Examples of org.apache.catalina.HttpRequest

org.apache.catalina.HttpRequest
An HttpRequest is the Catalina internal facade for an HttpServletRequest that is to be processed, in order to produce the corresponding HttpResponse. @author Craig R. McClanahan @version $Revision: 466595 $ $Date: 2006-10-21 23:24:41 +0100 (Sat, 21 Oct 2006) $

        if (!(request.getRequest() instanceof HttpServletRequest) ||
            !(response.getResponse() instanceof HttpServletResponse)) {
            context.invokeNext(request, response);
            return;
        }
        HttpRequest hrequest = (HttpRequest) request;
        HttpResponse hresponse = (HttpResponse) response;


        if (debug >= 1)
            log("Security checking request " +
                ((HttpServletRequest) request.getRequest()).getMethod() + " " +
                ((HttpServletRequest) request.getRequest()).getRequestURI());
        LoginConfig config = this.context.getLoginConfig();


        // Have we got a cached authenticated Principal to record?
        if (cache) {
            Principal principal =
                ((HttpServletRequest) request.getRequest()).getUserPrincipal();
            if (principal == null) {
                Session session = getSession(hrequest);
                if (session != null) {
                    principal = session.getPrincipal();
                    if (principal != null) {
                        if (debug >= 1)
                            log("We have cached auth type " +
                                session.getAuthType() +
                                " for principal " +
                                session.getPrincipal());
                        hrequest.setAuthType(session.getAuthType());
                        hrequest.setUserPrincipal(principal);
                    }
                }
            }
        }


        // Special handling for form-based logins to deal with the case
        // where the login form (and therefore the "j_security_check" URI
        // to which it submits) might be outside the secured area
        String requestURI = hrequest.getDecodedRequestURI();
        String contextPath = this.context.getPath();
        if (requestURI.startsWith(contextPath) &&
            requestURI.endsWith(Constants.FORM_ACTION)) {
            if (!authenticate(hrequest, hresponse, config)) {
                if (debug >= 1)
                    log(" Failed authenticate() test");
                return;
            }
        }


        // Is this request URI subject to a security constraint?
        SecurityConstraint constraint = findConstraint(hrequest);
        if ((constraint == null) /* &&
            (!Constants.FORM_METHOD.equals(config.getAuthMethod())) */ ) {
            if (debug >= 1)
                log(" Not subject to any constraint");
            context.invokeNext(request, response);
            return;
        }
        if ((debug >= 1) && (constraint != null))
            log(" Subject to constraint " + constraint);


        // Make sure that constrained resources are not cached by web proxies
        // or browsers as caching can provide a security hole
        HttpServletRequest hsrequest = (HttpServletRequest)hrequest.getRequest();
        if (disableProxyCaching && 
            !hsrequest.isSecure() &&
            !"POST".equalsIgnoreCase(hsrequest.getMethod())) {
            HttpServletResponse sresponse = 
                (HttpServletResponse) response.getResponse();

View Full Code Here

                         (CUSTOM_MATCH != null && path.startsWith(CUSTOM_MATCH)));
            }


            if (match)
            {
                HttpRequest httpRequest = (HttpRequest)request;
                TomcatLoginHolder.setLogin(new TomcatLoginImpl(getContainer(), httpRequest));


                // copy over user princicpal and auth type values, just like in AuthenticatorBase.invoke()
                Principal principal = hrequest.getUserPrincipal();
                if (principal == null) 
                {
                    Session session = getSession(httpRequest, false);
                    if (session != null) 
                    {
                        principal = session.getPrincipal();
                        if (principal != null) 
                        {
                            httpRequest.setAuthType(session.getAuthType());
                            httpRequest.setUserPrincipal(principal);
                        }
                    }
                }
            }
        }

View Full Code Here

        if (!(request.getRequest() instanceof HttpServletRequest) ||
            !(response.getResponse() instanceof HttpServletResponse)) {
            context.invokeNext(request, response);
            return;
        }
        HttpRequest hrequest = (HttpRequest) request;
        HttpResponse hresponse = (HttpResponse) response;
        if (log.isDebugEnabled())
            log.debug("Security checking request " +
                ((HttpServletRequest) request.getRequest()).getMethod() + " " +
                ((HttpServletRequest) request.getRequest()).getRequestURI());
        LoginConfig config = this.context.getLoginConfig();


        // Have we got a cached authenticated Principal to record?
        if (cache) {
            Principal principal =
                ((HttpServletRequest) request.getRequest()).getUserPrincipal();
            if (principal == null) {
                Session session = getSession(hrequest);
                if (session != null) {
                    principal = session.getPrincipal();
                    if (principal != null) {
                        if (log.isDebugEnabled())
                            log.debug("We have cached auth type " +
                                session.getAuthType() +
                                " for principal " +
                                session.getPrincipal());
                        hrequest.setAuthType(session.getAuthType());
                        hrequest.setUserPrincipal(principal);
                    }
                }
            }
        }


        // Special handling for form-based logins to deal with the case
        // where the login form (and therefore the "j_security_check" URI
        // to which it submits) might be outside the secured area
        String contextPath = this.context.getPath();
        String requestURI = hrequest.getDecodedRequestURI();
        if (requestURI.startsWith(contextPath) &&
            requestURI.endsWith(Constants.FORM_ACTION)) {
            if (!authenticate(hrequest, hresponse, config)) {
                if (log.isDebugEnabled())
                    log.debug(" Failed authenticate() test ??" + requestURI );
                return;
            }
        }


        Realm realm = this.context.getRealm();
        // Is this request URI subject to a security constraint?
        SecurityConstraint constraint = realm.
                                findSecurityConstraint(hrequest, this.context);
       
        if ((constraint == null) /* &&
            (!Constants.FORM_METHOD.equals(config.getAuthMethod())) */ ) {
            if (log.isDebugEnabled())
                log.debug(" Not subject to any constraint");
            context.invokeNext(request, response);
            return;
        }
        if ((log.isDebugEnabled()) && (constraint != null))
            log.debug(" Subject to constraint " + constraint);


        // Make sure that constrained resources are not cached by web proxies
        // or browsers as caching can provide a security hole
        if (disableProxyCaching && 
            !(((HttpServletRequest) hrequest.getRequest()).isSecure())) {
            HttpServletResponse sresponse = 
                (HttpServletResponse) response.getResponse();
            sresponse.setHeader("Pragma", "No-cache");
            sresponse.setHeader("Cache-Control", "no-cache");
            sresponse.setDateHeader("Expires", 1);

View Full Code Here

    public final void invoke(Request request, Response response,
                             ValveContext valveContext)
        throws IOException, ServletException {


        // Disallow any direct access to resources under WEB-INF or META-INF
        HttpRequest hreq = (HttpRequest) request;
        MessageBytes requestPathMB = hreq.getRequestPathMB();
        if ((requestPathMB.startsWithIgnoreCase("/META-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/META-INF"))
            || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
            || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
            String requestURI = hreq.getDecodedRequestURI();
            notFound(requestURI, (HttpServletResponse) response.getResponse());
            return;
        }


        // Wait if we are reloading
        while (((StandardContext) container).getPaused()) {
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
                ;
            }
        }


        // Select the Wrapper to be used for this Request
        Wrapper wrapper = request.getWrapper();
        if (wrapper == null) {
            String requestURI = hreq.getDecodedRequestURI();
            notFound(requestURI, (HttpServletResponse) response.getResponse());
            return;
        }


        // Normal request processing

View Full Code Here

        //System.out.println("[DEBUG] Regular invoke took="+(System.currentTimeMillis()-_debugstart)+" ms.");
        //this happens after the request
        try
        {
            long start = System.currentTimeMillis();
            HttpRequest hrequest = (HttpRequest) request;
            HttpServletRequest hreq = (HttpServletRequest) hrequest.getRequest();
            HttpSession session = hreq.getSession(false);
            
            if (!( request.getContext().getManager() instanceof ClusterManager) ) return;
            
            ClusterManager manager = (ClusterManager)request.getContext().getManager();
            CatalinaCluster cluster = (CatalinaCluster)getContainer().getCluster();
            if ( cluster == null ) {
                log.warn("No cluster configured for this request.");
                return;
            }
            //first check for session invalidations
            String[] invalidIds=manager.getInvalidatedSessions();
            if ( invalidIds.length > 0 ) {
                for ( int i=0;i<invalidIds.length; i++ ) {
                    try {
                        SessionMessage imsg = manager.requestCompleted(
                            invalidIds[i]);
                        if (imsg != null)
                            cluster.send(imsg);
                    }catch ( Exception x ) {
                        log.error("Unable to send session invalid message over cluster.",x);
                    }
                }
            }


            String id = null;
            if ( session != null )
                id = session.getId();
            else
                return;


            if ( id == null )
                return;


            if ( (request.getContext().getManager()==null) ||
                 (!(request.getContext().getManager() instanceof ClusterManager)))
                return;






            String uri = hrequest.getDecodedRequestURI();
            boolean filterfound = false;


            for ( int i=0; (i<reqFilters.length) && (!filterfound); i++ )
            {
                java.util.regex.Matcher matcher = reqFilters[i].matcher(uri);

View Full Code Here

            this.relativeURI = relativeURI;
            this.queryString = queryString;
        }


        public Object run() {
            HttpRequest request = new MappingRequest
                (context.getPath(), contextPath + relativeURI, queryString);
            /*
            HttpRequestBase request = new HttpRequestBase();
            request.setContext(context);
            request.setContextPath(context.getPath());
            request.setRequestURI(contextPath + relativeURI);
            request.setQueryString(queryString);
            */
            Wrapper wrapper = (Wrapper) context.map(request, true);
            if (wrapper == null)
                return (null);


            // Construct a RequestDispatcher to process this request
            HttpServletRequest hrequest =
                (HttpServletRequest) request.getRequest();
            return (RequestDispatcher) new ApplicationDispatcher
                (wrapper,
                 hrequest.getServletPath(),
                 hrequest.getPathInfo(),
                 hrequest.getQueryString(),

View Full Code Here

            return (RequestDispatcher)AccessController.doPrivileged(dp);
        }


        // The remaining code is duplicated in PrivilegedGetRequestDispatcher,
        // we need to make sure they stay in sync
        HttpRequest request = new MappingRequest
            (context.getPath(), contextPath + relativeURI, queryString);
        /*
        request.setContext(context);
        request.setContextPath(context.getPath());
        request.setRequestURI(contextPath + relativeURI);
        request.setQueryString(queryString);
        */
        Wrapper wrapper = (Wrapper) context.map(request, true);
        if (wrapper == null)
            return (null);


        // Construct a RequestDispatcher to process this request
        HttpServletRequest hrequest =
            (HttpServletRequest) request.getRequest();
        return (RequestDispatcher) new ApplicationDispatcher(wrapper,
                        hrequest.getServletPath(),
                        hrequest.getPathInfo(),
                        hrequest.getQueryString(),
                        null);

View Full Code Here

        if (!(request.getRequest() instanceof HttpServletRequest) ||
            !(response.getResponse() instanceof HttpServletResponse)) {
            context.invokeNext(request, response);
            return;
        }
        HttpRequest hrequest = (HttpRequest) request;
        HttpResponse hresponse = (HttpResponse) response;


        if (debug >= 1)
            log("Security checking request " +
                ((HttpServletRequest) request.getRequest()).getMethod() + " " +
                ((HttpServletRequest) request.getRequest()).getRequestURI());
        LoginConfig config = this.context.getLoginConfig();


        // Have we got a cached authenticated Principal to record?
        if (cache) {
            Principal principal =
                ((HttpServletRequest) request.getRequest()).getUserPrincipal();
            if (principal == null) {
                Session session = getSession(hrequest);
                if (session != null) {
                    principal = session.getPrincipal();
                    if (principal != null) {
                        if (debug >= 1)
                            log("We have cached auth type " +
                                session.getAuthType() +
                                " for principal " +
                                session.getPrincipal());
                        hrequest.setAuthType(session.getAuthType());
                        hrequest.setUserPrincipal(principal);
                    }
                }
            }
        }


        // Special handling for form-based logins to deal with the case
        // where the login form (and therefore the "j_security_check" URI
        // to which it submits) might be outside the secured area
        String requestURI = hrequest.getDecodedRequestURI();
        String contextPath = this.context.getPath();
        if (requestURI.startsWith(contextPath) &&
            requestURI.endsWith(Constants.FORM_ACTION)) {
            if (!authenticate(hrequest, hresponse, config)) {
                if (debug >= 1)
                    log(" Failed authenticate() test");
                return;
            }
        }


        // Is this request URI subject to a security constraint?
        SecurityConstraint constraint = findConstraint(hrequest);
        if ((constraint == null) /* &&
            (!Constants.FORM_METHOD.equals(config.getAuthMethod())) */ ) {
            if (debug >= 1)
                log(" Not subject to any constraint");
            context.invokeNext(request, response);
            return;
        }
        if ((debug >= 1) && (constraint != null))
            log(" Subject to constraint " + constraint);


        // Make sure that constrained resources are not cached by web proxies
        // or browsers as caching can provide a security hole
        HttpServletRequest hsrequest = (HttpServletRequest)hrequest.getRequest();
        if (disableProxyCaching && 
            !hsrequest.isSecure() &&
            !"POST".equalsIgnoreCase(hsrequest.getMethod())) {
            HttpServletResponse sresponse = 
                (HttpServletResponse) response.getResponse();

View Full Code Here

            return (RequestDispatcher)AccessController.doPrivileged(dp);
        }


        // The remaining code is duplicated in PrivilegedGetRequestDispatcher,
        // we need to make sure they stay in sync
        HttpRequest request = new MappingRequest
            (context.getPath(), contextPath + relativeURI, queryString);
        /*
        request.setContext(context);
        request.setContextPath(context.getPath());
        request.setRequestURI(contextPath + relativeURI);
        request.setQueryString(queryString);
        */
        Wrapper wrapper = (Wrapper) context.map(request, true);
        if (wrapper == null)
            return (null);


        // Construct a RequestDispatcher to process this request
        HttpServletRequest hrequest =
            (HttpServletRequest) request.getRequest();
        return (RequestDispatcher) new ApplicationDispatcher(wrapper,
                        hrequest.getServletPath(),
                        hrequest.getPathInfo(),
                        hrequest.getQueryString(),
                        null);

View Full Code Here

            this.relativeURI = relativeURI;
            this.queryString = queryString;
        }


        public Object run() {
            HttpRequest request = new MappingRequest
                (context.getPath(), contextPath + relativeURI, queryString);
            /*
            HttpRequestBase request = new HttpRequestBase();
            request.setContext(context);
            request.setContextPath(context.getPath());
            request.setRequestURI(contextPath + relativeURI);
            request.setQueryString(queryString);
            */
            Wrapper wrapper = (Wrapper) context.map(request, true);
            if (wrapper == null)
                return (null);


            // Construct a RequestDispatcher to process this request
            HttpServletRequest hrequest =
                (HttpServletRequest) request.getRequest();
            return (RequestDispatcher) new ApplicationDispatcher
                (wrapper,
                 hrequest.getServletPath(),
                 hrequest.getPathInfo(),
                 hrequest.getQueryString(),

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.catalina.HttpRequest

flex.messaging.security.TomcatValve4150

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.cluster.tcp.ReplicationValve

org.apache.catalina.core.ApplicationContext

org.apache.catalina.core.ApplicationContext$PrivilegedGetRequestDispatcher

org.apache.catalina.core.StandardContextValve

org.apache.catalina.core.StandardWrapperValve

org.apache.catalina.valves.RequestDumperValve

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.