javax.servlet.FilterChain Java Examples

The following examples show how to use javax.servlet.FilterChain. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 7 votes vote down vote up
@Override
public void doFilter(ServletRequest request,
    ServletResponse response,
    FilterChain chain
) throws IOException, ServletException {
  HttpServletRequestWrapper quoted =
      new RequestQuoter((HttpServletRequest) request);
  HttpServletResponse httpResponse = (HttpServletResponse) response;

  String mime = inferMimeType(request);
  if (mime == null) {
    httpResponse.setContentType("text/plain; charset=utf-8");
  } else if (mime.startsWith("text/html")) {
    // HTML with unspecified encoding, we want to
    // force HTML with utf-8 encoding
    // This is to avoid the following security issue:
    // http://openmya.hacker.jp/hasegawa/security/utf7cs.html
    httpResponse.setContentType("text/html; charset=utf-8");
  } else if (mime.startsWith("application/xml")) {
    httpResponse.setContentType("text/xml; charset=utf-8");
  }
  headerMap.forEach((k, v) -> httpResponse.addHeader(k, v));
  chain.doFilter(quoted, httpResponse);
}
 
Example #2
Source File: CorsFilter.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Handles a CORS request that violates specification.
 *
 * @param request The {@link HttpServletRequest} object.
 * @param response The {@link HttpServletResponse} object.
 * @param filterChain The {@link FilterChain} object.
 */
private void handleInvalidCORS(final HttpServletRequest request,
        final HttpServletResponse response, final FilterChain filterChain) {
    String origin = request.getHeader(CorsFilter.REQUEST_HEADER_ORIGIN);
    String method = request.getMethod();
    String accessControlRequestHeaders = request.getHeader(
            REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);

    response.setContentType("text/plain");
    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
    response.resetBuffer();

    if (log.isDebugEnabled()) {
        // Debug so no need for i18n
        StringBuilder message = new StringBuilder("Invalid CORS request; Origin=");
        message.append(origin);
        message.append(";Method=");
        message.append(method);
        if (accessControlRequestHeaders != null) {
            message.append(";Access-Control-Request-Headers=");
            message.append(accessControlRequestHeaders);
        }
        log.debug(message.toString());
    }
}
 
Example #3
Source File: JWTAuthorizationFilter.java    From datax-web with MIT License 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain) throws IOException, ServletException {

    String tokenHeader = request.getHeader(JwtTokenUtils.TOKEN_HEADER);
    // 如果请求头中没有Authorization信息则直接放行
    if (tokenHeader == null || !tokenHeader.startsWith(JwtTokenUtils.TOKEN_PREFIX)) {
        chain.doFilter(request, response);
        return;
    }
    // 如果请求头中有token,则进行解析,并且设置认证信息
    try {
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(tokenHeader));
    } catch (TokenIsExpiredException e) {
        //返回json形式的错误信息
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        response.getWriter().write(JSON.toJSONString(R.failed(e.getMessage())));
        response.getWriter().flush();
        return;
    }
    super.doFilterInternal(request, response, chain);
}
 
Example #4
Source File: JwtAuthenticationTokenFilter.java    From mall-learning with Apache License 2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain) throws ServletException, IOException {
    String authHeader = request.getHeader(this.tokenHeader);
    if (authHeader != null && authHeader.startsWith(this.tokenHead)) {
        String authToken = authHeader.substring(this.tokenHead.length());// The part after "Bearer "
        String username = jwtTokenUtil.getUserNameFromToken(authToken);
        LOGGER.info("checking username:{}", username);
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
            if (jwtTokenUtil.validateToken(authToken, userDetails)) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                LOGGER.info("authenticated user:{}", username);
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
    }
    chain.doFilter(request, response);
}
 
Example #5
Source File: RequestFilter.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Perform the filtering that has been configured for this Filter, matching
 * against the specified request property.
 *
 * @param property The request property on which to filter
 * @param request The servlet request to be processed
 * @param response The servlet response to be processed
 * @param chain The filter chain
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
protected void process(String property, ServletRequest request,
        ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    if (isAllowed(property)) {
        chain.doFilter(request, response);
    } else {
        if (response instanceof HttpServletResponse) {
            if (getLogger().isDebugEnabled()) {
                getLogger().debug(sm.getString("requestFilter.deny",
                        ((HttpServletRequest) request).getRequestURI(), property));
            }
            ((HttpServletResponse) response).sendError(denyStatus);
        } else {
            sendErrorWhenNotHttp(response);
        }
    }
}
 
Example #6
Source File: LoginProcessSetTenantFilter.java    From microservices-platform with Apache License 2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    try {
        DefaultSavedRequest savedRequest = (DefaultSavedRequest)request.getSession().getAttribute(SAVED_REQUEST);
        if (savedRequest != null) {
            String[] clientIds = savedRequest.getParameterValues("client_id");
            if (ArrayUtil.isNotEmpty(clientIds)) {
                //保存租户id
                TenantContextHolder.setTenant(clientIds[0]);
            }
        }
        chain.doFilter(request, response);
    } finally {
        TenantContextHolder.clear();
    }
}
 
Example #7
Source File: SetCharacterEncodingFilter.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Select and set (if specified) the character encoding to be used to
 * interpret request parameters for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 * @param chain The filter chain we are processing
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain)
    throws IOException, ServletException {

    // Conditionally select and set the character encoding to be used
    if (ignore || (request.getCharacterEncoding() == null)) {
        String characterEncoding = selectEncoding(request);
        if (characterEncoding != null) {
            request.setCharacterEncoding(characterEncoding);
        }
    }

    // Pass control on to the next filter
    chain.doFilter(request, response);
}
 
Example #8
Source File: ShallowEtagHeaderFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void filterSendError() throws Exception {
	final MockHttpServletRequest request = new MockHttpServletRequest("GET", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	final byte[] responseBody = "Hello World".getBytes("UTF-8");
	FilterChain filterChain = (filterRequest, filterResponse) -> {
		assertEquals("Invalid request passed", request, filterRequest);
		response.setContentLength(100);
		FileCopyUtils.copy(responseBody, filterResponse.getOutputStream());
		((HttpServletResponse) filterResponse).sendError(HttpServletResponse.SC_FORBIDDEN);
	};
	filter.doFilter(request, response, filterChain);

	assertEquals("Invalid status", 403, response.getStatus());
	assertNull("Invalid ETag header", response.getHeader("ETag"));
	assertEquals("Invalid Content-Length header", 100, response.getContentLength());
	assertArrayEquals("Invalid content", responseBody, response.getContentAsByteArray());
}
 
Example #9
Source File: JwtAuthenticationTokenFilter.java    From BigDataPlatform with GNU General Public License v3.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain) throws ServletException, IOException {
    String authHeader = request.getHeader(this.tokenHeader);
    if (authHeader != null && authHeader.startsWith(this.tokenHead)) {
        String authToken = authHeader.substring(this.tokenHead.length());// The part after "Bearer "
        String username = jwtTokenUtil.getUserNameFromToken(authToken);
        LOGGER.info("checking username:{}", username);
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
            if (jwtTokenUtil.validateToken(authToken, userDetails)) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                LOGGER.info("authenticated user:{}", username);
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
    }
    chain.doFilter(request, response);
}
 
Example #10
Source File: RequestBodyCacheFilter.java    From summerframework with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    throws IOException, ServletException {
    if (!StringUtils.isEmpty(request.getContentType())
        && MediaType.APPLICATION_JSON.isCompatibleWith(MediaType.valueOf(request.getContentType()))) {
        chain.doFilter(new ContentCachingRequestWrapper((HttpServletRequest)request), response);
    } else {
        chain.doFilter(request, response);
    }
}
 
Example #11
Source File: FilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
		FilterChain filterChain) throws ServletException, IOException {

	filterChain.doFilter(new HttpServletRequestWrapper(request) {

		@Override
		public Principal getUserPrincipal() {
			return () -> PRINCIPAL_NAME;
		}

		// Like Spring Security does in HttpServlet3RequestFactory..

		@Override
		public AsyncContext getAsyncContext() {
			return super.getAsyncContext() != null ?
					new AsyncContextWrapper(super.getAsyncContext()) : null;
		}

	}, new HttpServletResponseWrapper(response));
}
 
Example #12
Source File: ShallowEtagHeaderFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void filterSendError() throws Exception {
	final MockHttpServletRequest request = new MockHttpServletRequest("GET", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	final byte[] responseBody = "Hello World".getBytes("UTF-8");
	FilterChain filterChain = (filterRequest, filterResponse) -> {
		assertEquals("Invalid request passed", request, filterRequest);
		response.setContentLength(100);
		FileCopyUtils.copy(responseBody, filterResponse.getOutputStream());
		((HttpServletResponse) filterResponse).sendError(HttpServletResponse.SC_FORBIDDEN);
	};
	filter.doFilter(request, response, filterChain);

	assertEquals("Invalid status", 403, response.getStatus());
	assertNull("Invalid ETag header", response.getHeader("ETag"));
	assertEquals("Invalid Content-Length header", 100, response.getContentLength());
	assertArrayEquals("Invalid content", responseBody, response.getContentAsByteArray());
}
 
Example #13
Source File: ShallowEtagHeaderFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void filterSendRedirect() throws Exception {
	final MockHttpServletRequest request = new MockHttpServletRequest("GET", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	final byte[] responseBody = "Hello World".getBytes("UTF-8");
	FilterChain filterChain = (filterRequest, filterResponse) -> {
		assertEquals("Invalid request passed", request, filterRequest);
		response.setContentLength(100);
		FileCopyUtils.copy(responseBody, filterResponse.getOutputStream());
		((HttpServletResponse) filterResponse).sendRedirect("http://www.google.com");
	};
	filter.doFilter(request, response, filterChain);

	assertEquals("Invalid status", 302, response.getStatus());
	assertNull("Invalid ETag header", response.getHeader("ETag"));
	assertEquals("Invalid Content-Length header", 100, response.getContentLength());
	assertArrayEquals("Invalid content", responseBody, response.getContentAsByteArray());
	assertEquals("Invalid redirect URL", "http://www.google.com", response.getRedirectedUrl());
}
 
Example #14
Source File: JWTFilter.java    From hmdm-server with Apache License 2.0 6 votes vote down vote up
/**
 * <p>Intercepts the specified request. If a valid authentication token is provided by the specified request then
 * set-ups current security context with authenticated principal based on the provided token.</p>
 *
 * @param servletRequest an incoming request.
 * @param servletResponse an outgoing response.
 * @param filterChain a filter chain mapped to specified request.
 * @throws IOException if an I/O error occurs in filter chain.
 * @throws ServletException if an unexpected error occurs in filter chain.
 */
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
    throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    String jwt = resolveToken(httpServletRequest);
    if (jwt != null && !jwt.trim().isEmpty() && this.tokenProvider.validateToken(jwt)) {
        User authUser = this.tokenProvider.getAuthentication(jwt);

        // Set-up the security context
        try {
            SecurityContext.init(authUser);
            filterChain.doFilter(servletRequest, servletResponse);
        } finally {
            SecurityContext.release();
        }
    } else {
        filterChain.doFilter(servletRequest, servletResponse);
    }
    
}
 
Example #15
Source File: ShallowEtagHeaderFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void filterFlushResponse() throws Exception {
	final MockHttpServletRequest request = new MockHttpServletRequest("GET", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	final byte[] responseBody = "Hello World".getBytes("UTF-8");
	FilterChain filterChain = (filterRequest, filterResponse) -> {
		assertEquals("Invalid request passed", request, filterRequest);
		((HttpServletResponse) filterResponse).setStatus(HttpServletResponse.SC_OK);
		FileCopyUtils.copy(responseBody, filterResponse.getOutputStream());
		filterResponse.flushBuffer();
	};
	filter.doFilter(request, response, filterChain);

	assertEquals("Invalid status", 200, response.getStatus());
	assertEquals("Invalid ETag header", "\"0b10a8db164e0754105b7a99be72e3fe5\"", response.getHeader("ETag"));
	assertTrue("Invalid Content-Length header", response.getContentLength() > 0);
	assertArrayEquals("Invalid content", responseBody, response.getContentAsByteArray());
}
 
Example #16
Source File: TokenAuthenticationFilter.java    From XS2A-Sandbox with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    String bearerToken = resolveBearerToken(request);

    if (StringUtils.isBlank(bearerToken)) {
        filterChain.doFilter(request, response);
        return;
    }

    if (authenticationIsRequired()) {
        try {
            authInterceptor.setAccessToken(bearerToken);

            ResponseEntity<BearerTokenTO> validateResponse = ledgersUserMgmt.validate(bearerToken);

            BearerTokenTO token = Optional.ofNullable(validateResponse.getBody())
                                      .orElseThrow(() -> new RestException("Couldn't get bearer token"));

            fillSecurityContext(token);
        } catch (FeignException | RestException e) {
            handleAuthenticationFailure(response, e);
            return;
        }
    }
    filterChain.doFilter(request, response);
}
 
Example #17
Source File: DelegatingFilterProxy.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
		throws ServletException, IOException {

	// Lazily initialize the delegate if necessary.
	Filter delegateToUse = this.delegate;
	if (delegateToUse == null) {
		synchronized (this.delegateMonitor) {
			delegateToUse = this.delegate;
			if (delegateToUse == null) {
				WebApplicationContext wac = findWebApplicationContext();
				if (wac == null) {
					throw new IllegalStateException("No WebApplicationContext found: " +
							"no ContextLoaderListener or DispatcherServlet registered?");
				}
				delegateToUse = initDelegate(wac);
			}
			this.delegate = delegateToUse;
		}
	}

	// Let the delegate perform the actual doFilter operation.
	invokeDelegate(delegateToUse, request, response, filterChain);
}
 
Example #18
Source File: ForwardedHeaderFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
private String sendRedirect(final String location) throws ServletException, IOException {
	Filter filter = new OncePerRequestFilter() {
		@Override
		protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
				FilterChain chain) throws IOException {

			res.sendRedirect(location);
		}
	};

	MockHttpServletResponse response = new MockHttpServletResponse();
	FilterChain filterChain = new MockFilterChain(mock(HttpServlet.class), this.filter, filter);
	filterChain.doFilter(request, response);

	return response.getRedirectedUrl();
}
 
Example #19
Source File: JwtAuthenticationTokenFilter.java    From mall-tiny with Apache License 2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request,
                                HttpServletResponse response,
                                FilterChain chain) throws ServletException, IOException {
    String authHeader = request.getHeader(this.tokenHeader);
    if (authHeader != null && authHeader.startsWith(this.tokenHead)) {
        String authToken = authHeader.substring(this.tokenHead.length());// The part after "Bearer "
        String username = jwtTokenUtil.getUserNameFromToken(authToken);
        LOGGER.info("checking username:{}", username);
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
            if (jwtTokenUtil.validateToken(authToken, userDetails)) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                LOGGER.info("authenticated user:{}", username);
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
    }
    chain.doFilter(request, response);
}
 
Example #20
Source File: CharacterEncodingFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void withBeanInitialization() throws Exception {
	HttpServletRequest request = mock(HttpServletRequest.class);
	given(request.getCharacterEncoding()).willReturn(null);
	given(request.getAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE)).willReturn(null);
	given(request.getAttribute(filteredName(FILTER_NAME))).willReturn(null);

	MockHttpServletResponse response = new MockHttpServletResponse();

	FilterChain filterChain = mock(FilterChain.class);

	CharacterEncodingFilter filter = new CharacterEncodingFilter();
	filter.setEncoding(ENCODING);
	filter.setBeanName(FILTER_NAME);
	filter.setServletContext(new MockServletContext());
	filter.doFilter(request, response, filterChain);

	verify(request).setCharacterEncoding(ENCODING);
	verify(request).setAttribute(filteredName(FILTER_NAME), Boolean.TRUE);
	verify(request).removeAttribute(filteredName(FILTER_NAME));
	verify(filterChain).doFilter(request, response);
}
 
Example #21
Source File: RequestLoggingFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void queryStringIncluded() throws Exception {
	filter.setIncludeQueryString(true);

	MockHttpServletRequest request = new MockHttpServletRequest("POST", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	request.setQueryString("booking=42");

	FilterChain filterChain = new NoOpFilterChain();
	filter.doFilter(request, response, filterChain);

	assertNotNull(filter.beforeRequestMessage);
	assertTrue(filter.beforeRequestMessage.contains("[uri=/hotels?booking=42]"));

	assertNotNull(filter.afterRequestMessage);
	assertTrue(filter.afterRequestMessage.contains("[uri=/hotels?booking=42]"));
}
 
Example #22
Source File: TenantFilter.java    From microservices-platform with Apache License 2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                FilterChain filterChain) throws IOException, ServletException {
    try {
        //优先获取请求参数中的tenantId值
        String tenantId = request.getParameter(CommonConstant.TENANT_ID_PARAM);
        if (StrUtil.isEmpty(tenantId)) {
            tenantId = request.getHeader(SecurityConstants.TENANT_HEADER);
        }
        //保存租户id
        if (StrUtil.isNotEmpty(tenantId)) {
            TenantContextHolder.setTenant(tenantId);
        }

        filterChain.doFilter(request, response);
    } finally {
        TenantContextHolder.clear();
    }
}
 
Example #23
Source File: LoginFilter.java    From sms with MIT License 6 votes vote down vote up
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
		throws IOException, ServletException {

	HttpServletRequest httpServletRequest = (HttpServletRequest) request;
	HttpServletResponse httpServletResponse = (HttpServletResponse) response;

	// �ж��û��Ƿ��Ѿ���¼
	Object user = httpServletRequest.getSession().getAttribute("userInfo");
	if (user == null) {
		// httpServletRequest.getRequestDispatcher("/view/login.jsp").forward(httpServletRequest,httpServletResponse);
		httpServletResponse.sendRedirect("index.jsp");
		return;
	}

	chain.doFilter(request, response);

}
 
Example #24
Source File: CharacterEncodingFilter.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Override
protected void doFilterInternal(
		HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
		throws ServletException, IOException {

	String encoding = getEncoding();
	if (encoding != null) {
		if (isForceRequestEncoding() || request.getCharacterEncoding() == null) {
			request.setCharacterEncoding(encoding);
		}
		if (isForceResponseEncoding()) {
			response.setCharacterEncoding(encoding);
		}
	}
	filterChain.doFilter(request, response);
}
 
Example #25
Source File: DelegatingFilterProxy.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
		throws ServletException, IOException {

	// Lazily initialize the delegate if necessary.
	Filter delegateToUse = this.delegate;
	if (delegateToUse == null) {
		synchronized (this.delegateMonitor) {
			delegateToUse = this.delegate;
			if (delegateToUse == null) {
				WebApplicationContext wac = findWebApplicationContext();
				if (wac == null) {
					throw new IllegalStateException("No WebApplicationContext found: " +
							"no ContextLoaderListener or DispatcherServlet registered?");
				}
				delegateToUse = initDelegate(wac);
			}
			this.delegate = delegateToUse;
		}
	}

	// Let the delegate perform the actual doFilter operation.
	invokeDelegate(delegateToUse, request, response, filterChain);
}
 
Example #26
Source File: CharacterEncodingFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void forceEncodingAlwaysSetsEncoding() throws Exception {
	HttpServletRequest request = mock(HttpServletRequest.class);
	request.setCharacterEncoding(ENCODING);
	given(request.getAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE)).willReturn(null);
	given(request.getAttribute(filteredName(FILTER_NAME))).willReturn(null);

	HttpServletResponse response = mock(HttpServletResponse.class);
	FilterChain filterChain = mock(FilterChain.class);

	CharacterEncodingFilter filter = new CharacterEncodingFilter(ENCODING, true);
	filter.init(new MockFilterConfig(FILTER_NAME));
	filter.doFilter(request, response, filterChain);

	verify(request).setAttribute(filteredName(FILTER_NAME), Boolean.TRUE);
	verify(request).removeAttribute(filteredName(FILTER_NAME));
	verify(response).setCharacterEncoding(ENCODING);
	verify(filterChain).doFilter(request, response);
}
 
Example #27
Source File: RequestLoggingFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void noQueryStringAvailable() throws Exception {
	filter.setIncludeQueryString(true);

	MockHttpServletRequest request = new MockHttpServletRequest("POST", "/hotels");
	MockHttpServletResponse response = new MockHttpServletResponse();

	FilterChain filterChain = new NoOpFilterChain();
	filter.doFilter(request, response, filterChain);

	assertNotNull(filter.beforeRequestMessage);
	assertTrue(filter.beforeRequestMessage.contains("[uri=/hotels]"));

	assertNotNull(filter.afterRequestMessage);
	assertTrue(filter.afterRequestMessage.contains("[uri=/hotels]"));
}
 
Example #28
Source File: TokenFilter.java    From sk-admin with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    String token = resolveToken(httpServletRequest);
    // 对于 Token 为空的不需要去查 Redis
    if (StrUtil.isNotBlank(token)) {
        OnlineUserDTO onlineUserDto = null;
        SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);
        try {
            OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);
            onlineUserDto = onlineUserService.getOne(properties.getOnlineKey() + token);
        } catch (ExpiredJwtException e) {
            log.error(e.getMessage());
        }
        if (onlineUserDto != null && StringUtils.hasText(token)) {
            Authentication authentication = tokenProvider.getAuthentication(token);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            // Token 续期
            tokenProvider.checkRenewal(token);
        }
    }
    filterChain.doFilter(servletRequest, servletResponse);
}
 
Example #29
Source File: UserFilter.java    From WeEvent with Apache License 2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    String url = request.getRequestURI();
    if (!urlSet.contains(url)) {
        String token = request.getHeader(JwtUtils.AUTHORIZATION_HEADER_PREFIX);
        String privateSecret = GovernanceApplication.governanceConfig.getPrivateSecret();
        if (!StringUtils.isBlank(token) && JwtUtils.verifierToken(token, privateSecret)) {
            AccountEntity accountEntity = JwtUtils.decodeToken(token, privateSecret);
            if (accountEntity != null) {
                log.info("get token from HTTP header, {} : {}", JwtUtils.AUTHORIZATION_HEADER_PREFIX, token);
                UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(accountEntity.getUsername(), null, null);
                auth.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(auth);
            }
        }
        filterChain.doFilter(request, response);
    } else {
        String newPath = url.replace("/weevent-governance", "");
        RequestDispatcher requestDispatcher = request.getRequestDispatcher(newPath);
        requestDispatcher.forward(request, response);

    }

}
 
Example #30
Source File: HiddenHttpMethodFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
private void filterWithParameterForMethod(String methodParam, String expectedMethod)
		throws IOException, ServletException {
	MockHttpServletRequest request = new MockHttpServletRequest("POST", "/hotels");
	if(methodParam != null) {
		request.addParameter("_method", methodParam);
	}
	MockHttpServletResponse response = new MockHttpServletResponse();

	FilterChain filterChain = new FilterChain() {

		@Override
		public void doFilter(ServletRequest filterRequest,
				ServletResponse filterResponse) throws IOException, ServletException {
			assertEquals("Invalid method", expectedMethod,
					((HttpServletRequest) filterRequest).getMethod());
		}
	};
	this.filter.doFilter(request, response, filterChain);
}