List of usage examples for org.springframework.http HttpHeaders REFERER
String REFERER
To view the source code for org.springframework.http HttpHeaders REFERER.
Click Source Link
From source file:com.muk.services.security.DefaultUaaLoginService.java
@SuppressWarnings("unchecked") @Override/*from www.ja va 2 s . c o m*/ public Map<String, Object> loginForClient(String username, String password, String clientId, UriComponents inUrlComponents) { final Map<String, Object> responsePayload = new HashMap<String, Object>(); final HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8)); final UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(cfgService.getOauthServer()); // login for csrf final UriComponents loginUri = uriBuilder.cloneBuilder().pathSegment("login").build(); ResponseEntity<String> response = exchangeForType(loginUri.toUriString(), HttpMethod.GET, null, headers, String.class); final List<String> cookies = new ArrayList<String>(); cookies.addAll(response.getHeaders().get(HttpHeaders.SET_COOKIE)); final MultiValueMap<String, String> formData = new LinkedMultiValueMap<>(); formData.add("username", username); formData.add("password", password); formData.add(CSRF, getCsrf(cookies)); headers.put(HttpHeaders.COOKIE, translateInToOutCookies(cookies)); headers.add(HttpHeaders.REFERER, loginUri.toUriString()); // login.do response = exchangeForType(uriBuilder.cloneBuilder().pathSegment("login.do").build().toUriString(), HttpMethod.POST, formData, headers, String.class); if (response.getStatusCode() != HttpStatus.FOUND || response.getHeaders().getFirst(HttpHeaders.LOCATION).contains("login")) { responsePayload.put("error", "bad credentials"); return responsePayload; } removeCookie(cookies, "X-Uaa-Csrf"); cookies.addAll(response.getHeaders().get(HttpHeaders.SET_COOKIE)); removeExpiredCookies(cookies); headers.remove(HttpHeaders.REFERER); headers.put(HttpHeaders.COOKIE, translateInToOutCookies(cookies)); // authorize final ResponseEntity<JsonNode> authResponse = exchangeForType( uriBuilder.cloneBuilder().pathSegment("oauth").pathSegment("authorize") .queryParam("response_type", "code").queryParam("client_id", clientId) .queryParam("redirect_uri", inUrlComponents.toUriString()).build().toUriString(), HttpMethod.GET, null, headers, JsonNode.class); if (authResponse.getStatusCode() == HttpStatus.OK) { removeCookie(cookies, "X-Uaa-Csrf"); cookies.addAll(authResponse.getHeaders().get(HttpHeaders.SET_COOKIE)); // return approval data final List<HttpCookie> parsedCookies = new ArrayList<HttpCookie>(); for (final String cookie : cookies) { parsedCookies.add(HttpCookie.parse(cookie).get(0)); } responsePayload.put(HttpHeaders.SET_COOKIE, new ArrayList<String>()); for (final HttpCookie parsedCookie : parsedCookies) { if (!parsedCookie.getName().startsWith("Saved-Account")) { parsedCookie.setPath(inUrlComponents.getPath()); ((List<String>) responsePayload.get(HttpHeaders.SET_COOKIE)) .add(httpCookieToString(parsedCookie)); } } responsePayload.put("json", authResponse.getBody()); } else { // get auth_code from Location Header responsePayload.put("code", authResponse.getHeaders().getLocation().getQuery().split("=")[1]); } return responsePayload; }
From source file:org.egov.restapi.filter.ApiFilter.java
private boolean validateRequest(final MultiReadHttpServletRequest httpServletRequest) { final String referer = httpServletRequest.getHeader(HttpHeaders.REFERER); if (LOG.isInfoEnabled()) { LOG.info("The calling request URL:referer= " + referer); LOG.info("Host = " + httpServletRequest.getHeader("Host")); LOG.info("X-Forwarded-For = " + httpServletRequest.getHeader("X-Forwarded-For")); LOG.info("RequestURL = " + httpServletRequest.getRequestURL()); LOG.info("X-RemoteHost = " + httpServletRequest.getRequest().getRemoteHost()); }/*from w w w . ja va 2 s .c om*/ final List<String> apOnlineIpAddress = restAPIApplicationProperties.aponlineIPAddress(); final List<String> esevaIpAddress = restAPIApplicationProperties.esevaIPAddress(); final List<String> softtechIpAddress = restAPIApplicationProperties.softtechIPAddress(); if (apOnlineIpAddress != null && referer != null) for (final String aponlineIp : apOnlineIpAddress) if (!aponlineIp.equals("") && referer.contains(aponlineIp)) { httpServletRequest.getSession().setAttribute(SOURCE, Source.APONLINE); return true; } if (esevaIpAddress != null && referer != null) for (final String esevaIp : esevaIpAddress) if (!esevaIp.equals("") && referer.contains(esevaIp)) { httpServletRequest.getSession().setAttribute(SOURCE, Source.ESEVA); return true; } if (softtechIpAddress != null && referer != null) for (final String Ip : softtechIpAddress) if (!Ip.equals("") && referer.contains(Ip)) { httpServletRequest.getSession().setAttribute(SOURCE, Source.SOFTTECH); return true; } return false; }