Example 16 with HttpServletResponse
use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class FilterChainProxy method doFilterInternal.
private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest) request);
HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse) response);
List<Filter> filters = getFilters(firewallRequest);
if (filters == null || filters.size() == 0) {
if (logger.isTraceEnabled()) {
logger.trace(LogMessage.of(() -> "No security for " + requestLine(firewallRequest)));
}
firewallRequest.reset();
chain.doFilter(firewallRequest, firewallResponse);
return;
}
if (logger.isDebugEnabled()) {
logger.debug(LogMessage.of(() -> "Securing " + requestLine(firewallRequest)));
}
VirtualFilterChain virtualFilterChain = new VirtualFilterChain(firewallRequest, chain, filters);
virtualFilterChain.doFilter(firewallRequest, firewallResponse);
}
Also used :
Filter(jakarta.servlet.Filter)
FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Example 17 with HttpServletResponse
use of jakarta.servlet.http.HttpServletResponse in project tomcat by apache.
the class ApplicationFilterChain method internalDoFilter.
private void internalDoFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
// Call the next filter if there is one
if (pos < n) {
ApplicationFilterConfig filterConfig = filters[pos++];
try {
Filter filter = filterConfig.getFilter();
if (request.isAsyncSupported() && "false".equalsIgnoreCase(filterConfig.getFilterDef().getAsyncSupported())) {
request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
}
if (Globals.IS_SECURITY_ENABLED) {
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal = ((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[] { req, res, this };
SecurityUtil.doAsPrivilege("doFilter", filter, classType, args, principal);
} else {
filter.doFilter(request, response, this);
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
} catch (Throwable e) {
e = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(e);
throw new ServletException(sm.getString("filterChain.filter"), e);
}
return;
}
// We fell off the end of the chain -- call the servlet instance
try {
if (dispatcherWrapsSameObject) {
lastServicedRequest.set(request);
lastServicedResponse.set(response);
}
if (request.isAsyncSupported() && !servletSupportsAsync) {
request.setAttribute(Globals.ASYNC_SUPPORTED_ATTR, Boolean.FALSE);
}
// Use potentially wrapped request from this point
if ((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse) && Globals.IS_SECURITY_ENABLED) {
final ServletRequest req = request;
final ServletResponse res = response;
Principal principal = ((HttpServletRequest) req).getUserPrincipal();
Object[] args = new Object[] { req, res };
SecurityUtil.doAsPrivilege("service", servlet, classTypeUsedInService, args, principal);
} else {
servlet.service(request, response);
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
} catch (Throwable e) {
e = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(e);
throw new ServletException(sm.getString("filterChain.servlet"), e);
} finally {
if (dispatcherWrapsSameObject) {
lastServicedRequest.set(null);
lastServicedResponse.set(null);
}
}
}
Also used :
ServletRequest(jakarta.servlet.ServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ServletResponse(jakarta.servlet.ServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ServletException(jakarta.servlet.ServletException)
Filter(jakarta.servlet.Filter)
Principal(java.security.Principal)
Example 18 with HttpServletResponse
use of jakarta.servlet.http.HttpServletResponse in project tomcat by apache.
the class ApplicationDispatcher method invoke.
// -------------------------------------------------------- Private Methods
/**
* Ask the resource represented by this RequestDispatcher to process
* the associated request, and create (or append to) the associated
* response.
* <p>
* <strong>IMPLEMENTATION NOTE</strong>: This implementation assumes
* that no filters are applied to a forwarded or included resource,
* because they were already done for the original request.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
*
* @exception IOException if an input/output error occurs
* @exception ServletException if a servlet error occurs
*/
private void invoke(ServletRequest request, ServletResponse response, State state) throws IOException, ServletException {
// Checking to see if the context classloader is the current context
// classloader. If it's not, we're saving it, and setting the context
// classloader to the Context classloader
ClassLoader oldCCL = context.bind(false, null);
// Initialize local variables we may need
HttpServletResponse hresponse = state.hresponse;
Servlet servlet = null;
IOException ioException = null;
ServletException servletException = null;
RuntimeException runtimeException = null;
boolean unavailable = false;
// Check for the servlet being marked unavailable
if (wrapper.isUnavailable()) {
wrapper.getLogger().warn(sm.getString("applicationDispatcher.isUnavailable", wrapper.getName()));
long available = wrapper.getAvailable();
if ((available > 0L) && (available < Long.MAX_VALUE)) {
hresponse.setDateHeader("Retry-After", available);
}
hresponse.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, sm.getString("applicationDispatcher.isUnavailable", wrapper.getName()));
unavailable = true;
}
// Allocate a servlet instance to process this request
try {
if (!unavailable) {
servlet = wrapper.allocate();
}
} catch (ServletException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), StandardWrapper.getRootCause(e));
servletException = e;
} catch (Throwable e) {
ExceptionUtils.handleThrowable(e);
wrapper.getLogger().error(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), e);
servletException = new ServletException(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), e);
servlet = null;
}
// Get the FilterChain Here
ApplicationFilterChain filterChain = ApplicationFilterFactory.createFilterChain(request, wrapper, servlet);
// Call the service() method for the allocated servlet instance
try {
// for includes/forwards
if ((servlet != null) && (filterChain != null)) {
filterChain.doFilter(request, response);
}
// Servlet Service Method is called by the FilterChain
} catch (ClientAbortException e) {
ioException = e;
} catch (IOException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
ioException = e;
} catch (UnavailableException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
servletException = e;
wrapper.unavailable(e);
} catch (ServletException e) {
Throwable rootCause = StandardWrapper.getRootCause(e);
if (!(rootCause instanceof ClientAbortException)) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), rootCause);
}
servletException = e;
} catch (RuntimeException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
runtimeException = e;
}
// Release the filter chain (if any) for this request
if (filterChain != null) {
filterChain.release();
}
// Deallocate the allocated servlet instance
try {
if (servlet != null) {
wrapper.deallocate(servlet);
}
} catch (ServletException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
servletException = e;
} catch (Throwable e) {
ExceptionUtils.handleThrowable(e);
wrapper.getLogger().error(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
servletException = new ServletException(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
}
// Reset the old context class loader
context.unbind(false, oldCCL);
// Unwrap request/response if needed
// See Bugzilla 30949
unwrapRequest(state);
unwrapResponse(state);
// Recycle request if necessary (also BZ 30949)
recycleRequestWrapper(state);
// Rethrow an exception if one was thrown by the invoked servlet
if (ioException != null) {
throw ioException;
}
if (servletException != null) {
throw servletException;
}
if (runtimeException != null) {
throw runtimeException;
}
}
Also used :
ServletException(jakarta.servlet.ServletException)
UnavailableException(jakarta.servlet.UnavailableException)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Servlet(jakarta.servlet.Servlet)
ClientAbortException(org.apache.catalina.connector.ClientAbortException)
IOException(java.io.IOException)
Example 19 with HttpServletResponse
use of jakarta.servlet.http.HttpServletResponse in project tomcat by apache.
the class WsFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// This filter only needs to handle WebSocket upgrade requests
if (!sc.areEndpointsRegistered() || !UpgradeUtil.isWebSocketUpgradeRequest(request, response)) {
chain.doFilter(request, response);
return;
}
// HTTP request with an upgrade header for WebSocket present
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// Check to see if this WebSocket implementation has a matching mapping
String path;
String pathInfo = req.getPathInfo();
if (pathInfo == null) {
path = req.getServletPath();
} else {
path = req.getServletPath() + pathInfo;
}
WsMappingResult mappingResult = sc.findMapping(path);
if (mappingResult == null) {
// No endpoint registered for the requested path. Let the
// application handle it (it might redirect or forward for example)
chain.doFilter(request, response);
return;
}
UpgradeUtil.doUpgrade(sc, req, resp, mappingResult.getConfig(), mappingResult.getPathParams());
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Example 20 with HttpServletResponse
use of jakarta.servlet.http.HttpServletResponse in project tomcat by apache.
the class ExpiresFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (response.isCommitted()) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("expiresFilter.responseAlreadyCommitted", httpRequest.getRequestURL()));
}
chain.doFilter(request, response);
} else {
XHttpServletResponse xResponse = new XHttpServletResponse(httpRequest, httpResponse);
chain.doFilter(request, xResponse);
if (!xResponse.isWriteResponseBodyStarted()) {
// Empty response, manually trigger
// onBeforeWriteResponseBody()
onBeforeWriteResponseBody(httpRequest, xResponse);
}
}
} else {
chain.doFilter(request, response);
}
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Aggregations
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)118
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)76
Test (org.junit.jupiter.api.Test)47
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)34
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)31
FilterChain (jakarta.servlet.FilterChain)22
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)18
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)16
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)15
ServletException (jakarta.servlet.ServletException)14
StandardCharsets (java.nio.charset.StandardCharsets)14
HttpServlet (jakarta.servlet.http.HttpServlet)13
IOException (java.io.IOException)12
HashMap (java.util.HashMap)12
TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)10
Test (org.junit.Test)10
Authentication (org.springframework.security.core.Authentication)10
FileCopyUtils (org.springframework.util.FileCopyUtils)9
BeforeEach (org.junit.jupiter.api.BeforeEach)8
Collections (java.util.Collections)7
