RequestFilterValvepublic abstract class RequestFilterValve extends ValveBase | Implementation of a Valve that performs filtering based on comparing the
appropriate request property (selected based on which subclass you choose
to configure into your Container's pipeline) against a set of regular
expressions configured for this Valve.
This valve is configured by setting the allow and/or
deny properties to a comma-delimited list of regular
expressions (in the syntax supported by the jakarta-regexp library) to
which the appropriate request property will be compared. Evaluation
proceeds as follows:
- The subclass extracts the request property to be filtered, and
calls the common
process() method.
- If there are any deny expressions configured, the property will
be compared to each such expression. If a match is found, this
request will be rejected with a "Forbidden" HTTP response.
- If there are any allow expressions configured, the property will
be compared to each such expression. If a match is found, this
request will be allowed to pass through to the next Valve in the
current pipeline.
- If one or more deny expressions was specified but no allow expressions,
allow this request to pass through (because none of the deny
expressions matched it).
- The request will be rejected with a "Forbidden" HTTP response.
This Valve may be attached to any Container, depending on the granularity
of the filtering you wish to perform. |
| Fields Summary |
|---|
| private static final String | infoThe descriptive information related to this implementation. | | protected static final org.apache.catalina.util.StringManager | smThe StringManager for this package. | | protected String | allowThe comma-delimited set of allow expressions. | | protected Pattern[] | allowsThe set of allow regular expressions we will evaluate. | | protected Pattern[] | deniesThe set of deny regular expressions we will evaluate. | | protected String | denyThe comma-delimited set of deny expressions. |
| Methods Summary |
|---|
| public java.lang.String | getAllow()Return a comma-delimited set of the allow expressions
configured for this Valve, if any; otherwise, return null.
// ------------------------------------------------------------- Properties
return (this.allow);
| | public java.lang.String | getDeny()Return a comma-delimited set of the deny expressions
configured for this Valve, if any; otherwise, return null.
return (this.deny);
| | public java.lang.String | getInfo()Return descriptive information about this Valve implementation.
return (info);
| | public abstract int | invoke(org.apache.catalina.Request request, org.apache.catalina.Response response)Extract the desired request property, and pass it (along with the
specified request and response objects) to the protected
process() method to perform the actual filtering.
This method must be implemented by a concrete subclass.
| | protected java.util.regex.Pattern[] | precalculate(java.lang.String list)Return an array of regular expression objects initialized from the
specified argument, which must be null or a comma-delimited
list of regular expression patterns.
if (list == null)
return (new Pattern[0]);
list = list.trim();
if (list.length() < 1)
return (new Pattern[0]);
list += ",";
ArrayList reList = new ArrayList();
while (list.length() > 0) {
int comma = list.indexOf(',");
if (comma < 0)
break;
String pattern = list.substring(0, comma).trim();
try {
reList.add(Pattern.compile(pattern));
} catch (PatternSyntaxException e) {
IllegalArgumentException iae = new IllegalArgumentException
(sm.getString("requestFilterValve.syntax", pattern));
iae.initCause(e);
throw iae;
}
list = list.substring(comma + 1);
}
Pattern reArray[] = new Pattern[reList.size()];
return ((Pattern[]) reList.toArray(reArray));
| | protected int | process(java.lang.String property, org.apache.catalina.Request request, org.apache.catalina.Response response)Perform the filtering that has been configured for this Valve, matching
against the specified request property.
// Check the deny patterns, if any
for (int i = 0; i < denies.length; i++) {
if (denies[i].matcher(property).matches()) {
ServletResponse sres = response.getResponse();
/* GlassFish 6386229
if (sres instanceof HttpServletResponse) {
HttpServletResponse hres = (HttpServletResponse) sres;
hres.sendError(HttpServletResponse.SC_FORBIDDEN);
// START OF IASRI 4665318
// return;
return END_PIPELINE;
// END OF IASRI 4665318
}
*/
// START GlassFish 6386229
HttpServletResponse hres = (HttpServletResponse) sres;
hres.sendError(HttpServletResponse.SC_FORBIDDEN);
// END GlassFish 6386229
// START OF IASRI 4665318
// return;
return END_PIPELINE;
// END OF IASRI 4665318
// GlassFish 638622
}
}
// Check the allow patterns, if any
for (int i = 0; i < allows.length; i++) {
if (allows[i].matcher(property).matches()) {
// START OF IASRI 4665318
//context.invokeNext(renuest
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
}
// Allow if denies specified but not allows
if ((denies.length > 0) && (allows.length == 0)) {
// START OF IASRI 4665318
//context.invokeNext(renuest
// return;
return INVOKE_NEXT;
// END OF IASRI 4665318
}
// Deny this request
ServletResponse sres = response.getResponse();
/* GlassFish 6386229
if (sres instanceof HttpServletResponse) {
HttpServletResponse hres = (HttpServletResponse) sres;
hres.sendError(HttpServletResponse.SC_FORBIDDEN);
// START OF IASRI 4665318
// return;
return END_PIPELINE;
// END OF IASRI 4665318
}
*/
// START GlassFish 6386229
HttpServletResponse hres = (HttpServletResponse) sres;
hres.sendError(HttpServletResponse.SC_FORBIDDEN);
// END GlassFish 6386229
// START OF IASRI 4665318
// return;
return END_PIPELINE;
// END OF IASRI 4665318
| | public void | setAllow(java.lang.String allow)Set the comma-delimited set of the allow expressions
configured for this Valve, if any.
this.allow = allow;
allows = precalculate(allow);
| | public void | setDeny(java.lang.String deny)Set the comma-delimited set of the deny expressions
configured for this Valve, if any.
this.deny = deny;
denies = precalculate(deny);
|
|
