Java Code Examples for org.apache.catalina.connector.Request

The following are top voted examples for showing how to use org.apache.catalina.connector.Request. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: lazycat   File: CometConnectionManagerValve.java   Source Code and License 7 votes vote down vote up
@Override
public void sessionDestroyed(HttpSessionEvent se) {
	// Close all Comet connections associated with this session
	Request[] reqs = (Request[]) se.getSession().getAttribute(cometRequestsAttribute);
	if (reqs != null) {
		for (int i = 0; i < reqs.length; i++) {
			Request req = reqs[i];
			try {
				CometEventImpl event = req.getEvent();
				event.setEventType(CometEvent.EventType.END);
				event.setEventSubType(CometEvent.EventSubType.SESSION_END);
				((CometProcessor) req.getWrapper().getServlet()).event(event);
				event.close();
			} catch (Exception e) {
				req.getWrapper().getParent().getLogger()
						.warn(sm.getString("cometConnectionManagerValve.listenerEvent"), e);
			}
		}
	}
}
 
Example 2
Project: tomcat7   File: ReplicationValve.java   Source Code and License 7 votes vote down vote up
/**
 * Fix memory leak for long sessions with many changes, when no backup member exists!
 * @param request current request after response is generated
 * @param isCrossContext check crosscontext threadlocal
 */
protected void resetReplicationRequest(Request request, boolean isCrossContext) {
    Session contextSession = request.getSessionInternal(false);
    if(contextSession instanceof DeltaSession){
        resetDeltaRequest(contextSession);
        ((DeltaSession)contextSession).setPrimarySession(true);
    }
    if(isCrossContext) {
        List<DeltaSession> sessions = crossContextSessions.get();
        if(sessions != null && sessions.size() >0) {
            Iterator<DeltaSession> iter = sessions.iterator();
            for(; iter.hasNext() ;) {          
                Session session = iter.next();
                resetDeltaRequest(session);
                if(session instanceof DeltaSession)
                    ((DeltaSession)contextSession).setPrimarySession(true);

            }
        }
    }                     
}
 
Example 3
Project: lams   File: StandardEngineValve.java   Source Code and License 7 votes vote down vote up
/**
 * Select the appropriate child Host to process this request,
 * based on the requested server name.  If no matching Host can
 * be found, return an appropriate HTTP error.
 *
 * @param request Request to be processed
 * @param response Response to be produced
 * @param valveContext Valve context used to forward to the next Valve
 *
 * @exception IOException if an input/output error occurred
 * @exception ServletException if a servlet error occurred
 */
public final void invoke(Request request, Response response)
    throws IOException, ServletException {

    // Select the Host to be used for this Request
    Host host = request.getHost();
    if (host == null) {
        response.sendError
            (HttpServletResponse.SC_BAD_REQUEST,
             sm.getString("standardEngine.noHost", 
                          request.getServerName()));
        return;
    }

    // Ask this Host to process this request
    host.getPipeline().getFirst().invoke(request, response);

}
 
Example 4
Project: lazycat   File: AccessLogValve.java   Source Code and License 7 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request, Response response, long time) {
	// Don't need to flush since trigger for log message is after the
	// response has been committed
	long length = response.getBytesWritten(false);
	if (length <= 0) {
		// Protect against nulls and unexpected types as these values
		// may be set by untrusted applications
		Object start = request.getAttribute(Globals.SENDFILE_FILE_START_ATTR);
		if (start instanceof Long) {
			Object end = request.getAttribute(Globals.SENDFILE_FILE_END_ATTR);
			if (end instanceof Long) {
				length = ((Long) end).longValue() - ((Long) start).longValue();
			}
		}
	}
	if (length <= 0 && conversion) {
		buf.append('-');
	} else {
		buf.append(length);
	}
}
 
Example 5
Project: lams   File: WebdavFixValve.java   Source Code and License 7 votes vote down vote up
private String buildRedirect(Request request) {
    StringBuffer location =
        new StringBuffer(request.getRequestURL().length());
    location.append(request.getScheme());
    location.append("://");
    location.append(request.getHost().getName());
    location.append(':');
    // If we include the port, even if it is 80, then MS clients will use
    // a WebDAV client that works rather than the MiniRedir that has
    // problems with BASIC authentication
    location.append(request.getServerPort());
    location.append(request.getRequestURI());
    return location.toString();
}
 
Example 6
Project: apache-tomcat-7.0.73-with-comment   File: ReplicationValve.java   Source Code and License 7 votes vote down vote up
/**
 * Send Cluster Replication Request
 * @param request current request
 * @param manager session manager
 * @param cluster replication cluster
 */
protected void sendSessionReplicationMessage(Request request,
        ClusterManager manager, CatalinaCluster cluster) {
    Session session = request.getSessionInternal(false);
    if (session != null) {
        String uri = request.getDecodedRequestURI();
        // request without session change
        if (!isRequestWithoutSessionChange(uri)) {
            if (log.isDebugEnabled())
                log.debug(sm.getString("ReplicationValve.invoke.uri", uri));
            sendMessage(session,manager,cluster);
        } else
            if(doStatistics())
                nrOfFilterRequests++;
    }

}
 
Example 7
Project: lazycat   File: StandardEngineValve.java   Source Code and License 7 votes vote down vote up
/**
 * Select the appropriate child Host to process this request, based on the
 * requested server name. If no matching Host can be found, return an
 * appropriate HTTP error.
 *
 * @param request
 *            Request to be processed
 * @param response
 *            Response to be produced
 *
 * @exception IOException
 *                if an input/output error occurred
 * @exception ServletException
 *                if a servlet error occurred
 */
@Override
public final void invoke(Request request, Response response) throws IOException, ServletException {

	// Select the Host to be used for this Request
	Host host = request.getHost();
	if (host == null) {
		response.sendError(HttpServletResponse.SC_BAD_REQUEST,
				sm.getString("standardEngine.noHost", request.getServerName()));
		return;
	}
	if (request.isAsyncSupported()) {
		request.setAsyncSupported(host.getPipeline().isAsyncSupported());
	}

	// Ask this Host to process this request
	host.getPipeline().getFirst().invoke(request, response);

}
 
Example 8
Project: tomcat7   File: TestCometProcessor.java   Source Code and License 6 votes vote down vote up
@Override
public void invoke(Request request, Response response)
        throws IOException, ServletException {

    CometEventImpl event = new CometEventImpl(request, response);

    getNext().invoke(request, response);

    if (request.isComet()) {
        Thread t = new AsyncCometCloseThread(event);
        t.start();
    }
}
 
Example 9
Project: Syn   File: SynValve.java   Source Code and License 6 votes vote down vote up
private void setUserRolesFromStaticToken(final Request request, final Token token) {
    final List<String> roles = token.getRoles();
    roles.add("islandora");
    final String name = token.getUser();
    final GenericPrincipal principal = new GenericPrincipal(name, null, roles);
    request.setUserPrincipal(principal);
}
 
Example 10
Project: apache-tomcat-7.0.73-with-comment   File: JvmRouteBinderValve.java   Source Code and License 6 votes vote down vote up
/**
 * Send the changed Sessionid to all clusternodes.
 * 
 * @see JvmRouteSessionIDBinderListener#messageReceived(
 *            org.apache.catalina.ha.ClusterMessage)
 * @param sessionId
 *            current failed sessionid
 * @param newSessionID
 *            new session id, bind to the new cluster node
 */
protected void sendSessionIDClusterBackup(Request request, String sessionId,
        String newSessionID) {
    CatalinaCluster c = getCluster();
    if (c != null && !(getManager(request) instanceof BackupManager)) {
        SessionIDMessage msg = new SessionIDMessage();
        msg.setOrignalSessionID(sessionId);
        msg.setBackupSessionID(newSessionID);
        Context context = request.getContext();
        msg.setContextName(context.getName());
        msg.setHost(context.getParent().getName());
        c.send(msg);
    }
}
 
Example 11
Project: apache-tomcat-7.0.73-with-comment   File: AccessLogValve.java   Source Code and License 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    if (requestAttributesEnabled) {
        Object proto = request.getAttribute(PROTOCOL_ATTRIBUTE);
        if (proto == null) {
            buf.append(request.getProtocol());
        } else {
            buf.append(proto);
        }
    } else {
        buf.append(request.getProtocol());
    }
}
 
Example 12
Project: apache-tomcat-7.0.73-with-comment   File: FormAuthenticator.java   Source Code and License 6 votes vote down vote up
/**
 * Does this request match the saved one (so that it must be the redirect
 * we signaled after successful authentication?
 *
 * @param request The request to be verified
 */
protected boolean matchRequest(Request request) {

  // Has a session been created?
  Session session = request.getSessionInternal(false);
  if (session == null) {
    return (false);
}

  // Is there a saved request?
  SavedRequest sreq = (SavedRequest)
      session.getNote(Constants.FORM_REQUEST_NOTE);
  if (sreq == null) {
    return (false);
}

  // Is there a saved principal?
  if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
    return (false);
}

  // Does the request URI match?
  String decodedRequestURI = request.getDecodedRequestURI();
  if (decodedRequestURI == null) {
    return (false);
}
  return (decodedRequestURI.equals(sreq.getDecodedRequestURI()));
}
 
Example 13
Project: apache-tomcat-7.0.73-with-comment   File: StandardContextValve.java   Source Code and License 6 votes vote down vote up
/**
 * Select the appropriate child Wrapper to process this request,
 * based on the specified request URI.  If no matching Wrapper can
 * be found, return an appropriate HTTP error.
 *
 * @param request Request to be processed
 * @param response Response to be produced
 *
 * @exception IOException if an input/output error occurred
 * @exception ServletException if a servlet error occurred
 */
@Override
public final void invoke(Request request, Response response)
    throws IOException, ServletException {

    // Disallow any direct access to resources under WEB-INF or META-INF
    MessageBytes requestPathMB = request.getRequestPathMB();
    if ((requestPathMB.startsWithIgnoreCase("/META-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/META-INF"))
            || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }

    // Select the Wrapper to be used for this Request
    Wrapper wrapper = request.getWrapper();
    if (wrapper == null || wrapper.isUnavailable()) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }

    // Acknowledge the request
    try {
        response.sendAcknowledgement();
    } catch (IOException ioe) {
        container.getLogger().error(sm.getString(
                "standardContextValve.acknowledgeException"), ioe);
        request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, ioe);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    
    if (request.isAsyncSupported()) {
        request.setAsyncSupported(wrapper.getPipeline().isAsyncSupported());
    }
    wrapper.getPipeline().getFirst().invoke(request, response);
}
 
Example 14
Project: apache-tomcat-7.0.73-with-comment   File: StuckThreadDetectionValve.java   Source Code and License 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void invoke(Request request, Response response)
        throws IOException, ServletException {

    if (threshold <= 0) {
        // short-circuit if not monitoring stuck threads
        getNext().invoke(request, response);
        return;
    }

    // Save the thread/runnable
    // Keeping a reference to the thread object here does not prevent
    // GC'ing, as the reference is removed from the Map in the finally clause

    Long key = Long.valueOf(Thread.currentThread().getId());
    StringBuffer requestUrl = request.getRequestURL();
    if(request.getQueryString()!=null) {
        requestUrl.append("?");
        requestUrl.append(request.getQueryString());
    }
    MonitoredThread monitoredThread = new MonitoredThread(Thread.currentThread(),
        requestUrl.toString(), interruptThreadThreshold > 0);
    activeThreads.put(key, monitoredThread);

    try {
        getNext().invoke(request, response);
    } finally {
        activeThreads.remove(key);
        if (monitoredThread.markAsDone() == MonitoredThreadState.STUCK) {
            if(monitoredThread.wasInterrupted()) {
                interruptedThreadsCount.incrementAndGet();
            }
            completedStuckThreadsQueue.add(
                    new CompletedStuckThread(monitoredThread.getThread(),
                        monitoredThread.getActiveTimeInMillis()));
        }
    }
}
 
Example 15
Project: lazycat   File: AuthenticatorBase.java   Source Code and License 6 votes vote down vote up
@Override
public void logout(Request request) throws ServletException {
	Principal p = request.getPrincipal();
	if (p instanceof GenericPrincipal) {
		try {
			((GenericPrincipal) p).logout();
		} catch (Throwable t) {
			ExceptionUtils.handleThrowable(t);
			log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
		}
	}

	register(request, request.getResponse(), null, null, null, null);
}
 
Example 16
Project: tomcat7   File: StandardContextValve.java   Source Code and License 6 votes vote down vote up
/**
 * Select the appropriate child Wrapper to process this request,
 * based on the specified request URI.  If no matching Wrapper can
 * be found, return an appropriate HTTP error.
 *
 * @param request Request to be processed
 * @param response Response to be produced
 *
 * @exception IOException if an input/output error occurred
 * @exception ServletException if a servlet error occurred
 */
@Override
public final void invoke(Request request, Response response)
    throws IOException, ServletException {

    // Disallow any direct access to resources under WEB-INF or META-INF
    MessageBytes requestPathMB = request.getRequestPathMB();
    if ((requestPathMB.startsWithIgnoreCase("/META-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/META-INF"))
            || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }

    // Select the Wrapper to be used for this Request
    Wrapper wrapper = request.getWrapper();
    if (wrapper == null || wrapper.isUnavailable()) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }

    // Acknowledge the request
    try {
        response.sendAcknowledgement();
    } catch (IOException ioe) {
        container.getLogger().error(sm.getString(
                "standardContextValve.acknowledgeException"), ioe);
        request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, ioe);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return;
    }
    
    if (request.isAsyncSupported()) {
        request.setAsyncSupported(wrapper.getPipeline().isAsyncSupported());
    }
    wrapper.getPipeline().getFirst().invoke(request, response);
}
 
Example 17
Project: lazycat   File: CometConnectionManagerValve.java   Source Code and License 6 votes vote down vote up
/**
 * Register requests for tracking, whenever needed.
 *
 * @param request
 *            The servlet request to be processed
 * @param response
 *            The servlet response to be created
 *
 * @exception IOException
 *                if an input/output error occurs
 * @exception ServletException
 *                if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
	// Perform the request
	getNext().invoke(request, response);

	if (request.isComet() && !response.isClosed()) {
		// Start tracking this connection, since this is a
		// begin event, and Comet mode is on
		HttpSession session = request.getSession(true);

		// Track the connection for webapp reload
		cometRequests.add(request);

		// Track the connection for session expiration
		synchronized (session) {
			Request[] requests = (Request[]) session.getAttribute(cometRequestsAttribute);
			if (requests == null) {
				requests = new Request[1];
				requests[0] = request;
				session.setAttribute(cometRequestsAttribute, requests);
			} else {
				Request[] newRequests = new Request[requests.length + 1];
				for (int i = 0; i < requests.length; i++) {
					newRequests[i] = requests[i];
				}
				newRequests[requests.length] = request;
				session.setAttribute(cometRequestsAttribute, newRequests);
			}
		}
	}

}
 
Example 18
Project: lazycat   File: ExtendedAccessLogValve.java   Source Code and License 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request, Response response, long time) {
	if (null != response) {
		Iterator<String> iter = response.getHeaders(header).iterator();
		if (iter.hasNext()) {
			StringBuilder buffer = new StringBuilder();
			boolean first = true;
			while (iter.hasNext()) {
				if (first) {
					first = false;
				} else {
					buffer.append(",");
				}
				buffer.append(iter.next());
			}
			buf.append(wrap(buffer.toString()));
		}
		return;
	}
	buf.append("-");
}
 
Example 19
Project: tomcat7   File: RequestFilterValve.java   Source Code and License 6 votes vote down vote up
/**
 * Perform the filtering that has been configured for this Valve, matching
 * against the specified request property.
 *
 * @param property The request property on which to filter
 * @param request The servlet request to be processed
 * @param response The servlet response to be processed
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
protected void process(String property, Request request, Response response)
        throws IOException, ServletException {

    if (isAllowed(property)) {
        getNext().invoke(request, response);
        return;
    }

    if (getLog().isDebugEnabled()) {
        getLog().debug(sm.getString("requestFilterValve.deny",
                request.getRequestURI(), property));
    }

    // Deny this request
    denyRequest(request, response);
}
 
Example 20
Project: apache-tomcat-7.0.73-with-comment   File: ContainerBase.java   Source Code and License 6 votes vote down vote up
/**
 * Check this container for an access log and if none is found, look to the
 * parent. If there is no parent and still none is found, use the NoOp
 * access log.
 */
@Override
public void logAccess(Request request, Response response, long time,
        boolean useDefault) {
    
    boolean logged = false;
    
    if (getAccessLog() != null) {
        getAccessLog().log(request, response, time);
        logged = true;
    }
    
    if (getParent() != null) {
        // No need to use default logger once request/response has been logged
        // once
        getParent().logAccess(request, response, time, (useDefault && !logged));
    }
}
 
Example 21
Project: lams   File: AccessLogValve.java   Source Code and License 6 votes vote down vote up
public void addElement(StringBuffer buf, Date date, Request request,
        Response response, long time) {
   if (null != response) {
        String[] values = response.getHeaderValues(header);
        if(values.length > 0) {
            for (int i = 0; i < values.length; i++) {
                String string = values[i];
                buf.append(string) ;
                if(i+1<values.length)
                    buf.append(",");
            }
            return ;
        }
    }
    buf.append("-");
}
 
Example 22
Project: lams   File: AccessLogValve.java   Source Code and License 6 votes vote down vote up
public void addElement(StringBuffer buf, Date date, Request request,
        Response response, long time) {
    if (request != null) {
        if (request.getSession(false) != null) {
            buf.append(request.getSessionInternal(false)
                    .getIdInternal());
        } else {
            buf.append('-');
        }
    } else {
        buf.append('-');
    }
}
 
Example 23
Project: tomcat7   File: TestRemoteIpValve.java   Source Code and License 6 votes vote down vote up
@Test
public void testInvokeAllProxiesAreTrusted() throws Exception {

    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProxiesHeader("x-forwarded-by");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);

    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");

    // TEST
    remoteIpValve.invoke(request, null);

    // VERIFY
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);

    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);

    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);

    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);

    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);

    String actualPostInvokeRemoteHost = request.getRemoteHost();
    assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}
 
Example 24
Project: apache-tomcat-7.0.73-with-comment   File: ExtendedAccessLogValve.java   Source Code and License 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    Cookie[] c = request.getCookies();
    for (int i = 0; c != null && i < c.length; i++) {
        if (name.equals(c[i].getName())) {
            buf.append(wrap(c[i].getValue()));
        }
    }
}
 
Example 25
Project: tomcat7   File: AccessLogValve.java   Source Code and License 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    String query = null;
    if (request != null) {
        query = request.getQueryString();
    }
    if (query != null) {
        buf.append('?');
        buf.append(query);
    }
}
 
Example 26
Project: tomcat7   File: AccessLogValve.java   Source Code and License 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    Object value = null;
    if (request != null) {
        value = request.getAttribute(header);
    } else {
        value = "??";
    }
    if (value != null) {
        if (value instanceof String) {
            buf.append((String) value);
        } else {
            buf.append(value.toString());
        }
    } else {
        buf.append('-');
    }
}
 
Example 27
Project: tomcat7   File: StuckThreadDetectionValve.java   Source Code and License 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public void invoke(Request request, Response response)
        throws IOException, ServletException {

    if (threshold <= 0) {
        // short-circuit if not monitoring stuck threads
        getNext().invoke(request, response);
        return;
    }

    // Save the thread/runnable
    // Keeping a reference to the thread object here does not prevent
    // GC'ing, as the reference is removed from the Map in the finally clause

    Long key = Long.valueOf(Thread.currentThread().getId());
    StringBuffer requestUrl = request.getRequestURL();
    if(request.getQueryString()!=null) {
        requestUrl.append("?");
        requestUrl.append(request.getQueryString());
    }
    MonitoredThread monitoredThread = new MonitoredThread(Thread.currentThread(),
        requestUrl.toString(), interruptThreadThreshold > 0);
    activeThreads.put(key, monitoredThread);

    try {
        getNext().invoke(request, response);
    } finally {
        activeThreads.remove(key);
        if (monitoredThread.markAsDone() == MonitoredThreadState.STUCK) {
            if(monitoredThread.wasInterrupted()) {
                interruptedThreadsCount.incrementAndGet();
            }
            completedStuckThreadsQueue.add(
                    new CompletedStuckThread(monitoredThread.getThread(),
                        monitoredThread.getActiveTimeInMillis()));
        }
    }
}
 
Example 28
Project: apache-tomcat-7.0.73-with-comment   File: DigestAuthenticator.java   Source Code and License 6 votes vote down vote up
/**
 * Generate a unique token. The token is generated according to the
 * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
 * time-stamp ":" private-key ) ).
 *
 * @param request HTTP Servlet request
 */
protected String generateNonce(Request request) {

    long currentTime = System.currentTimeMillis();

    synchronized (lastTimestampLock) {
        if (currentTime > lastTimestamp) {
            lastTimestamp = currentTime;
        } else {
            currentTime = ++lastTimestamp;
        }
    }

    String ipTimeKey =
        request.getRemoteAddr() + ":" + currentTime + ":" + getKey();

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            ipTimeKey.getBytes(B2CConverter.ISO_8859_1));
    String nonce = currentTime + ":" + MD5Encoder.encode(buffer);

    NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
    synchronized (nonces) {
        nonces.put(nonce, info);
    }

    return nonce;
}
 
Example 29
Project: apache-tomcat-7.0.73-with-comment   File: TestRemoteIpValve.java   Source Code and License 5 votes vote down vote up
@Test
public void testInvokeXforwardedProtoSaysHttpsForIncomingHttpRequest() throws Exception {

    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);

    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https");
    request.setSecure(false);
    request.setServerPort(8080);
    request.getCoyoteRequest().scheme().setString("http");

    // TEST
    remoteIpValve.invoke(request, null);

    // VERIFY
    // client ip
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);

    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    assertNull("no intermediate trusted proxy", actualXForwardedBy);

    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);

    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);

    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);

    String actualPostInvokeRemoteHost = request.getRemoteHost();
    assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);

    // protocol
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    assertEquals("x-forwarded-proto says https", "https", actualScheme);

    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    assertEquals("x-forwarded-proto says https", 443, actualServerPort);

    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    assertTrue("x-forwarded-proto says https", actualSecure);

    boolean actualPostInvokeSecure = request.isSecure();
    assertFalse("postInvoke secure", actualPostInvokeSecure);

    int actualPostInvokeServerPort = request.getServerPort();
    assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort);

    String actualPostInvokeScheme = request.getScheme();
    assertEquals("postInvoke scheme", "http", actualPostInvokeScheme);
}
 
Example 30
Project: apache-tomcat-7.0.73-with-comment   File: JvmRouteBinderValve.java   Source Code and License 5 votes vote down vote up
/**
 * get jvmroute from engine
 * 
 * @param request current request
 * @return return jvmRoute from ManagerBase or null
 */
protected String getLocalJvmRoute(Request request) {
    Manager manager = getManager(request);
    if(manager instanceof ManagerBase)
        return ((ManagerBase) manager).getJvmRoute();
    return null ;
}
 
Example 31
Project: tomcat7   File: JvmRouteBinderValve.java   Source Code and License 5 votes vote down vote up
/**
 * get ClusterManager
 * 
 * @param request current request
 * @return manager or null
 */
protected Manager getManager(Request request) {
    Manager manager = request.getContext().getManager();
    if (log.isDebugEnabled()) {
        if(manager != null)
            log.debug(sm.getString("jvmRoute.foundManager", manager,  request.getContext().getName()));
        else 
            log.debug(sm.getString("jvmRoute.notFoundManager", request.getContext().getName()));
    }
    return manager;
}
 
Example 32
Project: lams   File: StandardHostValve.java   Source Code and License 5 votes vote down vote up
/**
 * Handle an HTTP status code or Java exception by forwarding control
 * to the location included in the specified errorPage object.  It is
 * assumed that the caller has already recorded any request attributes
 * that are to be forwarded to this page.  Return <code>true</code> if
 * we successfully utilized the specified error page location, or
 * <code>false</code> if the default error report should be rendered.
 *
 * @param request The request being processed
 * @param response The response being generated
 * @param errorPage The errorPage directive we are obeying
 */
protected boolean custom(Request request, Response response,
                         ErrorPage errorPage) {

    if (container.getLogger().isDebugEnabled())
        container.getLogger().debug("Processing " + errorPage);

    request.setPathInfo(errorPage.getLocation());

    try {

        // Reset the response (keeping the real error code and message)
        response.resetBuffer(true);

        // Forward control to the specified location
        ServletContext servletContext =
            request.getContext().getServletContext();
        RequestDispatcher rd =
            servletContext.getRequestDispatcher(errorPage.getLocation());
        rd.forward(request.getRequest(), response.getResponse());

        // If we forward, the response is suspended again
        response.setSuspended(false);

        // Indicate that we have successfully processed this custom page
        return (true);

    } catch (Throwable t) {

        // Report our failure to process this custom page
        container.getLogger().error("Exception Processing " + errorPage, t);
        return (false);

    }

}
 
Example 33
Project: tomcat7   File: AuthenticatorBase.java   Source Code and License 5 votes vote down vote up
/**
 * Attempts reauthentication to the <code>Realm</code> using
 * the credentials included in argument <code>entry</code>.
 *
 * @param ssoId identifier of SingleSignOn session with which the
 *              caller is associated
 * @param request   the request that needs to be authenticated
 */
protected boolean reauthenticateFromSSO(String ssoId, Request request) {

    if (sso == null || ssoId == null)
        return false;

    boolean reauthenticated = false;

    Container parent = getContainer();
    if (parent != null) {
        Realm realm = parent.getRealm();
        if (realm != null) {
            reauthenticated = sso.reauthenticate(ssoId, realm, request);
        }
    }

    if (reauthenticated) {
        associate(ssoId, request.getSessionInternal(true));

        if (log.isDebugEnabled()) {
            log.debug(" Reauthenticated cached principal '" +
                      request.getUserPrincipal().getName() +
                      "' with auth type '" +  request.getAuthType() + "'");
        }
    }

    return reauthenticated;
}
 
Example 34
Project: tomcat7   File: AuthenticatorBase.java   Source Code and License 5 votes vote down vote up
@Override
public void login(String username, String password, Request request)
        throws ServletException {
    Principal principal = doLogin(request, username, password);
    register(request, request.getResponse(), principal,
                getAuthMethod(), username, password);
}
 
Example 35
Project: apache-tomcat-7.0.73-with-comment   File: AuthenticatorBase.java   Source Code and License 5 votes vote down vote up
/**
 * Attempts reauthentication to the <code>Realm</code> using
 * the credentials included in argument <code>entry</code>.
 *
 * @param ssoId identifier of SingleSignOn session with which the
 *              caller is associated
 * @param request   the request that needs to be authenticated
 */
protected boolean reauthenticateFromSSO(String ssoId, Request request) {

    if (sso == null || ssoId == null)
        return false;

    boolean reauthenticated = false;

    Container parent = getContainer();
    if (parent != null) {
        Realm realm = parent.getRealm();
        if (realm != null) {
            reauthenticated = sso.reauthenticate(ssoId, realm, request);
        }
    }

    if (reauthenticated) {
        associate(ssoId, request.getSessionInternal(true));

        if (log.isDebugEnabled()) {
            log.debug(" Reauthenticated cached principal '" +
                      request.getUserPrincipal().getName() +
                      "' with auth type '" +  request.getAuthType() + "'");
        }
    }

    return reauthenticated;
}
 
Example 36
Project: tomcat8-redis-session-manager   File: RedisSessionHandlerValve.java   Source Code and License 5 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
  try {
    getNext().invoke(request, response);
  } finally {
    manager.afterRequest();
  }
}
 
Example 37
Project: tomcat7   File: CrawlerSessionManagerValve.java   Source Code and License 5 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException,
        ServletException {

    boolean isBot = false;
    String sessionId = null;
    String clientIp = null;

    if (log.isDebugEnabled()) {
        log.debug(request.hashCode() + ": ClientIp=" +
                request.getRemoteAddr() + ", RequestedSessionId=" +
                request.getRequestedSessionId());
    }

    // If the incoming request has a valid session ID, no action is required
    if (request.getSession(false) == null) {

        // Is this a crawler - check the UA headers
        Enumeration<String> uaHeaders = request.getHeaders("user-agent");
        String uaHeader = null;
        if (uaHeaders.hasMoreElements()) {
            uaHeader = uaHeaders.nextElement();
        }

        // If more than one UA header - assume not a bot
        if (uaHeader != null && !uaHeaders.hasMoreElements()) {

            if (log.isDebugEnabled()) {
                log.debug(request.hashCode() + ": UserAgent=" + uaHeader);
            }

            if (uaPattern.matcher(uaHeader).matches()) {
                isBot = true;

                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() +
                            ": Bot found. UserAgent=" + uaHeader);
                }
            }
        }

        // If this is a bot, is the session ID known?
        if (isBot) {
            clientIp = request.getRemoteAddr();
            sessionId = clientIpSessionId.get(clientIp);
            if (sessionId != null) {
                request.setRequestedSessionId(sessionId);
                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() + ": SessionID=" +
                            sessionId);
                }
            }
        }
    }

    getNext().invoke(request, response);

    if (isBot) {
        if (sessionId == null) {
            // Has bot just created a session, if so make a note of it
            HttpSession s = request.getSession(false);
            if (s != null) {
                clientIpSessionId.put(clientIp, s.getId());
                sessionIdClientIp.put(s.getId(), clientIp);
                // #valueUnbound() will be called on session expiration
                s.setAttribute(this.getClass().getName(), this);
                s.setMaxInactiveInterval(sessionInactiveInterval);

                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() +
                            ": New bot session. SessionID=" + s.getId());
                }
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug(request.hashCode() +
                        ": Bot session accessed. SessionID=" + sessionId);
            }
        }
    }
}
 
Example 38
Project: lazycat   File: AccessLogValve.java   Source Code and License 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request, Response response, long time) {
	long commitTime = response.getCoyoteResponse().getCommitTime();
	if (commitTime == -1) {
		buf.append('-');
	} else {
		long delta = commitTime - request.getCoyoteRequest().getStartTime();
		buf.append(Long.toString(delta));
	}
}
 
Example 39
Project: tomcat7   File: ExtendedAccessLogValve.java   Source Code and License 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    ElementTimestampStruct eds = currentDate.get();
    long millis = eds.currentTimestamp.getTime();
    if (date.getTime() > (millis + INTERVAL -1) ||
            date.getTime() < millis) {
        eds.currentTimestamp.setTime(
                date.getTime() - (date.getTime() % INTERVAL));
        eds.currentTimestampString =
            eds.currentTimestampFormat.format(eds.currentTimestamp);
    }
    buf.append(eds.currentTimestampString);
}
 
Example 40
Project: apache-tomcat-7.0.73-with-comment   File: CrawlerSessionManagerValve.java   Source Code and License 5 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException,
        ServletException {

    boolean isBot = false;
    String sessionId = null;
    String clientIp = null;

    if (log.isDebugEnabled()) {
        log.debug(request.hashCode() + ": ClientIp=" +
                request.getRemoteAddr() + ", RequestedSessionId=" +
                request.getRequestedSessionId());
    }

    // If the incoming request has a valid session ID, no action is required
    if (request.getSession(false) == null) {

        // Is this a crawler - check the UA headers
        Enumeration<String> uaHeaders = request.getHeaders("user-agent");
        String uaHeader = null;
        if (uaHeaders.hasMoreElements()) {
            uaHeader = uaHeaders.nextElement();
        }

        // If more than one UA header - assume not a bot
        if (uaHeader != null && !uaHeaders.hasMoreElements()) {

            if (log.isDebugEnabled()) {
                log.debug(request.hashCode() + ": UserAgent=" + uaHeader);
            }

            if (uaPattern.matcher(uaHeader).matches()) {
                isBot = true;

                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() +
                            ": Bot found. UserAgent=" + uaHeader);
                }
            }
        }

        // If this is a bot, is the session ID known?
        if (isBot) {
            clientIp = request.getRemoteAddr();
            sessionId = clientIpSessionId.get(clientIp);
            if (sessionId != null) {
                request.setRequestedSessionId(sessionId);
                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() + ": SessionID=" +
                            sessionId);
                }
            }
        }
    }

    getNext().invoke(request, response);

    if (isBot) {
        if (sessionId == null) {
            // Has bot just created a session, if so make a note of it
            HttpSession s = request.getSession(false);
            if (s != null) {
                clientIpSessionId.put(clientIp, s.getId());
                sessionIdClientIp.put(s.getId(), clientIp);
                // #valueUnbound() will be called on session expiration
                s.setAttribute(this.getClass().getName(), this);
                s.setMaxInactiveInterval(sessionInactiveInterval);

                if (log.isDebugEnabled()) {
                    log.debug(request.hashCode() +
                            ": New bot session. SessionID=" + s.getId());
                }
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug(request.hashCode() +
                        ": Bot session accessed. SessionID=" + sessionId);
            }
        }
    }
}