1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jdisc.http.filter;
import com.google.common.annotations.Beta;
import com.yahoo.jdisc.handler.ResponseHandler;
import com.yahoo.jdisc.http.HttpRequest.Method;
import com.yahoo.jdisc.http.servlet.ServletRequest;
import com.yahoo.jdisc.http.servlet.ServletResponse;
import com.yahoo.jdisc.http.server.jetty.FilterInvoker;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
/**
* Only intended for internal vespa use.
*
* Runs JDisc security filter without using JDisc request/response.
* Only intended to be used in a servlet context, as the error messages are tailored for that.
*
* Assumes that SecurityResponseFilters mutate DiscFilterResponse in the thread they are invoked from.
*
* @author Tony Vaagenes
*/
@Beta
public class SecurityFilterInvoker implements FilterInvoker {
/**
* Returns the servlet request to be used in any servlets invoked after this.
*/
@Override
public HttpServletRequest invokeRequestFilterChain(RequestFilter requestFilterChain,
URI uri, HttpServletRequest httpRequest,
ResponseHandler responseHandler) {
SecurityRequestFilterChain securityChain = cast(SecurityRequestFilterChain.class, requestFilterChain).
orElseThrow(SecurityFilterInvoker::newUnsupportedOperationException);
ServletRequest wrappedRequest = new ServletRequest(httpRequest, uri);
securityChain.filter(new ServletFilterRequest(wrappedRequest), responseHandler);
return wrappedRequest;
}
@Override
public void invokeResponseFilterChain(
ResponseFilter responseFilterChain,
URI uri,
HttpServletRequest request,
HttpServletResponse response) {
SecurityResponseFilterChain securityChain = cast(SecurityResponseFilterChain.class, responseFilterChain).
orElseThrow(SecurityFilterInvoker::newUnsupportedOperationException);
ServletFilterResponse wrappedResponse = new ServletFilterResponse(new ServletResponse(response));
securityChain.filter(new ServletRequestView(uri, request), wrappedResponse);
}
private static UnsupportedOperationException newUnsupportedOperationException() {
return new UnsupportedOperationException(
"Filter type not supported. If a request is handled by servlets or jax-rs, then any filters invoked for that request must be security filters.");
}
private <T> Optional<T> cast(Class<T> securityFilterChainClass, Object filter) {
return (securityFilterChainClass.isInstance(filter))?
Optional.of(securityFilterChainClass.cast(filter)):
Optional.empty();
}
private static class ServletRequestView implements RequestView {
private final HttpServletRequest request;
private final URI uri;
public ServletRequestView(URI uri, HttpServletRequest request) {
this.request = request;
this.uri = uri;
}
@Override
public Object getAttribute(String name) {
return request.getAttribute(name);
}
@Override
public List<String> getHeaders(String name) {
return Collections.unmodifiableList(Collections.list(request.getHeaders(name)));
}
@Override
public Optional<String> getFirstHeader(String name) {
return getHeaders(name).stream().findFirst();
}
@Override
public Optional<Method> getMethod() {
return Optional.of(Method.valueOf(request.getMethod()));
}
@Override
public URI getUri() {
return uri;
}
}
}
|