use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.
the class TestRemoteIpFilter method testInvokeAllProxiesAreTrustedOrInternal.
@Test
public void testInvokeAllProxiesAreTrustedOrInternal() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2, 192.168.0.10, 192.168.0.11");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
String actualXForwardedFor = actualRequest.getHeader("x-forwarded-for");
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = actualRequest.getHeader("x-forwarded-by");
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
}
use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.
the class TestRemoteIpFilter method testInvokeAllowedRemoteAddrWithNullRemoteIpHeader.
@Test
public void testInvokeAllowedRemoteAddrWithNullRemoteIpHeader() throws Exception {
// PREPARE
FilterDef filterDef = new FilterDef();
filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("192.168.0.10");
request.setRemoteHost("remote-host-original-value");
// TEST
HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
// VERIFY
String actualXForwardedFor = request.getHeader("x-forwarded-for");
assertNull("x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
assertNull("x-forwarded-by must be null", actualXForwardedBy);
String actualRemoteAddr = actualRequest.getRemoteAddr();
assertEquals("remoteAddr", "192.168.0.10", actualRemoteAddr);
String actualRemoteHost = actualRequest.getRemoteHost();
assertEquals("remoteHost", "remote-host-original-value", actualRemoteHost);
}
use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.
the class TestAddCharSetFilter method doTest.
private void doTest(String encoding, String expected, int mode) throws Exception {
// Setup Tomcat instance
Tomcat tomcat = getTomcatInstance();
// No file system docBase required
Context ctx = tomcat.addContext("", null);
// Add the Servlet
CharsetServlet servlet = new CharsetServlet(mode);
Tomcat.addServlet(ctx, "servlet", servlet);
ctx.addServletMappingDecoded("/", "servlet");
// Add the Filter
FilterDef filterDef = new FilterDef();
filterDef.setFilterClass(AddDefaultCharsetFilter.class.getName());
filterDef.setFilterName("filter");
if (encoding != null) {
filterDef.addInitParameter("encoding", encoding);
}
ctx.addFilterDef(filterDef);
FilterMap filterMap = new FilterMap();
filterMap.setFilterName("filter");
filterMap.addServletName("servlet");
ctx.addFilterMap(filterMap);
tomcat.start();
Map<String, List<String>> headers = new HashMap<>();
getUrl("http://localhost:" + getPort() + "/", new ByteChunk(), headers);
List<String> ctHeaders = headers.get("Content-Type");
assertEquals(1, ctHeaders.size());
String ct = ctHeaders.get(0);
assertEquals("text/plain;charset=" + expected, ct);
}
use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomee by apache.
the class OpenEJBContextConfig method webConfig.
@Override
protected void webConfig() {
TomcatHelper.configureJarScanner(context);
// read the real config
super.webConfig();
if (IgnoredStandardContext.class.isInstance(context)) {
// no need of jsf
return;
}
if (AppFinder.findAppContextOrWeb(context.getLoader().getClassLoader(), AppFinder.WebBeansContextTransformer.INSTANCE) != null) {
final FilterDef asyncOwbFilter = new FilterDef();
asyncOwbFilter.setAsyncSupported("true");
asyncOwbFilter.setDescription("OpenEJB CDI Filter - to propagate @RequestScoped in async tasks");
asyncOwbFilter.setDisplayName("OpenEJB CDI");
asyncOwbFilter.setFilterClass(EEFilter.class.getName());
asyncOwbFilter.setFilterName(EEFilter.class.getName());
context.addFilterDef(asyncOwbFilter);
final FilterMap asyncOwbMapping = new FilterMap();
asyncOwbMapping.setFilterName(asyncOwbFilter.getFilterName());
asyncOwbMapping.addURLPattern("/*");
context.addFilterMap(asyncOwbMapping);
}
if ("true".equalsIgnoreCase(SystemInstance.get().getProperty("tomee.jsp-development", "false"))) {
for (final Container c : context.findChildren()) {
if (Wrapper.class.isInstance(c)) {
final Wrapper servlet = Wrapper.class.cast(c);
if ("org.apache.jasper.servlet.JspServlet".equals(servlet.getServletClass())) {
servlet.addInitParameter("development", "true");
}
}
}
}
final ClassLoader classLoader = context.getLoader().getClassLoader();
// add myfaces auto-initializer if mojarra is not present
try {
classLoader.loadClass("com.sun.faces.context.SessionMap");
return;
} catch (final Throwable ignored) {
// no-op
}
try {
final Class<?> myfacesInitializer = Class.forName(MYFACES_TOMEEM_CONTAINER_INITIALIZER, true, classLoader);
final ServletContainerInitializer instance = (ServletContainerInitializer) myfacesInitializer.newInstance();
context.addServletContainerInitializer(instance, getJsfClasses(context));
// cleanup listener
context.addApplicationListener(TOMEE_MYFACES_CONTEXT_LISTENER);
} catch (final Exception | NoClassDefFoundError ignored) {
// no-op
}
}
use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomee by apache.
the class TomcatWebAppBuilder method beforeStart.
/**
* {@inheritDoc}
*/
@Override
public void beforeStart(final StandardContext standardContext) {
if (standardContext.getResources() != null && LazyStopStandardRoot.class.isInstance(standardContext.getResources())) {
// reset after reload
Reflections.set(standardContext, "resources", LazyStopStandardRoot.class.cast(standardContext.getResources()).getDelegate());
}
final ServletContext sc = standardContext.getServletContext();
if (sc != null && !SystemInstance.get().getOptions().get(OPENEJB_JSESSION_ID_SUPPORT, true)) {
final Set<SessionTrackingMode> defaultTrackingModes = sc.getEffectiveSessionTrackingModes();
if (defaultTrackingModes.contains(SessionTrackingMode.URL)) {
final Set<SessionTrackingMode> newModes = new HashSet<>();
newModes.remove(SessionTrackingMode.URL);
sc.setSessionTrackingModes(newModes);
}
}
initContextLoader(standardContext);
// used to add custom filters first - our arquillian integration uses it for instance
// needs to be done now (= before start event) because of addFilterMapBefore() usage
final String filters = SystemInstance.get().getProperty("org.apache.openejb.servlet.filters");
if (filters != null) {
final String[] names = filters.split(",");
for (final String name : names) {
final String[] clazzMapping = name.split("=");
final FilterDef filterDef = new FilterDef();
filterDef.setFilterClass(clazzMapping[0]);
filterDef.setFilterName(clazzMapping[0]);
standardContext.addFilterDef(filterDef);
final FilterMap filterMap = new FilterMap();
filterMap.setFilterName(clazzMapping[0]);
filterMap.addURLPattern(clazzMapping[1]);
standardContext.addFilterMapBefore(filterMap);
}
}
// mainly to get back compatibility with tomcat <= 8.0
final String cookieProcessor = SystemInstance.get().getProperty("tomee.tomcat.cookieProcessor");
if (cookieProcessor != null) {
// not that important for now if we use the container loader, we mainly want to be able to access
// the legacy one
final ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
try {
final Class<?> cookieProcessorClass = contextClassLoader.loadClass(cookieProcessor.trim());
standardContext.setCookieProcessor(CookieProcessor.class.cast(cookieProcessorClass.newInstance()));
} catch (final Exception e) {
throw new IllegalArgumentException("Cannot set CookieProcessor: " + cookieProcessor);
}
}
}
Aggregations