Example 1 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project hadoop by apache.
the class AuthenticationWithProxyUserFilter method doFilter.
/**
* This method provide the ability to do pre/post tasks
* in filter chain. Override this method to authorize
* proxy user between AuthenticationFilter and next filter.
* @param filterChain the filter chain object.
* @param request the request object.
* @param response the response object.
*
* @throws IOException
* @throws ServletException
*/
@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final String proxyUser = getDoAs(request);
if (proxyUser != null) {
// Change the remote user after proxy user is authorized.
final HttpServletRequest finalReq = request;
request = new HttpServletRequestWrapper(finalReq) {
private String getRemoteOrProxyUser() throws AuthorizationException {
UserGroupInformation realUser = UserGroupInformation.createRemoteUser(finalReq.getRemoteUser());
UserGroupInformation proxyUserInfo = UserGroupInformation.createProxyUser(proxyUser, realUser);
ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr());
return proxyUserInfo.getUserName();
}
@Override
public String getRemoteUser() {
try {
return getRemoteOrProxyUser();
} catch (AuthorizationException ex) {
LOG.error("Unable to verify proxy user: " + ex.getMessage(), ex);
}
return null;
}
};
}
filterChain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
Example 2 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project hadoop by apache.
the class DefaultWrapperServlet method doGet.
@Private
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
RequestDispatcher rd = getServletContext().getNamedDispatcher("default");
HttpServletRequest wrapped = new HttpServletRequestWrapper(req) {
public String getServletPath() {
return "";
}
};
rd.forward(wrapped, resp);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
RequestDispatcher(javax.servlet.RequestDispatcher)
Private(org.apache.hadoop.classification.InterfaceAudience.Private)
Example 3 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project hadoop by apache.
the class RMAuthenticationFilter method doFilter.
/**
* {@inheritDoc}
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
String newHeader = req.getHeader(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER);
if (newHeader == null || newHeader.isEmpty()) {
// For backward compatibility, allow use of the old header field
// only when the new header doesn't exist
final String oldHeader = req.getHeader(OLD_HEADER);
if (oldHeader != null && !oldHeader.isEmpty()) {
request = new HttpServletRequestWrapper(req) {
@Override
public String getHeader(String name) {
if (name.equals(DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER)) {
return oldHeader;
}
return super.getHeader(name);
}
};
}
}
super.doFilter(request, response, filterChain);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
Example 4 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project hbase by apache.
the class TestStaticUserWebFilter method testFilter.
@Test
public void testFilter() throws Exception {
FilterConfig config = mockConfig("myuser");
StaticUserFilter suf = new StaticUserFilter();
suf.init(config);
ArgumentCaptor<HttpServletRequestWrapper> wrapperArg = ArgumentCaptor.forClass(HttpServletRequestWrapper.class);
FilterChain chain = mock(FilterChain.class);
suf.doFilter(mock(HttpServletRequest.class), mock(ServletResponse.class), chain);
Mockito.verify(chain).doFilter(wrapperArg.capture(), Mockito.<ServletResponse>anyObject());
HttpServletRequestWrapper wrapper = wrapperArg.getValue();
assertEquals("myuser", wrapper.getUserPrincipal().getName());
assertEquals("myuser", wrapper.getRemoteUser());
suf.destroy();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletResponse(javax.servlet.ServletResponse)
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
FilterChain(javax.servlet.FilterChain)
StaticUserFilter(org.apache.hadoop.hbase.http.lib.StaticUserWebFilter.StaticUserFilter)
FilterConfig(javax.servlet.FilterConfig)
Test(org.junit.Test)
Example 5 with HttpServletRequestWrapper
use of javax.servlet.http.HttpServletRequestWrapper in project jetty.project by eclipse.
the class DispatchServlet method doGet.
/* ------------------------------------------------------------ */
@Override
public void doGet(HttpServletRequest sreq, HttpServletResponse sres) throws ServletException, IOException {
if (sreq.getParameter("wrap") != null) {
sreq = new HttpServletRequestWrapper(sreq);
sres = new HttpServletResponseWrapper(sres);
}
if (sreq.getParameter("session") != null)
sreq.getSession(true);
String prefix = sreq.getContextPath() != null ? sreq.getContextPath() + sreq.getServletPath() : sreq.getServletPath();
String info;
if (sreq.getAttribute(RequestDispatcher.INCLUDE_SERVLET_PATH) != null)
info = (String) sreq.getAttribute(RequestDispatcher.INCLUDE_PATH_INFO);
else
info = sreq.getPathInfo();
if (info == null)
info = "NULL";
if (info.indexOf(sreq.getServletPath()) > 0) {
sres.sendError(403, "Nested " + sreq.getServletPath() + " forbidden.");
return;
}
if (info.indexOf(getServletName()) > 0) {
sres.sendError(403, "Nested " + getServletName() + " forbidden.");
return;
}
if (info.startsWith("/includeW/")) {
sres.setContentType("text/html");
info = info.substring(9);
if (info.indexOf('?') < 0)
info += "?Dispatch=include";
else
info += "&Dispatch=include";
PrintWriter pout = null;
pout = sres.getWriter();
pout.write("<H1>Include (writer): " + info + "</H1><HR>");
RequestDispatcher dispatch = getServletContext().getRequestDispatcher(info);
if (dispatch == null) {
pout = sres.getWriter();
pout.write("<H1>Null dispatcher</H1>");
} else
dispatch.include(sreq, sres);
pout.write("<HR><H1>-- Included (writer)</H1>");
} else if (info.startsWith("/includeS/")) {
sres.setContentType("text/html");
info = info.substring(9);
if (info.indexOf('?') < 0)
info += "?Dispatch=include";
else
info += "&Dispatch=include";
OutputStream out = null;
out = sres.getOutputStream();
out.write(("<H1>Include (outputstream): " + info + "</H1><HR>").getBytes());
RequestDispatcher dispatch = getServletContext().getRequestDispatcher(info);
if (dispatch == null) {
out = sres.getOutputStream();
out.write("<H1>Null dispatcher</H1>".getBytes());
} else
dispatch.include(sreq, sres);
out.write("<HR><H1>-- Included (outputstream)</H1>".getBytes());
} else if (info.startsWith("/forward/")) {
info = info.substring(8);
if (info.indexOf('?') < 0)
info += "?Dispatch=forward";
else
info += "&Dispatch=forward";
RequestDispatcher dispatch = getServletContext().getRequestDispatcher(info);
if (dispatch != null) {
ServletOutputStream out = sres.getOutputStream();
out.print("Can't see this");
dispatch.forward(sreq, sres);
try {
// should be closed
out.println("IOException");
// should not get here
throw new IllegalStateException();
} catch (IOException e) {
// getServletContext().log("ignore",e);
}
} else {
sres.setContentType("text/html");
PrintWriter pout = sres.getWriter();
pout.write("<H1>No dispatcher for: " + info + "</H1><HR>");
pout.flush();
}
} else if (info.startsWith("/forwardC/")) {
info = info.substring(9);
if (info.indexOf('?') < 0)
info += "?Dispatch=forward";
else
info += "&Dispatch=forward";
String cpath = info.substring(0, info.indexOf('/', 1));
info = info.substring(cpath.length());
ServletContext context = getServletContext().getContext(cpath);
RequestDispatcher dispatch = context.getRequestDispatcher(info);
if (dispatch != null) {
dispatch.forward(sreq, sres);
} else {
sres.setContentType("text/html");
PrintWriter pout = sres.getWriter();
pout.write("<H1>No dispatcher for: " + cpath + "/" + info + "</H1><HR>");
pout.flush();
}
} else if (info.startsWith("/includeN/")) {
sres.setContentType("text/html");
info = info.substring(10);
if (info.indexOf("/") >= 0)
info = info.substring(0, info.indexOf("/"));
PrintWriter pout;
if (info.startsWith("/null"))
info = info.substring(5);
else {
pout = sres.getWriter();
pout.write("<H1>Include named: " + info + "</H1><HR>");
}
RequestDispatcher dispatch = getServletContext().getNamedDispatcher(info);
if (dispatch != null)
dispatch.include(sreq, sres);
else {
pout = sres.getWriter();
pout.write("<H1>No servlet named: " + info + "</H1>");
}
pout = sres.getWriter();
pout.write("<HR><H1>Included ");
} else if (info.startsWith("/forwardN/")) {
info = info.substring(10);
if (info.indexOf("/") >= 0)
info = info.substring(0, info.indexOf("/"));
RequestDispatcher dispatch = getServletContext().getNamedDispatcher(info);
if (dispatch != null)
dispatch.forward(sreq, sres);
else {
sres.setContentType("text/html");
PrintWriter pout = sres.getWriter();
pout.write("<H1>No servlet named: " + info + "</H1>");
pout.flush();
}
} else {
sres.setContentType("text/html");
PrintWriter pout = sres.getWriter();
pout.write("<H1>Dispatch URL must be of the form: </H1>" + "<PRE>" + prefix + "/includeW/path\n" + prefix + "/includeS/path\n" + prefix + "/forward/path\n" + prefix + "/includeN/name\n" + prefix + "/forwardC/_context/path\n</PRE>");
}
}
Also used :
HttpServletRequestWrapper(javax.servlet.http.HttpServletRequestWrapper)
ServletOutputStream(javax.servlet.ServletOutputStream)
OutputStream(java.io.OutputStream)
ServletOutputStream(javax.servlet.ServletOutputStream)
HttpServletResponseWrapper(javax.servlet.http.HttpServletResponseWrapper)
ServletContext(javax.servlet.ServletContext)
IOException(java.io.IOException)
RequestDispatcher(javax.servlet.RequestDispatcher)
PrintWriter(java.io.PrintWriter)
Aggregations
HttpServletRequestWrapper (javax.servlet.http.HttpServletRequestWrapper)51
HttpServletRequest (javax.servlet.http.HttpServletRequest)40
HttpServletResponse (javax.servlet.http.HttpServletResponse)17
ServletRequest (javax.servlet.ServletRequest)12
ServletResponse (javax.servlet.ServletResponse)10
IOException (java.io.IOException)9
FilterChain (javax.servlet.FilterChain)9
Test (org.junit.Test)9
ServletException (javax.servlet.ServletException)8
HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)8
Principal (java.security.Principal)6
FilterConfig (javax.servlet.FilterConfig)6
ArrayList (java.util.ArrayList)5
Filter (javax.servlet.Filter)5
Provider (com.google.inject.Provider)4
ServletTestUtils.newFakeHttpServletRequest (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)4
ServletTestUtils.newFakeHttpServletResponse (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletResponse)4
OutputStream (java.io.OutputStream)4
Cookie (javax.servlet.http.Cookie)4
Injector (com.google.inject.Injector)2
