Examples with ServletRequestContext io.undertow.servlet.handlers.ServletRequestContext used on opensource projects

Example 6 with ServletRequestContext

use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.

the class JbossAuthorizationManager method canAccessResource.

@Override
public boolean canAccessResource(List<SingleConstraintMatch> mappedConstraints, Account account, ServletInfo servletInfo, HttpServletRequest request, Deployment deployment) {
    ServletRequestContext src = ServletRequestContext.current();
    boolean baseDecision = delegate.canAccessResource(mappedConstraints, account, servletInfo, request, deployment);
    boolean authzDecision = false;
    // if the RealmBase check has passed, then we can go to authz framework
    if (baseDecision) {
        SecurityContext sc = SecurityActions.getSecurityContext();
        Subject caller = sc.getUtil().getSubject();
        //if (caller == null) {
        //    caller = getSubjectFromRequestPrincipal(request.getPrincipal());
        //}
        Map<String, Object> contextMap = new HashMap<String, Object>();
        contextMap.put(ResourceKeys.RESOURCE_PERM_CHECK, Boolean.TRUE);
        //TODO? What should this be?
        contextMap.put("securityConstraints", mappedConstraints);
        AbstractWebAuthorizationHelper helper = null;
        try {
            helper = SecurityHelperFactory.getWebAuthorizationHelper(sc);
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.noAuthorizationHelper(e);
            return false;
        }
        ArrayList<String> roles = new ArrayList<String>();
        if (account != null) {
            roles.addAll(account.getRoles());
        }
        authzDecision = helper.checkResourcePermission(contextMap, request, src.getServletResponse(), caller, PolicyContext.getContextID(), requestURI(src.getExchange()), roles);
    }
    boolean finalDecision = baseDecision && authzDecision && hasUserDataPermission(request, src.getOriginalResponse(), account, mappedConstraints);
    UndertowLogger.ROOT_LOGGER.tracef("hasResourcePermission:RealmBase says: %s ::Authz framework says: %s :final= %s", baseDecision, authzDecision, finalDecision);
    return finalDecision;
}

Example 7 with ServletRequestContext

use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.

the class SavedRequest method trySaveRequest.

public static void trySaveRequest(final HttpServerExchange exchange) {
    int maxSize = exchange.getConnection().getUndertowOptions().get(UndertowOptions.MAX_BUFFERED_REQUEST_SIZE, 16384);
    if (maxSize > 0) {
        //if this request has a body try and cache the response
        if (!exchange.isRequestComplete()) {
            final long requestContentLength = exchange.getRequestContentLength();
            if (requestContentLength > maxSize) {
                UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
                //failed to save the request, we just return
                return;
            }
            //TODO: we should really be used pooled buffers
            //TODO: we should probably limit the number of saved requests at any given time
            byte[] buffer = new byte[maxSize];
            int read = 0;
            int res = 0;
            InputStream in = exchange.getInputStream();
            try {
                while ((res = in.read(buffer, read, buffer.length - read)) > 0) {
                    read += res;
                    if (read == maxSize) {
                        UndertowLogger.REQUEST_LOGGER.debugf("Request to %s was to large to save", exchange.getRequestURI());
                        //failed to save the request, we just return
                        return;
                    }
                }
                HeaderMap headers = new HeaderMap();
                for (HeaderValues entry : exchange.getRequestHeaders()) {
                    if (entry.getHeaderName().equals(Headers.CONTENT_LENGTH) || entry.getHeaderName().equals(Headers.TRANSFER_ENCODING) || entry.getHeaderName().equals(Headers.CONNECTION)) {
                        continue;
                    }
                    headers.putAll(entry.getHeaderName(), entry);
                }
                SavedRequest request = new SavedRequest(buffer, read, exchange.getRequestMethod(), exchange.getRelativePath(), exchange.getRequestHeaders());
                final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
                HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true);
                Session underlyingSession;
                if (System.getSecurityManager() == null) {
                    underlyingSession = session.getSession();
                } else {
                    underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
                }
                underlyingSession.setAttribute(SESSION_KEY, request);
            } catch (IOException e) {
                UndertowLogger.REQUEST_IO_LOGGER.ioException(e);
            }
        }
    }
}

Example 8 with ServletRequestContext

use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.

the class HttpServletResponseImpl method sendError.

@Override
public void sendError(final int sc, final String msg) throws IOException {
    if (insideInclude) {
        //not 100% sure this is the correct action
        return;
    }
    ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    if (responseStarted()) {
        if (src.getErrorCode() > 0) {
            //error already set
            return;
        }
        throw UndertowServletMessages.MESSAGES.responseAlreadyCommited();
    }
    if (servletContext.getDeployment().getDeploymentInfo().isSendCustomReasonPhraseOnError()) {
        exchange.setReasonPhrase(msg);
    }
    writer = null;
    responseState = ResponseState.NONE;
    exchange.setStatusCode(sc);
    if (src.isRunningInsideHandler()) {
        //all we do is set the error on the context, we handle it when the request is returned
        treatAsCommitted = true;
        src.setError(sc, msg);
    } else {
        //if the src is null there is no outer handler, as we are in an asnc request
        doErrorDispatch(sc, msg);
    }
}

Example 9 with ServletRequestContext

use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.

the class HttpSessionImpl method forSession.

public static HttpSessionImpl forSession(final Session session, final ServletContext servletContext, final boolean newSession) {
    // forSession is called by privileged actions only so no need to do it again
    ServletRequestContext current = ServletRequestContext.current();
    if (current == null) {
        return new HttpSessionImpl(session, servletContext, newSession, null);
    } else {
        HttpSessionImpl httpSession = current.getSession();
        if (httpSession == null) {
            httpSession = new HttpSessionImpl(session, servletContext, newSession, current);
            current.setSession(httpSession);
        } else {
            if (httpSession.session != session) {
                //in some rare cases it may be that there are two different service contexts involved in the one request
                //in this case we just return a new session rather than using the thread local version
                httpSession = new HttpSessionImpl(session, servletContext, newSession, current);
            }
        }
        return httpSession;
    }
}

Example 10 with ServletRequestContext

use of io.undertow.servlet.handlers.ServletRequestContext in project undertow by undertow-io.

the class RequestDispatcherImpl method setupIncludeImpl.

private void setupIncludeImpl(final ServletRequest request, final ServletResponse response) throws ServletException, IOException {
    final ServletRequestContext servletRequestContext = SecurityActions.currentServletRequestContext();
    if (servletRequestContext == null) {
        UndertowLogger.REQUEST_LOGGER.debugf("No servlet request context for %s, dispatching mock request", request);
        mock(request, response);
        return;
    }
    final HttpServletRequestImpl requestImpl = servletRequestContext.getOriginalRequest();
    final HttpServletResponseImpl responseImpl = servletRequestContext.getOriginalResponse();
    ServletContextImpl oldServletContext = null;
    HttpSessionImpl oldSession = null;
    if (servletRequestContext.getCurrentServletContext() != this.servletContext) {
        //cross context request, we need to run the thread setup actions
        oldServletContext = servletRequestContext.getCurrentServletContext();
        oldSession = servletRequestContext.getSession();
        servletRequestContext.setSession(null);
        servletRequestContext.setCurrentServletContext(this.servletContext);
        try {
            servletRequestContext.getCurrentServletContext().invokeAction(servletRequestContext.getExchange(), new ThreadSetupHandler.Action<Void, Object>() {

                @Override
                public Void call(HttpServerExchange exchange, Object context) throws Exception {
                    includeImpl(request, response, servletRequestContext, requestImpl, responseImpl);
                    return null;
                }
            });
        } finally {
            servletRequestContext.setSession(oldSession);
            servletRequestContext.setCurrentServletContext(oldServletContext);
        }
    } else {
        includeImpl(request, response, servletRequestContext, requestImpl, responseImpl);
    }
}