use of org.apache.catalina.connector.Request in project tomcat70 by apache.
the class ApplicationDispatcher method unwrapRequest.
/**
* Unwrap the request if we have wrapped it.
*/
private void unwrapRequest(State state) {
if (state.wrapRequest == null)
return;
if (state.outerRequest.isAsyncStarted()) {
if (!state.outerRequest.getAsyncContext().hasOriginalRequestAndResponse()) {
return;
}
}
ServletRequest previous = null;
ServletRequest current = state.outerRequest;
while (current != null) {
// If we run into the container request we are done
if ((current instanceof Request) || (current instanceof RequestFacade))
break;
// Remove the current request if it is our wrapper
if (current == state.wrapRequest) {
ServletRequest next = ((ServletRequestWrapper) current).getRequest();
if (previous == null)
state.outerRequest = next;
else
((ServletRequestWrapper) previous).setRequest(next);
break;
}
// Advance to the next request in the chain
previous = current;
current = ((ServletRequestWrapper) current).getRequest();
}
}
use of org.apache.catalina.connector.Request in project tomcat70 by apache.
the class ApplicationFilterFactory method createFilterChain.
/**
* Construct and return a FilterChain implementation that will wrap the
* execution of the specified servlet instance. If we should not execute
* a filter chain at all, return <code>null</code>.
*
* @param request The servlet request we are processing
* @param servlet The servlet instance to be wrapped
*/
public ApplicationFilterChain createFilterChain(ServletRequest request, Wrapper wrapper, Servlet servlet) {
// get the dispatcher type
DispatcherType dispatcher = null;
if (request.getAttribute(Globals.DISPATCHER_TYPE_ATTR) != null) {
dispatcher = (DispatcherType) request.getAttribute(Globals.DISPATCHER_TYPE_ATTR);
}
String requestPath = null;
Object attribute = request.getAttribute(Globals.DISPATCHER_REQUEST_PATH_ATTR);
if (attribute != null) {
requestPath = attribute.toString();
}
// If there is no servlet to execute, return null
if (servlet == null)
return (null);
boolean comet = false;
// Create and initialize a filter chain object
ApplicationFilterChain filterChain = null;
if (request instanceof Request) {
Request req = (Request) request;
comet = req.isComet();
if (Globals.IS_SECURITY_ENABLED) {
// Security: Do not recycle
filterChain = new ApplicationFilterChain();
if (comet) {
req.setFilterChain(filterChain);
}
} else {
filterChain = (ApplicationFilterChain) req.getFilterChain();
if (filterChain == null) {
filterChain = new ApplicationFilterChain();
req.setFilterChain(filterChain);
}
}
} else {
// Request dispatcher in use
filterChain = new ApplicationFilterChain();
}
filterChain.setServlet(servlet);
filterChain.setSupport(((StandardWrapper) wrapper).getInstanceSupport());
// Acquire the filter mappings for this Context
StandardContext context = (StandardContext) wrapper.getParent();
FilterMap[] filterMaps = context.findFilterMaps();
// If there are no filter mappings, we are done
if ((filterMaps == null) || (filterMaps.length == 0))
return (filterChain);
// Acquire the information we will need to match filter mappings
String servletName = wrapper.getName();
// Add the relevant path-mapped filters to this filter chain
for (int i = 0; i < filterMaps.length; i++) {
if (!matchDispatcher(filterMaps[i], dispatcher)) {
continue;
}
if (!matchFiltersURL(filterMaps[i], requestPath))
continue;
ApplicationFilterConfig filterConfig = (ApplicationFilterConfig) context.findFilterConfig(filterMaps[i].getFilterName());
if (filterConfig == null) {
// FIXME - log configuration problem
continue;
}
boolean isCometFilter = false;
if (comet) {
try {
isCometFilter = filterConfig.getFilter() instanceof CometFilter;
} catch (Exception e) {
// Note: The try catch is there because getFilter has a lot of
// declared exceptions. However, the filter is allocated much
// earlier
Throwable t = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(t);
}
if (isCometFilter) {
filterChain.addFilter(filterConfig);
}
} else {
filterChain.addFilter(filterConfig);
}
}
// Add filters that match on servlet name second
for (int i = 0; i < filterMaps.length; i++) {
if (!matchDispatcher(filterMaps[i], dispatcher)) {
continue;
}
if (!matchFiltersServlet(filterMaps[i], servletName))
continue;
ApplicationFilterConfig filterConfig = (ApplicationFilterConfig) context.findFilterConfig(filterMaps[i].getFilterName());
if (filterConfig == null) {
// FIXME - log configuration problem
continue;
}
boolean isCometFilter = false;
if (comet) {
try {
isCometFilter = filterConfig.getFilter() instanceof CometFilter;
} catch (Exception e) {
// Note: The try catch is there because getFilter has a lot of
// declared exceptions. However, the filter is allocated much
// earlier
}
if (isCometFilter) {
filterChain.addFilter(filterConfig);
}
} else {
filterChain.addFilter(filterConfig);
}
}
// Return the completed filter chain
return (filterChain);
}
use of org.apache.catalina.connector.Request in project tomcat70 by apache.
the class TestRequestFilterValve method oneTest.
private void oneTest(String allow, String deny, boolean denyStatus, boolean addConnectorPort, boolean auth, String property, String type, boolean allowed) {
// PREPARE
RequestFilterValve valve = null;
Connector connector = new Connector();
Context context = new StandardContext();
Request request = new Request();
Response response = new MockResponse();
StringBuilder msg = new StringBuilder();
int expected = allowed ? OK : FORBIDDEN;
connector.setPort(PORT);
request.setConnector(connector);
request.setContext(context);
request.setCoyoteRequest(new org.apache.coyote.Request());
Assert.assertNotNull("Invalid test with null type", type);
if (property != null) {
if (type.equals("Addr")) {
valve = new RemoteAddrValve();
request.setRemoteAddr(property);
msg.append(" ip='" + property + "'");
} else if (type.equals("Host")) {
valve = new RemoteHostValve();
request.setRemoteHost(property);
msg.append(" host='" + property + "'");
}
}
Assert.assertNotNull("Invalid test type" + type, valve);
valve.setNext(new TerminatingValve());
if (allow != null) {
valve.setAllow(allow);
msg.append(" allow='" + allow + "'");
}
if (deny != null) {
valve.setDeny(deny);
msg.append(" deny='" + deny + "'");
}
if (denyStatus) {
valve.setDenyStatus(CUSTOM);
msg.append(" denyStatus='" + CUSTOM + "'");
if (!allowed) {
expected = CUSTOM;
}
}
if (addConnectorPort) {
if (valve instanceof RemoteAddrValve) {
((RemoteAddrValve) valve).setAddConnectorPort(true);
} else if (valve instanceof RemoteHostValve) {
((RemoteHostValve) valve).setAddConnectorPort(true);
} else {
Assert.fail("Can only set 'addConnectorPort' for RemoteAddrValve and RemoteHostValve");
}
msg.append(" addConnectorPort='true'");
}
if (auth) {
context.setPreemptiveAuthentication(true);
valve.setInvalidAuthenticationWhenDeny(true);
msg.append(" auth='true'");
}
// TEST
try {
valve.invoke(request, response);
} catch (IOException ex) {
// Ignore
} catch (ServletException ex) {
// Ignore
}
// VERIFY
if (!allowed && auth) {
Assert.assertEquals(msg.toString(), OK, response.getStatus());
Assert.assertEquals(msg.toString(), "invalid", request.getHeader("authorization"));
} else {
Assert.assertEquals(msg.toString(), expected, response.getStatus());
}
}
use of org.apache.catalina.connector.Request in project tomcat70 by apache.
the class TestRemoteIpValve method testInvokeNotAllowedRemoteAddr.
@Test
public void testInvokeNotAllowedRemoteAddr() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProxiesHeader("x-forwarded-by");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
request.setRemoteAddr("not-allowed-internal-proxy");
request.setRemoteHost("not-allowed-internal-proxy-host");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
String actualXForwardedFor = request.getHeader("x-forwarded-for");
Assert.assertEquals("x-forwarded-for must be unchanged", "140.211.11.130, proxy1, proxy2", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
Assert.assertNull("x-forwarded-by must be null", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
Assert.assertEquals("remoteAddr", "not-allowed-internal-proxy", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
Assert.assertEquals("remoteHost", "not-allowed-internal-proxy-host", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
Assert.assertEquals("postInvoke remoteAddr", "not-allowed-internal-proxy-host", actualPostInvokeRemoteHost);
}
use of org.apache.catalina.connector.Request in project tomcat70 by apache.
the class TestRemoteIpValve method testInvokeXforwardedProtoIsNullForIncomingHttpsRequest.
@Test
public void testInvokeXforwardedProtoIsNullForIncomingHttpsRequest() throws Exception {
// PREPARE
RemoteIpValve remoteIpValve = new RemoteIpValve();
remoteIpValve.setRemoteIpHeader("x-forwarded-for");
remoteIpValve.setProtocolHeader("x-forwarded-proto");
RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
Request request = new MockRequest();
request.setCoyoteRequest(new org.apache.coyote.Request());
// client ip
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("192.168.0.10");
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130");
// protocol
// Don't declare "x-forwarded-proto"
request.setSecure(true);
request.setServerPort(8443);
request.getCoyoteRequest().scheme().setString("https");
// TEST
remoteIpValve.invoke(request, null);
// VERIFY
// client ip
String actualXForwardedFor = request.getHeader("x-forwarded-for");
Assert.assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
Assert.assertNull("no intermediate trusted proxy", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
Assert.assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
Assert.assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
String actualPostInvokeRemoteAddr = request.getRemoteAddr();
Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);
String actualPostInvokeRemoteHost = request.getRemoteHost();
Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteHost);
// protocol
String actualScheme = remoteAddrAndHostTrackerValve.getScheme();
Assert.assertEquals("x-forwarded-proto is null", "https", actualScheme);
int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();
Assert.assertEquals("x-forwarded-proto is null", 8443, actualServerPort);
boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();
Assert.assertTrue("x-forwarded-proto is null", actualSecure);
boolean actualPostInvokeSecure = request.isSecure();
Assert.assertTrue("postInvoke secure", actualPostInvokeSecure);
int actualPostInvokeServerPort = request.getServerPort();
Assert.assertEquals("postInvoke serverPort", 8443, actualPostInvokeServerPort);
String actualPostInvokeScheme = request.getScheme();
Assert.assertEquals("postInvoke scheme", "https", actualPostInvokeScheme);
}
Aggregations