Search in sources :

Example 11 with FilterDef

use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.

the class TestRemoteIpFilter method testInvokeAllProxiesAreTrustedOrInternal.

@Test
public void testInvokeAllProxiesAreTrustedOrInternal() throws Exception {
    // PREPARE
    FilterDef filterDef = new FilterDef();
    filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
    filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
    filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    request.setHeader("x-forwarded-for", "140.211.11.130, proxy1, proxy2, 192.168.0.10, 192.168.0.11");
    // TEST
    HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
    // VERIFY
    String actualXForwardedFor = actualRequest.getHeader("x-forwarded-for");
    assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = actualRequest.getHeader("x-forwarded-by");
    assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
    String actualRemoteAddr = actualRequest.getRemoteAddr();
    assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);
    String actualRemoteHost = actualRequest.getRemoteHost();
    assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 12 with FilterDef

use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.

the class TestRemoteIpFilter method testInvokeAllowedRemoteAddrWithNullRemoteIpHeader.

@Test
public void testInvokeAllowedRemoteAddrWithNullRemoteIpHeader() throws Exception {
    // PREPARE
    FilterDef filterDef = new FilterDef();
    filterDef.addInitParameter("internalProxies", "192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    filterDef.addInitParameter("trustedProxies", "proxy1|proxy2|proxy3");
    filterDef.addInitParameter("remoteIpHeader", "x-forwarded-for");
    filterDef.addInitParameter("proxiesHeader", "x-forwarded-by");
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    // TEST
    HttpServletRequest actualRequest = testRemoteIpFilter(filterDef, request).getRequest();
    // VERIFY
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    assertNull("x-forwarded-for must be null", actualXForwardedFor);
    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    assertNull("x-forwarded-by must be null", actualXForwardedBy);
    String actualRemoteAddr = actualRequest.getRemoteAddr();
    assertEquals("remoteAddr", "192.168.0.10", actualRemoteAddr);
    String actualRemoteHost = actualRequest.getRemoteHost();
    assertEquals("remoteHost", "remote-host-original-value", actualRemoteHost);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) TomcatBaseTest(org.apache.catalina.startup.TomcatBaseTest) Test(org.junit.Test)

Example 13 with FilterDef

use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomcat by apache.

the class TestAddCharSetFilter method doTest.

private void doTest(String encoding, String expected, int mode) throws Exception {
    // Setup Tomcat instance
    Tomcat tomcat = getTomcatInstance();
    // No file system docBase required
    Context ctx = tomcat.addContext("", null);
    // Add the Servlet
    CharsetServlet servlet = new CharsetServlet(mode);
    Tomcat.addServlet(ctx, "servlet", servlet);
    ctx.addServletMappingDecoded("/", "servlet");
    // Add the Filter
    FilterDef filterDef = new FilterDef();
    filterDef.setFilterClass(AddDefaultCharsetFilter.class.getName());
    filterDef.setFilterName("filter");
    if (encoding != null) {
        filterDef.addInitParameter("encoding", encoding);
    }
    ctx.addFilterDef(filterDef);
    FilterMap filterMap = new FilterMap();
    filterMap.setFilterName("filter");
    filterMap.addServletName("servlet");
    ctx.addFilterMap(filterMap);
    tomcat.start();
    Map<String, List<String>> headers = new HashMap<>();
    getUrl("http://localhost:" + getPort() + "/", new ByteChunk(), headers);
    List<String> ctHeaders = headers.get("Content-Type");
    assertEquals(1, ctHeaders.size());
    String ct = ctHeaders.get(0);
    assertEquals("text/plain;charset=" + expected, ct);
}
Also used : Context(org.apache.catalina.Context) Tomcat(org.apache.catalina.startup.Tomcat) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) HashMap(java.util.HashMap) ByteChunk(org.apache.tomcat.util.buf.ByteChunk) List(java.util.List) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)

Example 14 with FilterDef

use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomee by apache.

the class OpenEJBContextConfig method webConfig.

@Override
protected void webConfig() {
    TomcatHelper.configureJarScanner(context);
    // read the real config
    super.webConfig();
    if (IgnoredStandardContext.class.isInstance(context)) {
        // no need of jsf
        return;
    }
    if (AppFinder.findAppContextOrWeb(context.getLoader().getClassLoader(), AppFinder.WebBeansContextTransformer.INSTANCE) != null) {
        final FilterDef asyncOwbFilter = new FilterDef();
        asyncOwbFilter.setAsyncSupported("true");
        asyncOwbFilter.setDescription("OpenEJB CDI Filter - to propagate @RequestScoped in async tasks");
        asyncOwbFilter.setDisplayName("OpenEJB CDI");
        asyncOwbFilter.setFilterClass(EEFilter.class.getName());
        asyncOwbFilter.setFilterName(EEFilter.class.getName());
        context.addFilterDef(asyncOwbFilter);
        final FilterMap asyncOwbMapping = new FilterMap();
        asyncOwbMapping.setFilterName(asyncOwbFilter.getFilterName());
        asyncOwbMapping.addURLPattern("/*");
        context.addFilterMap(asyncOwbMapping);
    }
    if ("true".equalsIgnoreCase(SystemInstance.get().getProperty("tomee.jsp-development", "false"))) {
        for (final Container c : context.findChildren()) {
            if (Wrapper.class.isInstance(c)) {
                final Wrapper servlet = Wrapper.class.cast(c);
                if ("org.apache.jasper.servlet.JspServlet".equals(servlet.getServletClass())) {
                    servlet.addInitParameter("development", "true");
                }
            }
        }
    }
    final ClassLoader classLoader = context.getLoader().getClassLoader();
    // add myfaces auto-initializer if mojarra is not present
    try {
        classLoader.loadClass("com.sun.faces.context.SessionMap");
        return;
    } catch (final Throwable ignored) {
    // no-op
    }
    try {
        final Class<?> myfacesInitializer = Class.forName(MYFACES_TOMEEM_CONTAINER_INITIALIZER, true, classLoader);
        final ServletContainerInitializer instance = (ServletContainerInitializer) myfacesInitializer.newInstance();
        context.addServletContainerInitializer(instance, getJsfClasses(context));
        // cleanup listener
        context.addApplicationListener(TOMEE_MYFACES_CONTEXT_LISTENER);
    } catch (final Exception | NoClassDefFoundError ignored) {
    // no-op
    }
}
Also used : ServletContainerInitializer(javax.servlet.ServletContainerInitializer) Wrapper(org.apache.catalina.Wrapper) StandardWrapper(org.apache.catalina.core.StandardWrapper) Container(org.apache.catalina.Container) FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) EEFilter(org.apache.openejb.server.httpd.EEFilter) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) ClassFormatException(org.apache.tomcat.util.bcel.classfile.ClassFormatException)

Example 15 with FilterDef

use of org.apache.tomcat.util.descriptor.web.FilterDef in project tomee by apache.

the class TomcatWebAppBuilder method beforeStart.

/**
 * {@inheritDoc}
 */
@Override
public void beforeStart(final StandardContext standardContext) {
    if (standardContext.getResources() != null && LazyStopStandardRoot.class.isInstance(standardContext.getResources())) {
        // reset after reload
        Reflections.set(standardContext, "resources", LazyStopStandardRoot.class.cast(standardContext.getResources()).getDelegate());
    }
    final ServletContext sc = standardContext.getServletContext();
    if (sc != null && !SystemInstance.get().getOptions().get(OPENEJB_JSESSION_ID_SUPPORT, true)) {
        final Set<SessionTrackingMode> defaultTrackingModes = sc.getEffectiveSessionTrackingModes();
        if (defaultTrackingModes.contains(SessionTrackingMode.URL)) {
            final Set<SessionTrackingMode> newModes = new HashSet<>();
            newModes.remove(SessionTrackingMode.URL);
            sc.setSessionTrackingModes(newModes);
        }
    }
    initContextLoader(standardContext);
    // used to add custom filters first - our arquillian integration uses it for instance
    // needs to be done now (= before start event) because of addFilterMapBefore() usage
    final String filters = SystemInstance.get().getProperty("org.apache.openejb.servlet.filters");
    if (filters != null) {
        final String[] names = filters.split(",");
        for (final String name : names) {
            final String[] clazzMapping = name.split("=");
            final FilterDef filterDef = new FilterDef();
            filterDef.setFilterClass(clazzMapping[0]);
            filterDef.setFilterName(clazzMapping[0]);
            standardContext.addFilterDef(filterDef);
            final FilterMap filterMap = new FilterMap();
            filterMap.setFilterName(clazzMapping[0]);
            filterMap.addURLPattern(clazzMapping[1]);
            standardContext.addFilterMapBefore(filterMap);
        }
    }
    // mainly to get back compatibility with tomcat <= 8.0
    final String cookieProcessor = SystemInstance.get().getProperty("tomee.tomcat.cookieProcessor");
    if (cookieProcessor != null) {
        // not that important for now if we use the container loader, we mainly want to be able to access
        // the legacy one
        final ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            final Class<?> cookieProcessorClass = contextClassLoader.loadClass(cookieProcessor.trim());
            standardContext.setCookieProcessor(CookieProcessor.class.cast(cookieProcessorClass.newInstance()));
        } catch (final Exception e) {
            throw new IllegalArgumentException("Cannot set CookieProcessor: " + cookieProcessor);
        }
    }
}
Also used : FilterDef(org.apache.tomcat.util.descriptor.web.FilterDef) SessionTrackingMode(javax.servlet.SessionTrackingMode) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap) LifecycleException(org.apache.catalina.LifecycleException) NameNotFoundException(javax.naming.NameNotFoundException) IOException(java.io.IOException) NamingException(javax.naming.NamingException) OpenEJBException(org.apache.openejb.OpenEJBException) OpenEJBRuntimeException(org.apache.openejb.OpenEJBRuntimeException) CookieProcessor(org.apache.tomcat.util.http.CookieProcessor) ServletContext(javax.servlet.ServletContext) HashSet(java.util.HashSet)

Aggregations

FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)32 Test (org.junit.Test)16 FilterMap (org.apache.tomcat.util.descriptor.web.FilterMap)14 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 Context (org.apache.catalina.Context)8 HashMap (java.util.HashMap)7 Tomcat (org.apache.catalina.startup.Tomcat)5 SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)4 File (java.io.File)3 Container (org.apache.catalina.Container)3 JavaClassCacheEntry (org.apache.catalina.startup.ContextConfig.JavaClassCacheEntry)3 IOException (java.io.IOException)2 HttpURLConnection (java.net.HttpURLConnection)2 URL (java.net.URL)2 List (java.util.List)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 Wrapper (org.apache.catalina.Wrapper)2 ErrorPage (org.apache.tomcat.util.descriptor.web.ErrorPage)2 WebXml (org.apache.tomcat.util.descriptor.web.WebXml)2