下面列出了怎么用javax.servlet.http.HttpServletRequestWrapper的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
headerMap.forEach((k, v) -> httpResponse.addHeader(k, v));
chain.doFilter(quoted, httpResponse);
}
private HttpServletRequest wrapRequest(final HttpServletRequest request, boolean jukebox) {
final Integer playerId = createPlayerIfNecessary(request, jukebox);
return new HttpServletRequestWrapper(request) {
@Override
public String getParameter(String name) {
// Returns the correct player to be used in PlayerService.getPlayer()
if ("player".equals(name)) {
return playerId == null ? null : String.valueOf(playerId);
}
// Support old style ID parameters.
if ("id".equals(name)) {
return mapId(request.getParameter("id"));
}
return super.getParameter(name);
}
};
}
@Test
public void decoratedNativeRequest() {
HttpServletRequest decoratedRequest = new HttpServletRequestWrapper(servletRequest);
HttpServletResponse decoratedResponse = new HttpServletResponseWrapper(servletResponse);
ServletWebRequest request = new ServletWebRequest(decoratedRequest, decoratedResponse);
assertSame(decoratedRequest, request.getNativeRequest());
assertSame(decoratedRequest, request.getNativeRequest(ServletRequest.class));
assertSame(decoratedRequest, request.getNativeRequest(HttpServletRequest.class));
assertSame(servletRequest, request.getNativeRequest(MockHttpServletRequest.class));
assertNull(request.getNativeRequest(MultipartRequest.class));
assertSame(decoratedResponse, request.getNativeResponse());
assertSame(decoratedResponse, request.getNativeResponse(ServletResponse.class));
assertSame(decoratedResponse, request.getNativeResponse(HttpServletResponse.class));
assertSame(servletResponse, request.getNativeResponse(MockHttpServletResponse.class));
assertNull(request.getNativeResponse(MultipartRequest.class));
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
filterChain.doFilter(new HttpServletRequestWrapper(request) {
@Override
public Principal getUserPrincipal() {
return () -> PRINCIPAL_NAME;
}
// Like Spring Security does in HttpServlet3RequestFactory..
@Override
public AsyncContext getAsyncContext() {
return super.getAsyncContext() != null ?
new AsyncContextWrapper(super.getAsyncContext()) : null;
}
}, new HttpServletResponseWrapper(response));
}
public void init() {
// only need to perform request demunging if this has not come to us
// via the AccessRegistrar.
if (entityref.equals("")) {
extrapath = "/" + computePathInfo(request);
final StringBuffer requesturl = request.getRequestURL();
// now handled with implicitNullPathRedirect in RSF proper
// if (extrapath.equals("")) {
// extrapath = defaultview;
// requesturl.append('/').append(FACES_PATH).append(extrapath);
// }
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
public String getPathInfo() {
return extrapath;
}
public StringBuffer getRequestURL() {
StringBuffer togo = new StringBuffer();
togo.append(requesturl);
return togo;
}
};
request = wrapper;
}
}
@Test
public void decoratedNativeRequest() {
HttpServletRequest decoratedRequest = new HttpServletRequestWrapper(servletRequest);
HttpServletResponse decoratedResponse = new HttpServletResponseWrapper(servletResponse);
ServletWebRequest request = new ServletWebRequest(decoratedRequest, decoratedResponse);
assertSame(decoratedRequest, request.getNativeRequest());
assertSame(decoratedRequest, request.getNativeRequest(ServletRequest.class));
assertSame(decoratedRequest, request.getNativeRequest(HttpServletRequest.class));
assertSame(servletRequest, request.getNativeRequest(MockHttpServletRequest.class));
assertNull(request.getNativeRequest(MultipartRequest.class));
assertSame(decoratedResponse, request.getNativeResponse());
assertSame(decoratedResponse, request.getNativeResponse(ServletResponse.class));
assertSame(decoratedResponse, request.getNativeResponse(HttpServletResponse.class));
assertSame(servletResponse, request.getNativeResponse(MockHttpServletResponse.class));
assertNull(request.getNativeResponse(MultipartRequest.class));
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
filterChain.doFilter(new HttpServletRequestWrapper(request) {
@Override
public Principal getUserPrincipal() {
return () -> PRINCIPAL_NAME;
}
// Like Spring Security does in HttpServlet3RequestFactory..
@Override
public AsyncContext getAsyncContext() {
return super.getAsyncContext() != null ?
new AsyncContextWrapper(super.getAsyncContext()) : null;
}
}, new HttpServletResponseWrapper(response));
}
@Override
public void doFilter(ServletRequest srequest, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
if (enabled) {
HttpServletRequest request = (HttpServletRequest) srequest;
final String realIp = request.getHeader(X_FORWARDED_FOR);
if (realIp != null) {
filterChain.doFilter(new HttpServletRequestWrapper(request) {
public String getRemoteAddr() {
return realIp;
}
public String getRemoteHost() {
return realIp;
}
}, response);
return;
}
}
filterChain.doFilter(srequest, response);
}
private HttpServletRequest wrapRequest(final HttpServletRequest request, boolean jukebox) {
final String playerId = createPlayerIfNecessary(request, jukebox);
return new HttpServletRequestWrapper(request) {
@Override
public String getParameter(String name) {
// Returns the correct player to be used in PlayerService.getPlayer()
if ("player".equals(name)) {
return playerId;
}
// Support old style ID parameters.
if ("id".equals(name)) {
return mapId(request.getParameter("id"));
}
return super.getParameter(name);
}
};
}
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,
final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest httpServletRequest = HttpServletRequest.class.cast(servletRequest);
if (exists(httpServletRequest.getRequestURI())) {
filterChain.doFilter(servletRequest, servletResponse);
} else {
filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) {
@Override
public String getPathInfo() {
return "";
}
@Override
public String getServletPath() {
return "/index.html";
}
}, servletResponse);
}
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
chain.doFilter(quoted, httpResponse);
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
chain.doFilter(quoted, httpResponse);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// if the user is already authenticated, don't override it
if (httpRequest.getRemoteUser() != null) {
chain.doFilter(request, response);
} else {
HttpServletRequestWrapper wrapper =
new HttpServletRequestWrapper(httpRequest) {
@Override
public Principal getUserPrincipal() {
return user;
}
@Override
public String getRemoteUser() {
return username;
}
};
chain.doFilter(wrapper, response);
}
}
@Test
public void testFilter() throws Exception {
FilterConfig config = mockConfig("myuser");
StaticUserFilter suf = new StaticUserFilter();
suf.init(config);
ArgumentCaptor<HttpServletRequestWrapper> wrapperArg =
ArgumentCaptor.forClass(HttpServletRequestWrapper.class);
FilterChain chain = mock(FilterChain.class);
suf.doFilter(mock(HttpServletRequest.class), mock(ServletResponse.class),
chain);
Mockito.verify(chain).doFilter(wrapperArg.capture(), Mockito.<ServletResponse>anyObject());
HttpServletRequestWrapper wrapper = wrapperArg.getValue();
assertEquals("myuser", wrapper.getUserPrincipal().getName());
assertEquals("myuser", wrapper.getRemoteUser());
suf.destroy();
}
@Test
public void testNewSessionIdCreatedIfSessionWasInvalidated() {
HttpServletRequest wrappedSimple = mock(HttpServletRequest.class);
RepositoryBackedHttpSession invalidSession = mock(RepositoryBackedHttpSession.class);
RepositoryBackedHttpSession newSession = mock(RepositoryBackedHttpSession.class);
when(newSession.getId()).thenReturn(NEW_SESSION_ID);
when(invalidSession.getId()).thenReturn(SESSION_ID);
when(invalidSession.isValid()).thenReturn(false);
HttpRequestWrapper wrappedHttpRequestWrapper = spy(new HttpRequestWrapper(wrappedSimple, servletContext));
wrappedHttpRequestWrapper.session = invalidSession;
HttpServletRequest wrappedComplex = new HttpServletRequestWrapper(wrappedHttpRequestWrapper);
HttpRequestWrapper req = new HttpRequestWrapper(wrappedComplex, servletContext);
when(sessionManager.getSession(req, true, new SessionTracking.IdAndSource(SESSION_ID, false))).thenReturn(invalidSession);
when(sessionManager.getSession(req, true, null)).thenReturn(newSession);
RepositoryBackedHttpSession session2 = req.getSession();
Assert.assertNotNull(session2);
assertEquals(NEW_SESSION_ID, session2.getId());
}
/**
* Test to upload a file to a part
*
* @throws Exception
*/
@Test
public void uploadFileToPart() throws Exception {
//Given
final File fileToUpload = new File(ResourceUtil.getFilePath(ResourceUtil.SOURCE_PART_STORAGE + ResourceUtil.TEST_PART_FILENAME1));
File uploadedFile = File.createTempFile(ResourceUtil.TARGET_PART_STORAGE + ResourceUtil.FILENAME_TARGET_PART, ResourceUtil.TEMP_SUFFIX);
HttpServletRequestWrapper request = Mockito.mock(HttpServletRequestWrapper.class);
Collection<Part> parts = new ArrayList<>();
parts.add(new PartImpl(fileToUpload));
Mockito.when(request.getParts()).thenReturn(parts);
BinaryResource binaryResource = new BinaryResource(ResourceUtil.FILENAME1, ResourceUtil.PART_SIZE, new Date());
OutputStream outputStream = new FileOutputStream(uploadedFile);
Mockito.when(request.getRequestURI()).thenReturn(ResourceUtil.WORKSPACE_ID + "/parts/" + ResourceUtil.PART_TEMPLATE_ID + "/");
Mockito.when(productService.saveFileInPartIteration(Matchers.any(PartIterationKey.class), Matchers.anyString(), Matchers.anyString(), Matchers.anyInt())).thenReturn(binaryResource);
Mockito.when(storageManager.getBinaryResourceOutputStream(binaryResource)).thenReturn(outputStream);
//When
Response response = partBinaryResource.uploadAttachedFiles(request, ResourceUtil.WORKSPACE_ID, ResourceUtil.PART_NUMBER, ResourceUtil.VERSION, ResourceUtil.ITERATION);
//Then
assertNotNull(response);
assertEquals(response.getStatus(), 201);
assertEquals(response.getStatusInfo(), Response.Status.CREATED);
//delete temp file
uploadedFile.deleteOnExit();
}
@Test
public void decoratedNativeRequest() {
HttpServletRequest decoratedRequest = new HttpServletRequestWrapper(servletRequest);
HttpServletResponse decoratedResponse = new HttpServletResponseWrapper(servletResponse);
ServletWebRequest request = new ServletWebRequest(decoratedRequest, decoratedResponse);
assertSame(decoratedRequest, request.getNativeRequest());
assertSame(decoratedRequest, request.getNativeRequest(ServletRequest.class));
assertSame(decoratedRequest, request.getNativeRequest(HttpServletRequest.class));
assertSame(servletRequest, request.getNativeRequest(MockHttpServletRequest.class));
assertNull(request.getNativeRequest(MultipartRequest.class));
assertSame(decoratedResponse, request.getNativeResponse());
assertSame(decoratedResponse, request.getNativeResponse(ServletResponse.class));
assertSame(decoratedResponse, request.getNativeResponse(HttpServletResponse.class));
assertSame(servletResponse, request.getNativeResponse(MockHttpServletResponse.class));
assertNull(request.getNativeResponse(MultipartRequest.class));
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
filterChain.doFilter(new HttpServletRequestWrapper(request) {
@Override
public Principal getUserPrincipal() {
return new Principal() {
@Override
public String getName() {
return PRINCIPAL_NAME;
}
};
}
}, new HttpServletResponseWrapper(response));
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
chain.doFilter(quoted, httpResponse);
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
chain.doFilter(quoted, httpResponse);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// if the user is already authenticated, don't override it
if (httpRequest.getRemoteUser() != null) {
chain.doFilter(request, response);
} else {
HttpServletRequestWrapper wrapper =
new HttpServletRequestWrapper(httpRequest) {
@Override
public Principal getUserPrincipal() {
return user;
}
@Override
public String getRemoteUser() {
return username;
}
};
chain.doFilter(wrapper, response);
}
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequestWrapper quoted =
new RequestQuoter((HttpServletRequest) request);
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null) {
httpResponse.setContentType("text/plain; charset=utf-8");
} else if (mime.startsWith("text/html")) {
// HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
} else if (mime.startsWith("application/xml")) {
httpResponse.setContentType("text/xml; charset=utf-8");
}
headerMap.forEach((k, v) -> httpResponse.addHeader(k, v));
chain.doFilter(quoted, httpResponse);
}
@Override
protected void doFilter(FilterChain filterChain, HttpServletRequest request,
HttpServletResponse response) throws IOException, ServletException {
// remove the filter-specific authentication information, so it doesn't get accidentally forwarded.
List<NameValuePair> newPairs = new LinkedList<NameValuePair>();
List<NameValuePair> pairs = URLEncodedUtils.parse(request.getQueryString(), Charset.forName("UTF-8"));
for (NameValuePair nvp : pairs) {
if (!USER_PARAM.equals(nvp.getName())) {
newPairs.add(nvp);
}
else {
request.setAttribute(USER_PARAM, nvp.getValue());
}
}
final String queryStringNoUser = URLEncodedUtils.format(newPairs, StandardCharsets.UTF_8);
HttpServletRequest requestWrapper = new HttpServletRequestWrapper(request) {
@Override
public String getQueryString() {
return queryStringNoUser;
}
};
super.doFilter(filterChain, requestWrapper, response);
}
/**
* This filter is to duplicate what could be considered buggy behavior, but Highlander Cerberus
* supports requests with repeating slashes such as `//v2/sts-auth` So we will just trim extra
* slashes and do the chain with the sanitized uri.
*/
@Bean
public OncePerRequestFilter trimExtraSlashesFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
var req = request.getRequestURI();
if (req.contains("//")) {
var sanitizedUri = StringUtils.replace(req, "//", "/");
filterChain.doFilter(
new HttpServletRequestWrapper(request) {
@Override
public String getRequestURI() {
return sanitizedUri;
}
},
response);
} else {
filterChain.doFilter(request, response);
}
}
};
}
private HttpServletRequest wrapRequest(final HttpServletRequest request, boolean jukebox) {
final String playerId = createPlayerIfNecessary(request, jukebox);
return new HttpServletRequestWrapper(request) {
@Override
public String getParameter(String name) {
// Returns the correct player to be used in PlayerService.getPlayer()
if ("player".equals(name)) {
return playerId;
}
// Support old style ID parameters.
if ("id".equals(name)) {
return mapId(request.getParameter("id"));
}
return super.getParameter(name);
}
};
}
@Test
public void testGetAudtLogMsgBuilder() {
List<String> roles = Arrays.asList("role1", "role2");
Principal principal = SimplePrincipal.create("athenz", "creds", roles, null);
RsrcCtxWrapper ctx = Mockito.mock(RsrcCtxWrapper.class);
Mockito.when(ctx.principal()).thenReturn(principal);
HttpServletRequestWrapper request = Mockito.mock(HttpServletRequestWrapper.class);
Mockito.when(ctx.request()).thenReturn(request);
Mockito.when(request.getRemoteAddr()).thenReturn("10.11.12.13");
AuditLoggerFactory factory = new DefaultAuditLoggerFactory();
AuditLogger auditLogger = factory.create();
AuditLogMsgBuilder msgBuilder = ZMSUtils.getAuditLogMsgBuilder(ctx, auditLogger, "athenz",
"audit-ref", "unit-test", "putRole");
assertNotNull(msgBuilder);
assertTrue(msgBuilder.who().contains("who-roles=[role1, role2]"), msgBuilder.who());
}
public HttpServletRequest wrapRequest(
final HttpSession session, final HttpServletRequest httpReq, final Subject subject) {
return new HttpServletRequestWrapper(httpReq) {
private final HttpSession httpSession = session;
@Override
public String getRemoteUser() {
return subject.getUserName();
}
@Override
public Principal getUserPrincipal() {
return new Principal() {
@Override
public String getName() {
return subject.getUserName();
}
};
}
@Override
public HttpSession getSession() {
return httpSession;
}
};
}
private static ServletRequest withDispatcher(ServletRequest servletRequest,
final DynamicServletPipeline servletPipeline)
{
if (!servletPipeline.hasServletsMapped()) {
return servletRequest;
}
return new HttpServletRequestWrapper((HttpServletRequest) servletRequest)
{
@Override
public RequestDispatcher getRequestDispatcher(String path) {
final RequestDispatcher dispatcher = servletPipeline.getRequestDispatcher(path);
return (null != dispatcher) ? dispatcher : super.getRequestDispatcher(path);
}
};
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(new HttpServletRequestWrapper(
(HttpServletRequest) request) {
@Override
public String getRequestURI() {
try {
return URLDecoder.decode(super.getRequestURI(), "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new IllegalStateException(
"Cannot decode request URI.", e);
}
}
}, response);
}
/**
* Process.
*
* @param request the req
* @param response the Http response
*/
@RequestMapping(value = "*")
public void process(HttpServletRequest request, HttpServletResponse response) {
OData odata = OData.newInstance();
ServiceMetadata edm = odata.createServiceMetadata(edmProvider,
new ArrayList<EdmxReference>());
ODataHttpHandler handler = odata.createHandler(edm);
handler.register(enityCollectionProcessor);
handler.process(new HttpServletRequestWrapper(request) {
// Spring MVC matches the whole path as the servlet path
// Olingo wants just the prefix, ie upto /odata, so that it
// can parse the rest of it as an OData path. So we need to override
// getServletPath()
@Override
public String getServletPath() {
return EDMController.URI;
}
}, response);
}