Search in sources :

Example 1 with Request

use of org.apache.catalina.connector.Request in project tomcat70 by apache.

the class ApplicationDispatcher method unwrapRequest.

/**
 * Unwrap the request if we have wrapped it.
 */
private void unwrapRequest(State state) {
    if (state.wrapRequest == null)
        return;
    if (state.outerRequest.isAsyncStarted()) {
        if (!state.outerRequest.getAsyncContext().hasOriginalRequestAndResponse()) {
            return;
        }
    }
    ServletRequest previous = null;
    ServletRequest current = state.outerRequest;
    while (current != null) {
        // If we run into the container request we are done
        if ((current instanceof Request) || (current instanceof RequestFacade))
            break;
        // Remove the current request if it is our wrapper
        if (current == state.wrapRequest) {
            ServletRequest next = ((ServletRequestWrapper) current).getRequest();
            if (previous == null)
                state.outerRequest = next;
            else
                ((ServletRequestWrapper) previous).setRequest(next);
            break;
        }
        // Advance to the next request in the chain
        previous = current;
        current = ((ServletRequestWrapper) current).getRequest();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ServletRequestWrapper(javax.servlet.ServletRequestWrapper) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.apache.catalina.connector.Request) ServletRequest(javax.servlet.ServletRequest) RequestFacade(org.apache.catalina.connector.RequestFacade)

Example 2 with Request

use of org.apache.catalina.connector.Request in project tomcat70 by apache.

the class ApplicationFilterFactory method createFilterChain.

/**
 * Construct and return a FilterChain implementation that will wrap the
 * execution of the specified servlet instance.  If we should not execute
 * a filter chain at all, return <code>null</code>.
 *
 * @param request The servlet request we are processing
 * @param servlet The servlet instance to be wrapped
 */
public ApplicationFilterChain createFilterChain(ServletRequest request, Wrapper wrapper, Servlet servlet) {
    // get the dispatcher type
    DispatcherType dispatcher = null;
    if (request.getAttribute(Globals.DISPATCHER_TYPE_ATTR) != null) {
        dispatcher = (DispatcherType) request.getAttribute(Globals.DISPATCHER_TYPE_ATTR);
    }
    String requestPath = null;
    Object attribute = request.getAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR);
    if (attribute != null) {
        requestPath = attribute.toString();
    }
    // If there is no servlet to execute, return null
    if (servlet == null)
        return (null);
    boolean comet = false;
    // Create and initialize a filter chain object
    ApplicationFilterChain filterChain = null;
    if (request instanceof Request) {
        Request req = (Request) request;
        comet = req.isComet();
        if (Globals.IS_SECURITY_ENABLED) {
            // Security: Do not recycle
            filterChain = new ApplicationFilterChain();
            if (comet) {
                req.setFilterChain(filterChain);
            }
        } else {
            filterChain = (ApplicationFilterChain) req.getFilterChain();
            if (filterChain == null) {
                filterChain = new ApplicationFilterChain();
                req.setFilterChain(filterChain);
            }
        }
    } else {
        // Request dispatcher in use
        filterChain = new ApplicationFilterChain();
    }
    filterChain.setServlet(servlet);
    filterChain.setSupport(((StandardWrapper) wrapper).getInstanceSupport());
    // Acquire the filter mappings for this Context
    StandardContext context = (StandardContext) wrapper.getParent();
    FilterMap[] filterMaps = context.findFilterMaps();
    // If there are no filter mappings, we are done
    if ((filterMaps == null) || (filterMaps.length == 0))
        return (filterChain);
    // Acquire the information we will need to match filter mappings
    String servletName = wrapper.getName();
    // Add the relevant path-mapped filters to this filter chain
    for (int i = 0; i < filterMaps.length; i++) {
        if (!matchDispatcher(filterMaps[i], dispatcher)) {
            continue;
        }
        if (!matchFiltersURL(filterMaps[i], requestPath))
            continue;
        ApplicationFilterConfig filterConfig = (ApplicationFilterConfig) context.findFilterConfig(filterMaps[i].getFilterName());
        if (filterConfig == null) {
            // FIXME - log configuration problem
            continue;
        }
        boolean isCometFilter = false;
        if (comet) {
            try {
                isCometFilter = filterConfig.getFilter() instanceof CometFilter;
            } catch (Exception e) {
                // Note: The try catch is there because getFilter has a lot of
                // declared exceptions. However, the filter is allocated much
                // earlier
                Throwable t = ExceptionUtils.unwrapInvocationTargetException(e);
                ExceptionUtils.handleThrowable(t);
            }
            if (isCometFilter) {
                filterChain.addFilter(filterConfig);
            }
        } else {
            filterChain.addFilter(filterConfig);
        }
    }
    // Add filters that match on servlet name second
    for (int i = 0; i < filterMaps.length; i++) {
        if (!matchDispatcher(filterMaps[i], dispatcher)) {
            continue;
        }
        if (!matchFiltersServlet(filterMaps[i], servletName))
            continue;
        ApplicationFilterConfig filterConfig = (ApplicationFilterConfig) context.findFilterConfig(filterMaps[i].getFilterName());
        if (filterConfig == null) {
            // FIXME - log configuration problem
            continue;
        }
        boolean isCometFilter = false;
        if (comet) {
            try {
                isCometFilter = filterConfig.getFilter() instanceof CometFilter;
            } catch (Exception e) {
            // Note: The try catch is there because getFilter has a lot of
            // declared exceptions. However, the filter is allocated much
            // earlier
            }
            if (isCometFilter) {
                filterChain.addFilter(filterConfig);
            }
        } else {
            filterChain.addFilter(filterConfig);
        }
    }
    // Return the completed filter chain
    return (filterChain);
}
Also used : CometFilter(org.apache.catalina.comet.CometFilter) Request(org.apache.catalina.connector.Request) ServletRequest(javax.servlet.ServletRequest) FilterMap(org.apache.catalina.deploy.FilterMap) DispatcherType(javax.servlet.DispatcherType)

Example 3 with Request

use of org.apache.catalina.connector.Request in project tomcat70 by apache.

the class TestRequestFilterValve method oneTest.

private void oneTest(String allow, String deny, boolean denyStatus, boolean addConnectorPort, boolean auth, String property, String type, boolean allowed) {
    // PREPARE
    RequestFilterValve valve = null;
    Connector connector = new Connector();
    Context context = new StandardContext();
    Request request = new Request();
    Response response = new MockResponse();
    StringBuilder msg = new StringBuilder();
    int expected = allowed ? OK : FORBIDDEN;
    connector.setPort(PORT);
    request.setConnector(connector);
    request.setContext(context);
    request.setCoyoteRequest(new org.apache.coyote.Request());
    Assert.assertNotNull("Invalid test with null type", type);
    if (property != null) {
        if (type.equals("Addr")) {
            valve = new RemoteAddrValve();
            request.setRemoteAddr(property);
            msg.append(" ip='" + property + "'");
        } else if (type.equals("Host")) {
            valve = new RemoteHostValve();
            request.setRemoteHost(property);
            msg.append(" host='" + property + "'");
        }
    }
    Assert.assertNotNull("Invalid test type" + type, valve);
    valve.setNext(new TerminatingValve());
    if (allow != null) {
        valve.setAllow(allow);
        msg.append(" allow='" + allow + "'");
    }
    if (deny != null) {
        valve.setDeny(deny);
        msg.append(" deny='" + deny + "'");
    }
    if (denyStatus) {
        valve.setDenyStatus(CUSTOM);
        msg.append(" denyStatus='" + CUSTOM + "'");
        if (!allowed) {
            expected = CUSTOM;
        }
    }
    if (addConnectorPort) {
        if (valve instanceof RemoteAddrValve) {
            ((RemoteAddrValve) valve).setAddConnectorPort(true);
        } else if (valve instanceof RemoteHostValve) {
            ((RemoteHostValve) valve).setAddConnectorPort(true);
        } else {
            Assert.fail("Can only set 'addConnectorPort' for RemoteAddrValve and RemoteHostValve");
        }
        msg.append(" addConnectorPort='true'");
    }
    if (auth) {
        context.setPreemptiveAuthentication(true);
        valve.setInvalidAuthenticationWhenDeny(true);
        msg.append(" auth='true'");
    }
    // TEST
    try {
        valve.invoke(request, response);
    } catch (IOException ex) {
    // Ignore
    } catch (ServletException ex) {
    // Ignore
    }
    // VERIFY
    if (!allowed && auth) {
        Assert.assertEquals(msg.toString(), OK, response.getStatus());
        Assert.assertEquals(msg.toString(), "invalid", request.getHeader("authorization"));
    } else {
        Assert.assertEquals(msg.toString(), expected, response.getStatus());
    }
}
Also used : Context(org.apache.catalina.Context) StandardContext(org.apache.catalina.core.StandardContext) Connector(org.apache.catalina.connector.Connector) Request(org.apache.catalina.connector.Request) IOException(java.io.IOException) Response(org.apache.catalina.connector.Response) ServletException(javax.servlet.ServletException) StandardContext(org.apache.catalina.core.StandardContext)

Example 4 with Request

use of org.apache.catalina.connector.Request in project tomcat70 by apache.

the class TestRemoteIpValve method testInvokeNotAllowedRemoteAddr.

@Test
public void testInvokeNotAllowedRemoteAddr() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProxiesHeader("x-forwarded-by");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("not-allowed-internal-proxy");
    request.setRemoteHost("not-allowed-internal-proxy-host");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    Assert.assertEquals("x-forwarded-for must be unchanged", "140.211.11.130, proxy1, proxy2", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    Assert.assertNull("x-forwarded-by must be null", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "not-allowed-internal-proxy", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "not-allowed-internal-proxy-host", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy-host", actualPostInvokeRemoteHost);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Example 5 with Request

use of org.apache.catalina.connector.Request in project tomcat70 by apache.

the class TestRemoteIpValve method testInvokeXforwardedProtoIsNullForIncomingHttpsRequest.

@Test
public void testInvokeXforwardedProtoIsNullForIncomingHttpsRequest() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProtocolHeader("x-forwarded-proto");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    // client ip
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("192.168.0.10");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
    // protocol
    // Don't declare "x-forwarded-proto"
    request.setSecure(true);
    request.setServerPort(8443);
    request.getCoyoteRequest().scheme().setString("https");
    // TEST
    remoteIpValve.invoke(request, null);
    // VERIFY
    // client ip
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy);
    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
    // protocol
    String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
    Assert.assertEquals("x-forwarded-proto is null", "https", actualScheme);
    int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
    Assert.assertEquals("x-forwarded-proto is null", 8443, actualServerPort);
    boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
    Assert.assertTrue("x-forwarded-proto is null", actualSecure);
    boolean actualPostInvokeSecure = request.isSecure();
    Assert.assertTrue("postInvoke secure", actualPostInvokeSecure);
    int actualPostInvokeServerPort = request.getServerPort();
    Assert.assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort);
    String actualPostInvokeScheme = request.getScheme();
    Assert.assertEquals("postInvoke scheme", "https", actualPostInvokeScheme);
}
Also used : Request(org.apache.catalina.connector.Request) Test(org.junit.Test)

Aggregations

Request (org.apache.catalina.connector.Request)78 Test (org.junit.Test)44 Response (org.apache.catalina.connector.Response)16 HttpServletRequest (javax.servlet.http.HttpServletRequest)14 Context (org.apache.catalina.Context)9 IOException (java.io.IOException)8 ServletRequest (javax.servlet.ServletRequest)8 HttpSession (javax.servlet.http.HttpSession)8 Valve (org.apache.catalina.Valve)7 RequestFacade (org.apache.catalina.connector.RequestFacade)7 TesterContext (org.apache.tomcat.unittest.TesterContext)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)5 HttpSession (jakarta.servlet.http.HttpSession)5 ServletException (javax.servlet.ServletException)5 Connector (org.apache.catalina.connector.Connector)5 ServletRequest (jakarta.servlet.ServletRequest)4 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)4 ServletRequestWrapper (javax.servlet.ServletRequestWrapper)3 LifecycleException (org.apache.catalina.LifecycleException)3 ServletException (jakarta.servlet.ServletException)2