Java Code Examples for javax.servlet.ServletResponse

@Override
public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain)
    throws IOException, ServletException {
  final HttpServletRequest request = (HttpServletRequest) req;

  final String authHeader = request.getHeader("Authorization");
  if (authHeader == null || !authHeader.startsWith("Bearer ")) {
    ExceptionUtils.createUnauthorizedException("Missing or invalid Authorization header.", res);
    return;
  }

  try {
    final String token = authHeader.substring(7); // The part after "Bearer "
    final Claims claims =
        Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
    request.setAttribute("claims", claims);
  } catch (final Exception e) {
    ExceptionUtils.createUnauthorizedException("Invalid token", res);
    return;
  }

  chain.doFilter(req, res);
}
 

@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) resp;

    request.setCharacterEncoding(encoding);
    response.setCharacterEncoding(encoding);

    String target = request.getRequestURI();
    if (contextPathLength != 0) {
        target = target.substring(contextPathLength);
    }

    boolean handle = actionHandler.handle(target, request, response);

    if (!handle) {// 没有处理则放行
        chain.doFilter(request, response);
    }
}
 

public void doFilter(ServletRequest request, ServletResponse response,
		FilterChain chain) throws IOException, ServletException {
	try {
		getDelegateShrioFilter().doFilter(request, response, chain);
	} catch (UnknownSessionException e) {
		System.out.println(e);
		if(HttpUtils.isAsynRequest((HttpServletRequest) request)){
			Result<Object> result = new Result<Object>();
			result.setSuccess(false);
			result.setMessage("对不起,您的会话已过期,请重新登录！");
			HttpUtils.asynOutputResponse((HttpServletResponse) response, ContentType.APPLICATION_JSON, JsonUtils.object2Json(result));
		}else{
			throw e;
		}
	}
}
 

@Override
public void onTimeout(AsyncEvent event) throws IOException {
  // in this time, maybe:
  // 1.invocation in executor's queue
  // 2.already executing in executor
  // 3.already send response
  // to avoid concurrent, must lock request
  ServletRequest request = event.getSuppliedRequest();
  HttpServletRequestEx requestEx = (HttpServletRequestEx) request.getAttribute(RestConst.REST_REQUEST);

  synchronized (requestEx) {
    ServletResponse response = event.getAsyncContext().getResponse();
    if (!response.isCommitted()) {
      LOGGER.error("Rest request timeout, method {}, path {}.", requestEx.getMethod(), requestEx.getRequestURI());
      // invocation in executor's queue
      response.setContentType(MediaType.APPLICATION_JSON);

      // we don't know if developers declared one statusCode in contract
      // so we use cse inner statusCode here
      ((HttpServletResponse) response).setStatus(ExceptionFactory.PRODUCER_INNER_STATUS_CODE);
      PrintWriter out = response.getWriter();
      out.write(TIMEOUT_MESSAGE);
      response.flushBuffer();
    }

    request.removeAttribute(RestConst.REST_REQUEST);
  }
}
 

@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
		final FilterChain chain) throws IOException, ServletException {
	if (request instanceof HttpServletRequest) {
		final HttpServletRequest req = ((HttpServletRequest) request);
		final HttpServletResponse res = ((HttpServletResponse) response);
		final String header = req.getHeader(SimpleAuth.HTTP_HEADER);
		if (header != null) {
			final String[] sp = header.split(" ");
			// Authentication: torch TOKEN
			if (sp.length == 2) {
				final String scheme = sp[0], param = sp[1];
				if (SimpleAuth.SCHEME.equals(scheme)) {
					if (sa.verify(param)) {
						chain.doFilter(request, response);
						return;
					}
				}
			}
		}
		if (!res.isCommitted()) {
			final String err = "FORBIDDEN\r\n";
			res.reset();
			res.setStatus(HttpServletResponse.SC_FORBIDDEN);
			res.setContentLength(err.length());
			res.setContentType("text/plain");
			res.setCharacterEncoding("ISO-8859-1");
			res.setHeader("Pragma", "no-cache");
			res.setHeader("Cache-Control", "private, no-cache, no-store, must-revalidate");
			res.setHeader(getClass().getSimpleName(), "deny");
			res.getWriter().print(err);
			return;
		}
	}
	if (!response.isCommitted()) {
		response.reset();
	}
	throw new ServletException(new UnsupportedOperationException());
}
 

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
    throws IOException, ServletException {
    try {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String jwt = resolveToken(httpServletRequest);
        if (StringUtils.hasText(jwt)) {
            if (this.tokenProvider.validateToken(jwt)) {
                Authentication authentication = this.tokenProvider.getAuthentication(jwt);
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    } catch (ExpiredJwtException eje) {
        log.info("Security exception for user {} - {}", eje.getClaims().getSubject(), eje.getMessage());
        ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
 

public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
		throws IOException, ServletException {
	HttpServletRequest request = (HttpServletRequest) servletRequest;
	if (isWhiteReq(request.getRequestURI())) {
		chain.doFilter(request, response);
	} else {
		String token = request.getHeader("token");
		if (StringUtils.isNotBlank(token)) {
			try {
				Token tokenInfo = TokenUtil.getTokenInfo(token);
				if (tokenInfo != null) {
					Long now = System.currentTimeMillis();
					if (now - tokenInfo.getTime() < 1000 * 60 * 30) {
						String value = tokenInfo.getValue();
						TokenUtil.setTokenInfo(token, value);
						WebUtil.saveCurrentUser(request, value);
					}
				}
			} catch (Exception e) {
				logger.error("token检查发生异常:", e);
			}
		}
		// 响应
		if (DataUtil.isEmpty(WebUtil.getCurrentUser(request))) {
			response.setContentType("text/html; charset=UTF-8");
			Map<String, Object> modelMap = InstanceUtil.newLinkedHashMap();
			modelMap.put("httpCode", HttpCode.UNAUTHORIZED.value());
			modelMap.put("msg", HttpCode.UNAUTHORIZED.msg());
			modelMap.put("timestamp", System.currentTimeMillis());
			PrintWriter out = response.getWriter();
			out.println(JSON.toJSONString(modelMap));
			out.flush();
			out.close();
		} else {
			chain.doFilter(request, response);
		}
	}
}
 

/**
 * Will accept requests only from build manager.
 */
public void service(final ServletRequest request, final ServletResponse response) throws IOException, ServletException {

  // Prohibit non-remote manager address
  final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
  final String remoteAddr = httpServletRequest.getRemoteAddr();
  if (!DISABLE_SOURCE_IP_ADDRESS_CHECK && !remoteAddr.equals(BUILD_MANAGER_ADDRESS)) {
    final HttpServletResponse httpServletResponce = (HttpServletResponse) response;
    httpServletResponce.setStatus(HttpServletResponse.SC_FORBIDDEN);
    IoUtils.closeHard(request.getInputStream());
    IoUtils.closeHard(response.getOutputStream());
    return;
  }

  // Execute normally
  super.service(request, response);
}
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest)request;
    String ori = req.getHeader("Origin");
    if (ori != null && allowedOrigins.contains(ori)) {
        HttpServletResponse res = (HttpServletResponse)response;
        res.setHeader("Access-Control-Allow-Origin", ori);
        res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        res.setHeader("Access-Control-Max-Age", "3600");
        res.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        res.setHeader("Access-Control-Allow-Credentials", "true");
    }
    chain.doFilter(request, response);
}
 

/** Test.
 * @throws ServletException e
 * @throws IOException e */
@Test
public void testNoHttp() throws ServletException, IOException {
	// non http
	final FilterChain servletChain = createNiceMock(FilterChain.class);
	final ServletRequest servletRequest = createNiceMock(ServletRequest.class);
	final ServletResponse servletResponse = createNiceMock(ServletResponse.class);
	replay(config);
	replay(context);
	replay(servletRequest);
	replay(servletResponse);
	replay(servletChain);
	jiraMonitoringFilter.init(config);
	jiraMonitoringFilter.doFilter(servletRequest, servletResponse, servletChain);
	verify(config);
	verify(context);
	verify(servletRequest);
	verify(servletResponse);
	verify(servletChain);
}
 

public void postFilter(ServletRequest request, ServletResponse response) {
    Segment segment = recorder.getCurrentSegment();
    if (null != segment) {
        HttpServletResponse httpServletResponse = castServletResponse(response);

        if (null != httpServletResponse) {
            Map<String, Object> responseAttributes = new HashMap<String, Object>();

            int responseCode = httpServletResponse.getStatus();
            switch (responseCode/100) {
                case 4:
                    segment.setError(true);
                    if (responseCode == 429) {
                        segment.setThrottle(true);
                    }
                    break;
                case 5:
                    segment.setFault(true);
                    break;
                default:
                    break;
            }
            responseAttributes.put("status", responseCode);


            Optional<Integer> contentLength = getContentLength(httpServletResponse);
            if (contentLength.isPresent()) {
                responseAttributes.put("content_length", contentLength.get());
            }

            segment.putHttp("response", responseAttributes);
        }

        recorder.endSegment();
    }
}
 

@Override
protected boolean isAccessAllowed(ServletRequest request,
		ServletResponse response, Object mappedValue) {
	Subject subject = getSubject(request, response);

	// 如果 isAuthenticated 为 false 证明不是登录过的，同时 isRememberd 为true 证明是没登陆直接通过记住我功能进来的
	if (!subject.isAuthenticated() && subject.isRemembered()) {
		// 获取session的USERSESSION属性来看session是不是空的
		if(null == ShiroAuthenticationManager.getSessionAttribute(ShiroUtils.USERSESSION))
		{
			// 初始化
			UserEntity userEntity = (UserEntity) subject.getPrincipal();
			ShiroAuthenticationManager.setSessionAttribute(ShiroUtils.USERSESSION, userEntity);
		}
	}

	// 这个方法本来只返回 subject.isAuthenticated() 现在我们加上 subject.isRemembered()
	// 让它同时也兼容remember这种情况
	return subject.isAuthenticated() || subject.isRemembered();
}
 

@Test
public void handleChangeUserPasswordRequest_errorAccountNotLocked()
        throws Exception {
    // given
    doReturn(Boolean.TRUE).when(authReqDataMock).isRequestedToChangePwd();
    doReturn("secret").when(authReqDataMock).getNewPassword();
    doReturn("secret").when(authReqDataMock).getNewPassword2();
    doReturn(userDetails).when(identityServiceMock).getUser(
            any(VOUser.class));
    doReturn("error.changePassword").when(requestMock).getAttribute(
            Constants.REQ_ATTR_ERROR_KEY);

    // when
    boolean result = authFilter
            .handleChangeUserPasswordRequest(chainMock, requestMock,
                    responseMock, authReqDataMock, identityServiceMock);

    // then
    assertFalse("Unsuccessful password change", result);
    verify(authFilter, never()).sendRedirect(any(HttpServletRequest.class),
            any(HttpServletResponse.class), anyString());
    verify(chainMock, times(2)).doFilter(any(ServletRequest.class),
            any(ServletResponse.class));
}
 

@Override
public void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse,
		FilterChain chain)
		throws ServletException, IOException {
	HttpServletRequest request = (HttpServletRequest)servletRequest;
	String str = request.getRequestURI().toLowerCase();
	boolean flag = true;
	int idx = 0;
	if ((idx = str.indexOf(".")) > 0){
		str = str.substring(idx);
		if (ignoreExt.contains(str.toLowerCase())){
			flag = false;
		}
	}
	if (flag){
		super.doFilterInternal(servletRequest, servletResponse, chain);
	} else {
		chain.doFilter(servletRequest, servletResponse);
	}
}
 

@Test
public void testService() throws ServletException, IOException {
    this.safeServlet.init(this.mockConfig);

    ServletRequest mockRequest = new MockHttpServletRequest();
    ServletResponse mockResponse = new MockHttpServletResponse();

    try {
        this.safeServlet.service(mockRequest, mockResponse);
    } catch (final ApplicationContextException ace) {
        // good, threw the exception we expected.
        return;
    }

    fail("Should have thrown ApplicationContextException since init() failed.");
}
 

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
	// FIXME per qualche strana ragione la sessione non scade se questa url viene ripetutamente chiamata!
	// Per ovviare al problema, faccio il controllo via js con un timeout pari a quello di sessione, in modo che quando arriva è già scaduta,
	// e male che vada la sessione dura il doppio del session timeout impostato (metti che un ajax rinfresca subito dopo il page load per cui il js che entra qui si trova la sessione ancora attiva e la rinfresca)
	if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		String requestUri = request.getRequestURI();
		if (requestUri.endsWith(COMMAND)) {
			HttpSession session = request.getSession(false);
			String result = "expired";
			if (session!=null) {
				result = "active";
			}
			if (log.isDebugEnabled()) {
				log.debug(COMMAND + " returned " + result + (session!=null?" "+session.getId():""));
			}
			Writer out = response.getWriter();
			out.write(result);
			out.close();
			return;
		} 
	}
	filterChain.doFilter(servletRequest, servletResponse);
}
 

private void doBeforeProcessing(ServletRequest request, ServletResponse response)
		throws IOException, ServletException {
	try (PrintWriter out = response.getWriter()) {
		out.print("my--");
		out.flush();
	}
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain
                     ) throws IOException, ServletException {
  HttpServletRequest httpRequest = (HttpServletRequest) request;
  // if the user is already authenticated, don't override it
  if (httpRequest.getRemoteUser() != null) {
    chain.doFilter(request, response);
  } else {
    HttpServletRequestWrapper wrapper = 
        new HttpServletRequestWrapper(httpRequest) {
      @Override
      public Principal getUserPrincipal() {
        return user;
      }
      @Override
      public String getRemoteUser() {
        return username;
      }
    };
    chain.doFilter(wrapper, response);
  }
}
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest hsrq = (HttpServletRequest) request;
    HttpServletResponse hsrp = (HttpServletResponse) response;
    String clientType = hsrq.getParameter("clientType");
    if ("WORD".equals(clientType)) {
        chain.doFilter(request, response);
    } else {
        SessionUser person = null;
        String reqPage = hsrq.getServletPath();
        if (!reqPage.trim().equals("/login.do") && !reqPage.trim().equals("/login_out.do")
                ) {

            person = (SessionUser) hsrq.getSession().getAttribute(SysConstants.SESSION_USER_KEY);
            if (person == null) {
                hsrp.sendRedirect("login.do");
                return;
            }
        }
        chain.doFilter(request, response);
    }

}
 

@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
        final FilterChain filterChain) throws IOException, ServletException {

    final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request;
    logger.info("Felix Filter: request for {}", slingRequest.getRequestPathInfo().getResourcePath());

    filterChain.doFilter(request, response);
}
 

@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
    if (isLoginRequest(request, response)) {
        if (isLoginSubmission(request, response)) {
            if (log.isTraceEnabled()) {
                log.trace("Login submission detected.  Attempting to execute login.");
            }
            return executeLogin(request, response);
        } else {
            if (log.isTraceEnabled()) {
                log.trace("Login page view.");
            }
            // allow them to see the login page ;)
            return true;
        }
    } else {
        if (log.isTraceEnabled()) {
            log.trace("Attempting to access a path which requires authentication.  Forwarding to the "
                    + "Authentication url [" + getLoginUrl() + "]");
        }
        if (!((HttpServletRequest)request).getRequestURL().toString().endsWith(".json")) {
            saveRequestAndRedirectToLogin(request, response);
        } else {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json; charset=utf-8");
            PrintWriter out = response.getWriter();
            out.println("{\"code\":-203,\"info\":\"login\"}");
            out.flush();
            out.close();
        }
        return false;
    }
}
 

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
	HttpServletResponse response = (HttpServletResponse) res;
	HttpServletRequest request = (HttpServletRequest) req;
	String originHeader = request.getHeader("Origin");
	response.setHeader("Access-Control-Allow-Origin", originHeader);
	response.setHeader("Access-Control-Allow-Credentials", "true");
	response.setHeader("Access-Control-Allow-Methods", "*");
	response.setHeader("Access-Control-Max-Age", "3600");
	response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Key, Authorization");
	
	if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        chain.doFilter(req, res);
    }
	
}
 

@Override
public boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
    AuthenticationToken token = createToken(request, response);
    if (token == null) {
        String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken "
                + "must be created in order to execute a login attempt.";
        throw new IllegalStateException(msg);
    }
    if (checkIfAccountLocked(request)) {
        return onLoginFailure(token, new ExcessiveAttemptsException(), request, response);
    } else {
        if (!doLogin(request, response, token)) {
            resetAccountLock(getUsername(request));
            return false;
        }
        return true;
    }
}
 

/**
 * Notify all lifecycle event listeners that a particular event has
 * occurred for this Container.  The default implementation performs
 * this notification synchronously using the calling thread.
 *
 * @param type Event type
 * @param servlet The relevant Servlet for this event
 * @param request The servlet request we are processing
 * @param response The servlet response we are processing
 * @param exception Exception that occurred
 */
public void fireInstanceEvent(String type, Servlet servlet,
                              ServletRequest request,
                              ServletResponse response,
                              Throwable exception) {

    if (listeners.length == 0)
        return;

    InstanceEvent event = new InstanceEvent(wrapper, servlet, type,
                                            request, response, exception);
    InstanceListener interested[] = listeners;
    for (int i = 0; i < interested.length; i++)
        interested[i].instanceEvent(event);

}
 

private void setupHeadersTest(Tomcat tomcat) {
    Context ctx = tomcat.addContext("", getTemporaryDirectory()
            .getAbsolutePath());
    Tomcat.addServlet(ctx, "servlet", new HttpServlet() {
        private static final long serialVersionUID = 1L;

        @Override
        public void service(ServletRequest req, ServletResponse res)
                throws ServletException, IOException {
            res.setContentType("text/plain; charset=ISO-8859-1");
            res.getWriter().write("OK");
        }
    });
    ctx.addServletMapping("/", "servlet");

    alv = new HeaderCountLogValve();
    tomcat.getHost().getPipeline().addValve(alv);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
		throws IOException, ServletException {
	if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;

		if (response.isCommitted()) {
			if (log.isDebugEnabled()) {
				log.debug(sm.getString("expiresFilter.responseAlreadyCommited", httpRequest.getRequestURL()));
			}
			chain.doFilter(request, response);
		} else {
			XHttpServletResponse xResponse = new XHttpServletResponse(httpRequest, httpResponse);
			chain.doFilter(request, xResponse);
			if (!xResponse.isWriteResponseBodyStarted()) {
				// Empty response, manually trigger
				// onBeforeWriteResponseBody()
				onBeforeWriteResponseBody(httpRequest, xResponse);
			}
		}
	} else {
		chain.doFilter(request, response);
	}
}
 

/**
 * Notify all lifecycle event listeners that a particular event has
 * occurred for this Container.  The default implementation performs
 * this notification synchronously using the calling thread.
 *
 * @param type Event type
 * @param servlet The relevant Servlet for this event
 * @param request The servlet request we are processing
 * @param response The servlet response we are processing
 */
public void fireInstanceEvent(String type, Servlet servlet,
                              ServletRequest request,
                              ServletResponse response) {

    if (listeners.length == 0)
        return;

    InstanceEvent event = new InstanceEvent(wrapper, servlet, type,
                                            request, response);
    InstanceListener interested[] = null;
    synchronized (listeners) {
        interested = (InstanceListener[]) listeners.clone();
    }
    for (int i = 0; i < interested.length; i++)
        interested[i].instanceEvent(event);

}
 

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    ProxyFilterChain proxyFilterChain = new ProxyFilterChain();

    for (Filter filter : filters) {
        proxyFilterChain.setInvokeNextFilter(false);
        filter.doFilter(request, response, proxyFilterChain);

        if (!proxyFilterChain.isInvokeNextFilter()) {
            return;
        }
    }

    chain.doFilter(request, response);
}
 

PrivilegedGetPageContext(JspFactoryImpl factory, Servlet servlet,
        ServletRequest request, ServletResponse response, String errorPageURL,
        boolean needsSession, int bufferSize, boolean autoflush) {
    this.factory = factory;
    this.servlet = servlet;
    this.request = request;
    this.response = response;
    this.errorPageURL = errorPageURL;
    this.needsSession = needsSession;
    this.bufferSize = bufferSize;
    this.autoflush = autoflush;
}
 

@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
	HttpServletRequest req = WebUtils.toHttp(request);
	String xmlHttpRequest = req.getHeader("X-Requested-With");
	if (StringUtils.isNotBlank(xmlHttpRequest)) {
		if (xmlHttpRequest.equalsIgnoreCase("XMLHttpRequest")) {
			HttpServletResponse res = WebUtils.toHttp(response);
			// 采用res.sendError(401);在Easyui中会处理掉error，$.ajaxSetup中监听不到
			res.setHeader("oauthstatus", "401");
			return false;
		}
	}
	return super.onAccessDenied(request, response);
}
 

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    if (enable) {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;
        String contextPath = req.getContextPath();
        String requestUri = req.getRequestURI();
        String path = requestUri.substring(contextPath.length());

        // 如果在黑名单中，直接略过
        if (isExcluded(path)) {
            chain.doFilter(request, response);

            return;
        }

        // 如果符合redirect规则，进行跳转
        if (urlPatternMatcher.shouldRedirect(path)) {
            res.sendRedirect(contextPath + path + "/");

            return;
        }

        // 如果都没问题，才会继续进行判断
        if (urlPatternMatcher.matches(path)) {
            filter.doFilter(request, response, chain);
        } else {
            chain.doFilter(request, response);
        }
    } else {
        chain.doFilter(request, response);
    }
}
 

/**
 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
 */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	// TODO Auto-generated method stub
	// place your code here
	HttpServletRequest loginRequest = (HttpServletRequest) request;
	if((User)loginRequest.getSession().getAttribute("user") != null) {
		chain.doFilter(request, response);
	}
	
	else {
		loginRequest.getRequestDispatcher("/index.jsp").forward(request, response);
	}
}
 

/**
 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
        ServletException {
    // 开始权限过滤
    // 1 判断是否登录
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse resp = (HttpServletResponse) response;
    String reqPath = req.getServletPath();
    if ((reqPath.endsWith(".d") || reqPath.endsWith(".json")) && reqPath.indexOf("doLogin.d") == -1
            && reqPath.indexOf("doLogoff.d") == -1 && reqPath.indexOf("userReg.d") == -1) {
        User u = (User) req.getSession().getAttribute("user");
        if (null == u) {
            resp.sendError(HttpServletResponse.SC_FORBIDDEN);
            return;
            // PrintWriter out = resp.getWriter();
            // req.getRequestDispatcher("/login.html").forward(req,
            // resp);
            // return;
            // if (reqPath.startsWith("/user")) {
            // resp.sendError(HttpServletResponse.SC_FORBIDDEN);
            // //
            // req.getRequestDispatcher("/user/getCurUserInfo.d").forward(req,
            // resp);
            // return;
            // } else {
            // req.getRequestDispatcher("/login.html").forward(req, resp);
            // return;
            // }
        }

    }

    // logger.debug("login check ...{}" + reqPath);
    chain.doFilter(request, response);
}
 

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,DELETE,PUT");
    response.setHeader("Access-Control-Allow-Headers", "Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Max-Age", "180");

    filterChain.doFilter(servletRequest, servletResponse);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;
    HttpSession session = req.getSession(false);
    String loginURI = req.getContextPath() + "/login";

    boolean loggedIn = session != null && session.getAttribute("user") != null;
    boolean loginRequest = req.getRequestURI().equals(loginURI);
    boolean resourceRequest = req.getRequestURI().startsWith(req.getContextPath() + RESOURCE_IDENTIFIER + "/");
    boolean ajaxRequest = "partial/ajax".equals(req.getHeader("Faces-Request"));

    if (loggedIn || loginRequest || resourceRequest) {
        if (!resourceRequest) {
            res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
            res.setHeader("Pragma", "no-cache");
            res.setDateHeader("Expires", 0);
        }
        chain.doFilter(new AuthRequestWrapper((HttpServletRequest) request), response);
    } else if (ajaxRequest) {
        response.setContentType("text/xml");
        response.setCharacterEncoding("UTF-8");
        response.getWriter().printf(AJAX_REDIRECT_XML, loginURI);
    } else {
        res.sendRedirect(loginURI);
    }
}
 

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    String pathInfo = ((HttpServletRequest) servletRequest).getPathInfo();
    if (pathInfo.endsWith("comment")) {
        ((HttpServletResponse) servletResponse).sendRedirect("/api" + pathInfo.replaceAll("/engine/default/task", ""));
    }
    filterChain.doFilter(servletRequest, servletResponse);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    response.setContentType("text/plain");
    response.getWriter().print("Filter");
    chain.doFilter(request, response);
}
 

/**
 * 获取sessionId从请求中
 *
 * @param request
 * @param response
 * @return
 */
private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {
    String id = this.getSessionIdCookieValue(request, response);
    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
    } else {
        id = this.getUriPathSegmentParamValue(request, "JSESSIONID");
        if (id == null) {
            // 获取请求头中的session
            id = WebUtils.toHttp(request).getHeader(this.authorization);
            if (id == null) {
                String name = this.getSessionIdName();
                id = request.getParameter(name);
                if (id == null) {
                    id = request.getParameter(name.toLowerCase());
                }
            }
        }
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
        }
    }

    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
    }

    return id;
}
 

/**
 * 封装支付结果服务器通知
 * <b>注意：这个页面是支付宝服务器端自动调用这个页面的链接地址,
 * 这个页面根据支付宝反馈过来的信息修改网站的定单状态,更新完成后需要返回一个success给支付宝.,
 * 不能含有任何其它的字符包括html语言.
 * </b>
 * <p><a href="https://doc.open.alipay.com/docs/doc.htm?spm=a219a.7629140.0.0.Xh0Gbu&treeId=62&articleId=104743&docType=1">开发文档</p>
 *
 * @param servletRequest
 * @param servletResponse
 * @return
 */
public static PayResultNotifyResponse parsePayResultNotify(ServletRequest servletRequest, ServletResponse servletResponse) {
	HttpServletRequest request = (HttpServletRequest) servletRequest;
	HttpServletResponse response = (HttpServletResponse) servletResponse;
	//获取支付宝POST过来反馈信息
	Map<String, String> params = requestToMap(request);
	//获取支付宝的通知返回参数，可参考技术文档中页面跳转同步通知参数列表(以上仅供参考)//
	if (AlipayNotify.verify(params)) {//验证成功
		return (PayResultNotifyResponse) mapToObject(params, PayResultNotifyResponse.class);
	} else {//验证失败
		return null;
	}
}
 

@Before
public void setup() {
    rdoMock = mock(AuthorizationRequestData.class);

    requestMock = mock(HttpServletRequest.class);

    filter = new BaseBesFilter() {
        @Override
        public void doFilter(ServletRequest arg0, ServletResponse arg1,
                FilterChain arg2) throws IOException, ServletException {
        }
    };
}
 

@Override
protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
	Subject subject = SecurityUtils.getSubject();
	try {
		subject.logout();
	} catch (SessionException ise) {
		LOGGER.info("Encountered session exception during logout.  This can generally safely be ignored.", ise);
	}
	HTTP.writeAsJSON(response,
			MessageBean.STATUS, HTTP.Status.OK.toInt(),
			MessageBean.MESSAGE, Messages.Status.OK.toString()) ;
	return false;
}
 

/**
 * Construct a new InstanceEvent with the specified parameters.  This
 * constructor is used for processing servlet processing events.
 *
 * @param wrapper Wrapper managing this servlet instance
 * @param servlet Servlet instance for which this event occurred
 * @param type Event type (required)
 * @param request Servlet request we are processing
 * @param response Servlet response we are processing
 * @param exception Exception that occurred
 */
public InstanceEvent(Wrapper wrapper, Servlet servlet, String type,
                     ServletRequest request, ServletResponse response,
                     Throwable exception) {

  super(wrapper);
  this.wrapper = wrapper;
  this.filter = null;
  this.servlet = servlet;
  this.type = type;
  this.request = request;
  this.response = response;
  this.exception = exception;

}
 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException 
{
	HttpServletRequest req = (HttpServletRequest)request;
	HttpServletResponse res = (HttpServletResponse)response;
	HttpSession sess = req.getSession();
	String noLoginPaths = config.getInitParameter("noLoginPaths");  
	String path = req.getServletPath();	
	String charset = config.getInitParameter("charset");  
       if(charset==null){  
           charset = "UTF-8";  
       }  
       request.setCharacterEncoding(charset);  
       if(noLoginPaths!=null)
       {  
           String[] strArray = noLoginPaths.split(";");
           for (int i = 0; i < strArray.length; i++)
           {  
               if(strArray[i]==null || "".equals(strArray[i]))
               	continue;  
               if(req.getRequestURI().indexOf(strArray[i])!=-1){  
                   chain.doFilter(request, response);  
                   return;  
               }  
           }  
       }  
	if(sess==null||sess.getAttribute("user_id")==null)
	{
		req.getRequestDispatcher("error.jsp").forward(req, res);
		return;
	}
	else
	{
		chain.doFilter(request, response);
	}
}
 

@Override
public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IllegalStateException {

    this.asyncStarted = true;
    this.asyncContext = new AsyncContextImpl(servletRequest, servletResponse);
    return null;
}
 

@Override
protected boolean isAccessAllowed(ServletRequest request,
		ServletResponse response, Object mappedValue) throws Exception {
	String[] arra = (String[])mappedValue;
	Subject subject = getSubject(request, response);
	for (String role : arra) {
		if(subject.hasRole(role)){
			return true;
		}
	}
	return false;
}
 

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Access-Control-Allow-Origin","*");
    response.setHeader("Access-Control-Allow-Credentials", "true");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "7200");
    response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    response.setHeader("Access-Control-Request-Headers","content-type");
    chain.doFilter(req, res);
}
 

@Override
protected boolean onLoginFailure(AuthenticationToken token,
		AuthenticationException e, ServletRequest request,
		ServletResponse response) {
	request.setAttribute("remainLoginAttempt", getAccountLocked(getUsername(request)));
	return super.onLoginFailure(token, e, request, response);
}
 

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
	String path = ((HttpServletRequest) servletRequest).getRequestURI();
	if (path.contains("/webapi/")) {
	    filterChain.doFilter(servletRequest, servletResponse);
	} else {
		super.doFilter(servletRequest, servletResponse, filterChain);
	}
}
 

@Override
public void doFilter(ServletRequest req, ServletResponse res,
    FilterChain chain)
    throws IOException, ServletException {
  doCrossFilter((HttpServletRequest) req, (HttpServletResponse) res);
  chain.doFilter(req, res);
}
 

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
    throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    String jwt = resolveToken(httpServletRequest);
    if (StringUtils.hasText(jwt) && this.tokenProvider.validateToken(jwt)) {
        Authentication authentication = this.tokenProvider.getAuthentication(jwt);
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }
    filterChain.doFilter(servletRequest, servletResponse);
}
 

private void doDispatch(ServletRequest request, ServletResponse response)
        throws ServletException, IOException {

    // Set up to handle the specified request and response
    State state = new State(request, response, false);

    // Create a wrapped response to use for this request
    wrapResponse(state);

    ApplicationHttpRequest wrequest =
        (ApplicationHttpRequest) wrapRequest(state);

    if (queryString != null) {
        wrequest.setQueryParams(queryString);
    }

    wrequest.setAttribute(Globals.DISPATCHER_TYPE_ATTR,
            DispatcherType.ASYNC);
    wrequest.setAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR,
            getCombinedPath());

    wrequest.setContextPath(context.getPath());
    wrequest.setRequestURI(requestURI);
    wrequest.setServletPath(servletPath);
    wrequest.setPathInfo(pathInfo);
    if (queryString != null) {
        wrequest.setQueryString(queryString);
        wrequest.setQueryParams(queryString);
    }

    invoke(state.outerRequest, state.outerResponse, state);
}
 

/**
 * Notify all lifecycle event listeners that a particular event has
 * occurred for this Container.  The default implementation performs
 * this notification synchronously using the calling thread.
 *
 * @param type Event type
 * @param filter The relevant Filter for this event
 * @param request The servlet request we are processing
 * @param response The servlet response we are processing
 */
public void fireInstanceEvent(String type, Filter filter,
                              ServletRequest request,
                              ServletResponse response) {

    if (listeners.length == 0)
        return;

    InstanceEvent event = new InstanceEvent(wrapper, filter, type,
                                            request, response);
    InstanceListener interested[] = listeners;
    for (int i = 0; i < interested.length; i++)
        interested[i].instanceEvent(event);

}
 

@Override
public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain chain)
        throws ServletException, IOException {

    final HttpServletRequest request = (HttpServletRequest) req;
    final HttpServletResponse response = (HttpServletResponse) resp;

    if (request.isSecure()) {
        response.setHeader("Public-Key-Pins", formatPolicy());
    }

    chain.doFilter(request, response);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain) throws IOException, ServletException {
  if (filterConfig == null)
     return;

  uri = ((HttpServletRequest)request).getRequestURI();
  LOG.info("filtering " + uri);
  chain.doFilter(request, response);
}
 

public void setStarted(Context context, ServletRequest request,
        ServletResponse response, boolean originalRequestResponse) {

    synchronized (asyncContextLock) {
        this.request.getCoyoteRequest().action(
                ActionCode.ASYNC_START, this);

        this.context = context;
        this.servletRequest = request;
        this.servletResponse = response;
        this.hasOriginalRequestAndResponse = originalRequestResponse;
        this.event = new AsyncEvent(this, request, response);

        List<AsyncListenerWrapper> listenersCopy =
            new ArrayList<AsyncListenerWrapper>();
        listenersCopy.addAll(listeners);
        listeners.clear();
        for (AsyncListenerWrapper listener : listenersCopy) {
            try {
                listener.fireOnStartAsync(event);
            } catch (Throwable t) {
                ExceptionUtils.handleThrowable(t);
                log.warn("onStartAsync() failed for listener of type [" +
                        listener.getClass().getName() + "]", t);
            }
        }
    }
}
 

public void doFilter(ServletContext context, ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException
{
    // If a filter up the chain has marked the request as not requiring auth then respect it        
    if (request.getAttribute( NO_AUTH_REQUIRED) != null)
    {
        if ( getLogger().isDebugEnabled())
            getLogger().debug("Authentication not required (filter), chaining ...");
        chain.doFilter(request, response);
    }
    else if (authenticateRequest(context, (HttpServletRequest) request, (HttpServletResponse) response))
    {
        chain.doFilter(request, response);
    }
}
 

@Override
public void service(ServletRequest req, ServletResponse res)
		throws ServletException, IOException {
	System.out.println("Handling Proxy request for " + ((Request) req).getUri().toString());
       if ( authRequired )
       {
           final HttpServletRequest request = (HttpServletRequest) req;
           final HttpServletResponse response = (HttpServletResponse) res;
           String proxyAuthorization = request.getHeader( "Proxy-Authorization" );
           if ( proxyAuthorization != null && proxyAuthorization.startsWith( "Basic " ) )
           {
               String proxyAuth = proxyAuthorization.substring( 6 );
               String authorization = B64Code.decode( proxyAuth );
               String[] authTokens = authorization.split( ":" );
               String user = authTokens[0];
               String password = authTokens[1];

               if ( user.equals(this.proxyUsername) && password.equals( this.proxyPassword ) )
               {
               	super.service(req, res);
                   return;
               }
           }

           // Proxy-Authenticate Basic realm="CCProxy Authorization"
           response.addHeader( "Proxy-Authenticate", "Basic realm=\"Jetty Proxy Authorization\"" );
           response.setStatus( HttpServletResponse.SC_PROXY_AUTHENTICATION_REQUIRED );
           System.out.println("Proxy Auth Creds not supplied");
           
       } else {
		super.service(req, res);
       }

}
 

@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
	// 如果参数中包含“__sid”参数，则使用此sid会话。 例如：http://localhost/project?__sid=xxx&__cookie=true
	String sid = request.getParameter("__sid");
	if (StringUtils.isNotBlank(sid)) {
		// 是否将sid保存到cookie，浏览器模式下使用此参数。
		if (WebUtils.isTrue(request, "__cookie")){
	        HttpServletRequest rq = (HttpServletRequest)request;
	        HttpServletResponse rs = (HttpServletResponse)response;
			Cookie template = getSessionIdCookie();
	        Cookie cookie = new SimpleCookie(template);
			cookie.setValue(sid); cookie.saveTo(rq, rs);
		}
		// 设置当前session状态
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                   ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session来源与url
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid);
           request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
       	return sid;
	}else{
		return super.getSessionId(request, response);
	}
}
 

/**
 * Construct a new InstanceEvent with the specified parameters.  This
 * constructor is used for filter processing events.
 *
 * @param wrapper Wrapper managing this servlet instance
 * @param filter Filter instance for which this event occurred
 * @param type Event type (required)
 * @param request Servlet request we are processing
 * @param response Servlet response we are processing
 * @param exception Exception that occurred
 */
public InstanceEvent(Wrapper wrapper, Filter filter, String type,
                     ServletRequest request, ServletResponse response,
                     Throwable exception) {

  super(wrapper);
  this.filter = filter;
  this.servlet = null;
  this.type = type;
  this.request = request;
  this.response = response;
  this.exception = exception;

}
 

@Override
public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse)
		throws IllegalStateException {
	return getRequest().startAsync(servletRequest, servletResponse);
}