List of usage examples for javax.servlet.http HttpServletResponse SC_FORBIDDEN
int SC_FORBIDDEN
To view the source code for javax.servlet.http HttpServletResponse SC_FORBIDDEN.
Click Source Link
From source file:com.evolveum.midpoint.gui.impl.util.ReportPeerQueryInterceptor.java
private boolean checkRequest(HttpServletRequest request, HttpServletResponse response, String operation) { String userAgent = request.getHeader("User-Agent"); if (!ReportTypeUtil.HEADER_USERAGENT.equals(userAgent)) { LOGGER.debug("Invalid user-agent: {}", userAgent); response.setStatus(HttpServletResponse.SC_FORBIDDEN); return false; }/*from w w w. j a v a2s .c om*/ if (!nodeAuthenticator.authenticate(request.getRemoteHost(), request.getRemoteAddr(), operation)) { LOGGER.debug("Unknown node, host: {} ", request.getRemoteHost()); response.setStatus(HttpServletResponse.SC_FORBIDDEN); return false; } return true; }
From source file:org.jboss.as.test.integration.web.security.servlet.methods.DenyUncoveredHttpMethodsTestCase.java
/** * Tests whether the <deny-uncovered-http-methods/> tag filters methods before the servlet is called. This test creates * custom HTTP method and tries to invoke it. If <deny-uncovered-http-methods/> works correctly status code 403 should be * returned. 403 should be returned also in case the servlet returns anything else for unknown HTTP methods as well. * * @throws Exception/* ww w. ja va 2 s . c o m*/ */ @Test public void testCustomMethod() throws Exception { HttpUriRequest request = new HttpGet(getURL()) { @Override public String getMethod() { return "customMethod"; } }; HttpResponse response = getHttpResponse(request); assertThat(statusCodeOf(response), is(HttpServletResponse.SC_FORBIDDEN)); }
From source file:org.infinispan.server.test.rest.security.RESTCertSecurityTest.java
@Test @InSequence(1)/*ww w . j a va 2 s.c o m*/ public void testSecuredWriteOperations() throws Exception { try { controller.start(CONTAINER1); //correct alias for the certificate put(securedClient(testAlias), keyAddress(KEY_A), HttpServletResponse.SC_OK); //test wrong authorization, 1. wrong alias for the certificate put(securedClient(test2Alias), keyAddress(KEY_B), HttpServletResponse.SC_FORBIDDEN); //2. access over 8080 put(securedClient(testAlias), keyAddressUnsecured(KEY_B), HttpServletResponse.SC_UNAUTHORIZED); post(securedClient(testAlias), keyAddress(KEY_C), HttpServletResponse.SC_OK); post(securedClient(test2Alias), keyAddress(KEY_D), HttpServletResponse.SC_FORBIDDEN); //get is not secured, should be working over 8080 HttpResponse resp = get(securedClient(test2Alias), keyAddressUnsecured(KEY_A), HttpServletResponse.SC_OK); String content = new BufferedReader(new InputStreamReader(resp.getEntity().getContent())).readLine(); assertEquals("data", content); head(securedClient(test2Alias), keyAddressUnsecured(KEY_A), HttpServletResponse.SC_OK); delete(securedClient(test2Alias), keyAddress(KEY_A), HttpServletResponse.SC_FORBIDDEN); delete(securedClient(testAlias), keyAddress(KEY_A), HttpServletResponse.SC_OK); delete(securedClient(testAlias), keyAddress(KEY_C), HttpServletResponse.SC_OK); } finally { controller.stop(CONTAINER1); } }
From source file:com.alfaariss.oa.util.web.RemoteAddrFilter.java
/** * This method only passes on the request to the chain if the remote address * of the caller is allowed.//from ww w . j av a 2s . c om * * The remote address is compared against a configured comma separate list * of wild card masks. * * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, * javax.servlet.ServletResponse, javax.servlet.FilterChain) */ public void doFilter(ServletRequest oRequest, ServletResponse oResponse, FilterChain oChain) throws IOException, ServletException { HttpServletRequest oHttpRequest = null; HttpServletResponse oHttpResponse = null; try { // try to create Http servlet request/response if (oRequest instanceof HttpServletRequest) oHttpRequest = (HttpServletRequest) oRequest; else { _logger.warn("received a non HTTP request"); throw new OAException(SystemErrors.ERROR_INTERNAL); } if (oResponse instanceof HttpServletResponse) oHttpResponse = (HttpServletResponse) oResponse; else { _logger.warn("received a non HTTP request"); throw new OAException(SystemErrors.ERROR_INTERNAL); } String remoteAdr = oHttpRequest.getRemoteAddr(); boolean allow = false; StringTokenizer st = new StringTokenizer(_sIP, ","); while (st.hasMoreTokens() && !allow) //For all masks { allow = matchWildcard(remoteAdr, st.nextToken().trim()); } if (!allow) //FORBIDDEN { _logger.warn("Request not accepted from: " + remoteAdr); oHttpResponse.sendError(HttpServletResponse.SC_FORBIDDEN); } else //ALLOW { _logger.debug("Request accepted from: " + remoteAdr); //Continue with chain oChain.doFilter(oRequest, oResponse); } } catch (OAException e) { _logger.error("Could not process request", e); throw new ServletException(); } catch (Exception e) { _logger.fatal("Could not process request, due to internal error", e); throw new ServletException(); } }
From source file:com.streamsets.pipeline.stage.origin.ipctokafka.IpcToKafkaServlet.java
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String appId = req.getHeader(Constants.X_SDC_APPLICATION_ID_HEADER); if (!configs.appId.equals(appId)) { LOG.warn("Validation from '{}' invalid appId '{}', rejected", req.getRemoteAddr(), appId); resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid 'appId'"); } else {/*from w w w .j a v a 2 s .com*/ LOG.debug("Validation from '{}', OK", req.getRemoteAddr()); resp.setHeader(Constants.X_SDC_PING_HEADER, Constants.X_SDC_PING_VALUE); resp.setStatus(HttpServletResponse.SC_OK); } }
From source file:com.atlassian.jira.web.action.setup.SetupAdminAccount.java
public String doEnableWebSudo() { boolean valid = true; if (setupAlready()) { valid = false;//w w w .j a va 2 s. c om } if (StringUtils.isBlank(webSudoToken)) { valid = false; } else if (!webSudoToken.equals(sharedVariables.getWebSudoToken())) { valid = false; } if (!valid) { ActionContext.getContext().getResponse().setStatus(HttpServletResponse.SC_FORBIDDEN); } else { webSudoManager.startSession(ServletActionContext.getRequest(), ServletActionContext.getResponse()); } return JSON; }
From source file:com.formtek.dashlets.sitetaskmgr.SiteEndTask.java
@Override protected Map<String, Object> buildModel(WorkflowModelBuilder modelBuilder, WebScriptRequest req, Status status, Cache cache) {//from w w w . ja va 2s .c o m Map<String, String> params = req.getServiceMatch().getTemplateVars(); // getting workflow instance id from request parameters String taskId = getTaskId(req); logger.debug("Task Instance: " + taskId); // get the name of the site the workflow should be associated with String site = getSite(req); logger.debug("Workflow should be associated with site: " + site); // get the requested transition id for the workflow String transition = getTransition(req); logger.debug("Workflow requested to transition to state: " + transition); // get the WorkflowPath from the Workflow Instance ID WorkflowTask wfTask = workflowService.getTaskById(taskId); if (wfTask == null) { throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Failed to find workflow task id: " + taskId); } logger.debug("Retrieved the workflow task"); // get the WorkflowPath from the Workflow Instance ID WorkflowPath wfPath = wfTask.getPath(); if (wfPath == null) { throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Failed to find workflow path for task id: " + taskId); } if (SiteWFUtil.canUserChangeWorkflow(wfPath, site, workflowService, nodeService, authenticationService, authorityService)) { logger.debug("User authenticated and workflow to be transitioned."); // check the requested transition WorkflowTransition[] wfTransitions = wfPath.getNode().getTransitions(); logger.debug("Identified " + wfTransitions.length + " transitions."); // Identify the transition name as valid, by checking list of available transitions int i = 0; WorkflowTransition wfTransition = null; for (i = 0; i < wfTransitions.length; i++) { logger.debug("Checking Transition: " + wfTransitions[i].getTitle() + " and id: " + wfTransitions[i].getId()); if (wfTransitions[i].getId().equals(transition)) { logger.debug("Found the transition: " + wfTransitions[i].getTitle()); wfTransition = wfTransitions[i]; } } if (wfTransition == null) { logger.debug("No matching transition found"); throw new WebScriptException(HttpServletResponse.SC_NOT_FOUND, "Unable to find a transition that matches the name: " + transition); } // Do the transition logger.debug("Performing the transition to: " + transition); workflowService.endTask(taskId, wfTransition.getId()); // return an empty model return new HashMap<String, Object>(); } else { throw new WebScriptException(HttpServletResponse.SC_FORBIDDEN, "Failed to transition for task id: " + taskId); } }
From source file:org.jetbrains.webdemo.sessions.MyHttpSession.java
private void sendDeleteProjectResult(HttpServletRequest request) { try {// w w w . j av a 2 s .c o m sessionInfo.setType(SessionInfo.TypeOfRequest.DELETE_PROJECT); MySqlConnector.getInstance().deleteProject(sessionInfo.getUserInfo(), request.getParameter("publicId")); writeResponse(HttpServletResponse.SC_OK); } catch (NullPointerException e) { writeResponse("Can't get parameters", HttpServletResponse.SC_BAD_REQUEST); } catch (DatabaseOperationException e) { writeResponse(e.getMessage(), HttpServletResponse.SC_FORBIDDEN); } }
From source file:com.flexive.war.servlet.ExportServlet.java
/** * Export a type/*www.java 2s. c om*/ * * @param request request * @param response reponse * @param types type name * @throws IOException on errors */ private void exportType(HttpServletRequest request, HttpServletResponse response, List<Long> types) throws IOException { final UserTicket ticket = FxContext.getUserTicket(); if (!ticket.isInRole(Role.StructureManagement)) { LOG.warn("Tried to export type(s) [" + types + "] without being in role StructureManagment!"); response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } final StringBuilder xmlBuild = new StringBuilder(1000).append("<export>"); for (Long id : types) { try { xmlBuild.append(EJBLookup.getTypeEngine().export(CacheAdmin.getEnvironment().getType(id).getId())) .append("\n").append("<!-- NEXT TYPE -->\n"); } catch (FxApplicationException e) { LOG.error(e); response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); return; } } xmlBuild.append("</export>"); final String xml = xmlBuild.toString(); response.setContentType("text/xml"); response.setCharacterEncoding("UTF-8"); final String fileName = "xmlExport"; response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + ".xml\";"); try { response.getOutputStream().write(xml.getBytes(Charsets.UTF_8)); } finally { response.getOutputStream().close(); } }