Java Code Examples for io.undertow.util.HeaderMap#contains()

The following examples show how to use io.undertow.util.HeaderMap#contains() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CorsHttpHandler.java    From light-4j with Apache License 2.0 6 votes vote down vote up 
private void setCorsResponseHeaders(HttpServerExchange exchange) throws Exception {
    HeaderMap headers = exchange.getRequestHeaders();
    if (headers.contains(Headers.ORIGIN)) {
        if(matchOrigin(exchange, allowedOrigins) != null) {
            exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_ORIGIN, headers.get(Headers.ORIGIN));
            exchange.getResponseHeaders().add(Headers.VARY, Headers.ORIGIN_STRING);
        }
    }
    exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_METHODS, allowedMethods);
    HeaderValues requestedHeaders = headers.get(ACCESS_CONTROL_REQUEST_HEADERS);
    if (requestedHeaders != null && !requestedHeaders.isEmpty()) {
        exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_HEADERS, requestedHeaders);
    } else {
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.CONTENT_TYPE_STRING);
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.WWW_AUTHENTICATE_STRING);
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.AUTHORIZATION_STRING);
    }
    exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    exchange.getResponseHeaders().add(ACCESS_CONTROL_MAX_AGE, ONE_HOUR_IN_SECONDS);
}
Example 2
Source File: RequestTimeLogger.java    From hawkular-metrics with Apache License 2.0 6 votes vote down vote up 
@Override
public void exchangeEvent(HttpServerExchange exchange, NextListener nextListener) {
    try {
        long end = System.currentTimeMillis();
        long duration = end - start;
        if (duration > this.timeThreshold) {
            String method = exchange.getRequestMethod().toString();
            String query = exchange.getQueryString();
            String request_url = exchange.getRequestURI() + (query.isEmpty() ? "" : ("?" + query));
            HeaderMap headers = exchange.getRequestHeaders();
            if (headers.contains(tenantHeader)) {
                String tenantId = headers.get(tenantHeader, 0);
                log.warnf("Request %s %s took: %d ms, exceeds %d ms threshold, tenant-id: %s",
                        method, request_url, duration, timeThreshold, tenantId);
            } else {
                log.warnf("Request %s %s took: %d ms, exceeds %d ms threshold, no tenant",
                        method, request_url, duration, timeThreshold);
            }

        }
    } finally {
        if (nextListener != null) {
            nextListener.proceed();
        }
    }
}
Example 3
Source File: CorsHttpHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 6 votes vote down vote up 
private void setCorsResponseHeaders(HttpServerExchange exchange) throws Exception {
    HeaderMap headers = exchange.getRequestHeaders();
    if (headers.contains(Headers.ORIGIN)) {
        if(matchOrigin(exchange, allowedOrigins) != null) {
            exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_ORIGIN, headers.get(Headers.ORIGIN));
            exchange.getResponseHeaders().add(Headers.VARY, Headers.ORIGIN_STRING);
        }
    }
    HeaderValues requestedMethods = headers.get(ACCESS_CONTROL_REQUEST_METHOD);
    if (requestedMethods != null && !requestedMethods.isEmpty()) {
        exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_METHODS, requestedMethods);
    } else {
        exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_METHODS, Arrays.asList(new String[]{Methods.GET_STRING, Methods.POST_STRING}));
    }
    HeaderValues requestedHeaders = headers.get(ACCESS_CONTROL_REQUEST_HEADERS);
    if (requestedHeaders != null && !requestedHeaders.isEmpty()) {
        exchange.getResponseHeaders().addAll(ACCESS_CONTROL_ALLOW_HEADERS, requestedHeaders);
    } else {
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.CONTENT_TYPE_STRING);
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.WWW_AUTHENTICATE_STRING);
        exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_HEADERS, Headers.AUTHORIZATION_STRING);
    }
    exchange.getResponseHeaders().add(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    exchange.getResponseHeaders().add(ACCESS_CONTROL_MAX_AGE, ONE_HOUR_IN_SECONDS);
}
Example 4
Source File: Http2ReceiveListener.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
/**
 * Performs HTTP2 specification compliance check for headers and pseudo-headers of a current request.
 *
 * @param headers map of the request headers
 * @return true if check was successful, false otherwise
 */
private boolean checkRequestHeaders(HeaderMap headers) {
    // :method pseudo-header must be present always exactly one time;
    // HTTP2 request MUST NOT contain 'connection' header
    if (headers.count(METHOD) != 1 || headers.contains(Headers.CONNECTION)) {
        return false;
    }

    // if CONNECT type is used, then we expect :method and :authority to be present only;
    // :scheme and :path must not be present
    if (headers.get(METHOD).contains(Methods.CONNECT_STRING)) {
        if (headers.contains(SCHEME) || headers.contains(PATH) || headers.count(AUTHORITY) != 1) {
            return false;
        }
    // For other HTTP methods we expect that :scheme, :method, and :path pseudo-headers are
    // present exactly one time.
    } else if (headers.count(SCHEME) != 1 || headers.count(PATH) != 1) {
        return false;
    }

    // HTTP2 request MAY contain TE header but if so, then only with 'trailers' value.
    if (headers.contains(Headers.TE)) {
        for (String value : headers.get(Headers.TE)) {
            if (!value.equals("trailers")) {
                return false;
            }
        }
    }

    return true;
}
Example 5
Source File: ProxyHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up 
static void copyHeaders(final HeaderMap to, final HeaderMap from) {
    long f = from.fastIterateNonEmpty();
    HeaderValues values;
    while (f != -1L) {
        values = from.fiCurrent(f);
        if(!to.contains(values.getHeaderName())) {
            //don't over write existing headers, normally the map will be empty, if it is not we assume it is not for a reason
            to.putAll(values.getHeaderName(), values);
        }
        f = from.fiNextNonEmpty(f);
    }
}
Example 6
Source File: DomainApiCheckHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up 
private boolean commonChecks(HttpServerExchange exchange) throws Exception {
    // AS7-2284 If we are starting or stopping the web console won't be available, tell caller the service is unavailable and to try again
    // later. If "stopping" it's either a reload, in which case trying again will eventually succeed,
    // or it's a true process stop eventually the server will have stopped.
    if (!consoleAvailability.isAvailable()) {
        exchange.getResponseHeaders().add(Headers.RETRY_AFTER, "2"); //  2 secs is just a guesstimate
        Common.SERVICE_UNAVAIABLE.handleRequest(exchange);
        return false;
    }

    /*
     * Completely disallow OPTIONS - if the browser suspects this is a cross site request just reject it.
     */
    final HttpString requestMethod = exchange.getRequestMethod();
    if (!Methods.POST.equals(requestMethod) && !Methods.GET.equals(requestMethod)) {
        if (Methods.OPTIONS.equals(requestMethod)) {
            ROOT_LOGGER.debug("Request rejected due to 'OPTIONS' method which is not supported.");
        } else {
            ROOT_LOGGER.debug("Request rejected as method not one of (GET,POST).");
        }
        Common.METHOD_NOT_ALLOWED_HANDLER.handleRequest(exchange);
        return false;
    }

    /*
     *  Origin check, if it is set the Origin header should match the Host otherwise reject the request.
     *
     *  This check is for cross site scripted GET and POST requests.
     */
    final HeaderMap headers = exchange.getRequestHeaders();
    if (headers.contains(Headers.ORIGIN)) {
       return matchOrigin(exchange, allowedOrigins) != null;
    }
    return true;
}
Example 7
Source File: CorsHandler.java    From pivotal-bank-demo with Apache License 2.0 4 votes vote down vote up 
private static boolean isPreflightRequest(HttpServerExchange exchange) {
  HeaderMap headers = exchange.getRequestHeaders();
  return exchange.getRequestMethod().equals(OPTIONS) &&
    headers.contains(ORIGIN) && headers.contains(ACCESS_CONTROL_REQUEST_METHOD);
}
Example 8
Source File: CorsUtil.java    From light-4j with Apache License 2.0 4 votes vote down vote up 
public static boolean isCoreRequest(HeaderMap headers) {
    return headers.contains(ORIGIN)
            || headers.contains(ACCESS_CONTROL_REQUEST_HEADERS)
            || headers.contains(ACCESS_CONTROL_REQUEST_METHOD);
}
Example 9
Source File: CorsUtil.java    From wildfly-core with GNU Lesser General Public License v2.1 4 votes vote down vote up 
public static boolean isCoreRequest(HeaderMap headers) {
    return headers.contains(ORIGIN)
            || headers.contains(ACCESS_CONTROL_REQUEST_HEADERS)
            || headers.contains(ACCESS_CONTROL_REQUEST_METHOD);
}