Java Code Examples for org.apache.catalina.connector.Request#getDecodedRequestURI()

The following examples show how to use org.apache.catalina.connector.Request#getDecodedRequestURI() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ReplicationValve.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Send Cluster Replication Request
 * @param request current request
 * @param manager session manager
 */
protected void sendSessionReplicationMessage(Request request,
        ClusterManager manager) {
    Session session = request.getSessionInternal(false);
    if (session != null) {
        String uri = request.getDecodedRequestURI();
        // request without session change
        if (!isRequestWithoutSessionChange(uri)) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("ReplicationValve.invoke.uri", uri));
            }
            sendMessage(session,manager);
        } else
            if(doStatistics()) {
                nrOfFilterRequests++;
            }
    }

}
 
Example 2
Source File: ReplicationValve.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
/**
 * Send Cluster Replication Request
 * @param request current request
 * @param manager session manager
 * @param cluster replication cluster
 */
protected void sendSessionReplicationMessage(Request request,
        ClusterManager manager, CatalinaCluster cluster) {
    Session session = request.getSessionInternal(false);
    if (session != null) {
        String uri = request.getDecodedRequestURI();
        // request without session change
        if (!isRequestWithoutSessionChange(uri)) {
            if (log.isDebugEnabled())
                log.debug(sm.getString("ReplicationValve.invoke.uri", uri));
            sendMessage(session,manager,cluster);
        } else
            if(doStatistics())
                nrOfFilterRequests++;
    }

}
 
Example 3
Source File: ReplicationValve.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
/**
 * Send Cluster Replication Request
 * @param request current request
 * @param manager session manager
 * @param cluster replication cluster
 */
protected void sendSessionReplicationMessage(Request request,
        ClusterManager manager, CatalinaCluster cluster) {
    Session session = request.getSessionInternal(false);
    if (session != null) {
        String uri = request.getDecodedRequestURI();
        // request without session change
        if (!isRequestWithoutSessionChange(uri)) {
            if (log.isDebugEnabled())
                log.debug(sm.getString("ReplicationValve.invoke.uri", uri));
            sendMessage(session,manager,cluster);
        } else
            if(doStatistics())
                nrOfFilterRequests++;
    }

}
 
Example 4
Source File: FederationAuthenticator.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
protected void saveRequest(Request request, RequestState requestState) throws IOException {
    String contextId = requestState.getState();
    String uri = request.getDecodedRequestURI();
    Session session = request.getSessionInternal(true);
    if (session != null) {
        LOG.debug("Save request in session '{}'", session.getIdInternal());
    }
    if (session != null && uri != null) {
        SavedRequest saved;
        synchronized (session) {
            super.saveRequest(request, session);
            saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        }
        session.setNote(SESSION_SAVED_REQUEST_PREFIX + uri, saved);
        StringBuilder sb = new StringBuilder(saved.getRequestURI());
        if (saved.getQueryString() != null) {
            sb.append('?');
            sb.append(saved.getQueryString());
        }
        session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString());
        //we set Request State as session attribute for later retrieval in SigninHandler
        request.getSession().setAttribute(
            FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + requestState.getState(), requestState);
    }
}
 
Example 5
Source File: FormAuthenticator.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
protected boolean isContinuationRequired(Request request) {
    // Special handling for form-based logins to deal with the case
    // where the login form (and therefore the "j_security_check" URI
    // to which it submits) might be outside the secured area
    String contextPath = this.context.getPath();
    String decodedRequestURI = request.getDecodedRequestURI();
    if (decodedRequestURI.startsWith(contextPath) &&
            decodedRequestURI.endsWith(Constants.FORM_ACTION)) {
        return true;
    }

    // Special handling for form-based logins to deal with the case where
    // a resource is protected for some HTTP methods but not protected for
    // GET which is used after authentication when redirecting to the
    // protected resource.
    // TODO: This is similar to the FormAuthenticator.matchRequest() logic
    // Is there a way to remove the duplication?
    Session session = request.getSessionInternal(false);
    if (session != null) {
        SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
        if (savedRequest != null &&
                decodedRequestURI.equals(savedRequest.getDecodedRequestURI())) {
            return true;
        }
    }

    return false;
}
 
Example 6
Source File: FormAuthenticator.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
/**
 * Does this request match the saved one (so that it must be the redirect
 * we signaled after successful authentication?
 *
 * @param request The request to be verified
 * @return <code>true</code> if the requests matched the saved one
 */
protected boolean matchRequest(Request request) {
    // Has a session been created?
    Session session = request.getSessionInternal(false);
    if (session == null) {
        return false;
    }

    // Is there a saved request?
    SavedRequest sreq =
            (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
    if (sreq == null) {
        return false;
    }

    // Is there a saved principal?
    if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
        return false;
    }

    // Does the request URI match?
    String decodedRequestURI = request.getDecodedRequestURI();
    if (decodedRequestURI == null) {
        return false;
    }
    return decodedRequestURI.equals(sreq.getDecodedRequestURI());
}
 
Example 7
Source File: FormAuthenticator.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
 * Does this request match the saved one (so that it must be the redirect
 * we signaled after successful authentication?
 *
 * @param request The request to be verified
 */
protected boolean matchRequest(Request request) {

  // Has a session been created?
  Session session = request.getSessionInternal(false);
  if (session == null) {
    return (false);
}

  // Is there a saved request?
  SavedRequest sreq = (SavedRequest)
      session.getNote(Constants.FORM_REQUEST_NOTE);
  if (sreq == null) {
    return (false);
}

  // Is there a saved principal?
  if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
    return (false);
}

  // Does the request URI match?
  String decodedRequestURI = request.getDecodedRequestURI();
  if (decodedRequestURI == null) {
    return (false);
}
  return (decodedRequestURI.equals(sreq.getDecodedRequestURI()));
}
 
Example 8
Source File: FormAuthenticator.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Does this request match the saved one (so that it must be the redirect
 * we signaled after successful authentication?
 *
 * @param request The request to be verified
 */
protected boolean matchRequest(Request request) {

  // Has a session been created?
  Session session = request.getSessionInternal(false);
  if (session == null) {
    return (false);
}

  // Is there a saved request?
  SavedRequest sreq = (SavedRequest)
      session.getNote(Constants.FORM_REQUEST_NOTE);
  if (sreq == null) {
    return (false);
}

  // Is there a saved principal?
  if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
    return (false);
}

  // Does the request URI match?
  String decodedRequestURI = request.getDecodedRequestURI();
  if (decodedRequestURI == null) {
    return (false);
}
  return (decodedRequestURI.equals(sreq.getDecodedRequestURI()));
}
 
Example 9
Source File: FederationAuthenticator.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@Override
protected boolean matchRequest(Request request) {
    Session session = request.getSessionInternal(false);
    String uri = request.getDecodedRequestURI();
    if (session != null && uri != null) {
        SavedRequest saved = (SavedRequest) session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri);
        if (saved != null) {
            synchronized (session) {
                session.setNote(Constants.FORM_REQUEST_NOTE, saved);
                return super.matchRequest(request);
            }
        }
    }
    return false;
}
 
Example 10
Source File: FederationAuthenticator.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
protected boolean restoreRequest(Request request) throws IOException {
    Session session = request.getSessionInternal(false);
    String uri = request.getDecodedRequestURI();
    if (session != null && uri != null) {
        SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri);
        if (saved != null) {
            session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session
            synchronized (session) {
                session.setNote(Constants.FORM_REQUEST_NOTE, saved);
                return super.restoreRequest(request, session);
            }
        }
    }
    return false;
}
 
Example 11
Source File: TomcatHessianRegistry.java    From tomee with Apache License 2.0 5 votes vote down vote up
@Override
public void invoke(final Request request, final Response response) throws IOException, ServletException {
    final String requestURI = request.getDecodedRequestURI();
    if (requestURI.startsWith(HESSIAN)) {
        if (!authenticate(request, response)) {
            return;
        }
    }
    getNext().invoke(request, response);
}
 
Example 12
Source File: BaseOpenIDConnectAuthenticator.java    From tomcat-oidcauth with Apache License 2.0 4 votes vote down vote up
/**
 * Process regular unauthenticated request. Normally, saves the request in
 * the session and forwards to the configured login page.
 *
 * @param request The request.
 * @param response The response.
 *
 * @throws IOException If an I/O error happens communicating with the
 * client.
 */
protected void processUnauthenticated(final Request request,
		final HttpServletResponse response)
	throws IOException {

	// If this request was to the root of the context without a trailing
	// "/", need to redirect to add it else the submit of the login form
	// may not go to the correct web application
	if ((request.getServletPath().length() == 0)
			&& (request.getPathInfo() == null)) {
		final StringBuilder location = new StringBuilder(
				request.getDecodedRequestURI());
		location.append('/');
		if (request.getQueryString() != null)
			location.append('?').append(request.getQueryString());
		response.sendRedirect(
				response.encodeRedirectURL(location.toString()));
		return;
	}

	// get session
	final Session session = request.getSessionInternal(true);

	final boolean debug = this.log.isDebugEnabled();
	if (debug)
		this.log.debug("save request in session "
				+ session.getIdInternal());

	// save original request in the session before forwarding to the login
	try {
		this.saveRequest(request, session);
	} catch (final IOException e) {
		this.log.debug("could not save request during authentication", e);
		response.sendError(HttpServletResponse.SC_FORBIDDEN,
				sm.getString("authenticator.requestBodyTooBig"));
		return;
	}

	// forward to the login page
	this.forwardToLoginPage(request, response,
			this.context.getLoginConfig());
}