthentication(authResult); rememberMeServices.loginSuccess(request, response, authResult); onSuccessfulAuthentication(request, response, authResult); } } catch (AuthenticationException failed) { SecurityContextHolder.clearContext(); if (debug) { logger.debug("Authentication request for failed: " + failed); } rememberMeServices.loginFail(request, response); onUnsuccessfulAuthentication(request, response, failed); if (ignoreFailure) { chain.doFilter(request, response); } else { authenticationEntryPoint.commence(request, response, failed); } return; } chain.doFilter(request, response); }
From source file:cn.guoyukun.spring.web.filter.BaseFilter.java
/** * 1?????/*www. j a v a 2s .co m*/ * 2????? */ @Override public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String currentURL = httpRequest.getServletPath(); logger.debug("url filter : current url : [{}]", currentURL); if (isBlackURL(currentURL)) { chain.doFilter(request, response); return; } if (!isWhiteURL(currentURL)) { chain.doFilter(request, response); return; } doFilter(httpRequest, httpResponse, chain); return; }
From source file:org.cloudfoundry.identity.api.web.CorsFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) ;/*from w w w. j a va 2 s . com*/ { // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.addHeader("Access-Control-Allow-Headers", "Authorization"); response.addHeader("Access-Control-Max-Age", "1728000"); } filterChain.doFilter(request, response); }
From source file:io.github.alsguo.common.web.filter.BaseFilter.java
/** * 1?????/*from ww w .j av a 2 s.c o m*/ * 2????? */ public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; String currentURL = httpRequest.getServletPath(); logger.debug("url filter : current url : [{}]", currentURL); if (isBlackURL(currentURL)) { chain.doFilter(request, response); return; } if (!isWhiteURL(currentURL)) { chain.doFilter(request, response); return; } doFilter(httpRequest, httpResponse, chain); return; }
From source file:edu.harvard.i2b2.fhir.oauth2.ws.PublicClientFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { String url = ((HttpServletRequest) request).getRequestURL().toString(); logger.info("url:" + url); //if(!url.startsWith("/token")) return; String msg = ""; Enumeration<String> kl = request.getParameterNames(); while (kl.hasMoreElements()) { String k = kl.nextElement(); msg += k + "->" + request.getParameter(k) + "\n"; }//from ww w . jav a 2s. co m logger.info(msg); chain.doFilter(new PublicClientWrapper((HttpServletRequest) request), response); }
From source file:org.jasig.web.filter.SimpleCorsFilter.java
/** * Sets the headers to support CORS /*from ww w . j ava 2 s . c o m*/ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", allowOrigin); response.setHeader("Access-Control-Allow-Methods", allowMethod); response.setHeader("Access-Control-Max-Age", maxAge); response.setHeader("Access-Control-Allow-Headers", allowHeaders); chain.doFilter(req, res); }
From source file:com.tamnd.app.filters.CsrfHeaderFilter.java
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); if (csrf != null) { Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN"); String token = csrf.getToken(); if (cookie == null || token != null && !token.equals(cookie.getValue())) { cookie = new Cookie("XSRF-TOKEN", token); cookie.setPath("/"); response.addCookie(cookie);/*from ww w . j a v a2s .c om*/ } } filterChain.doFilter(request, response); // CsrfToken token = (CsrfToken) request.getAttribute(REQUEST_ATTRIBUTE_NAME); // if (token != null) { // response.setHeader(RESPONSE_HEADER_NAME, token.getHeaderName()); // response.setHeader(RESPONSE_PARAM_NAME, token.getParameterName()); // response.setHeader(RESPONSE_TOKEN_NAME , token.getToken()); // } // filterChain.doFilter(request, response); }