Package org.apache.catalina.filters

Class RequestFilter

  • All Implemented Interfaces:
    Filter
    Direct Known Subclasses:
    RemoteAddrFilter, RemoteHostFilter
    public abstract class RequestFilter
extends FilterBase
    Implementation of a Filter that performs filtering based on comparing the appropriate request property (selected based on which subclass you choose to configure into your Container's pipeline) against the regular expressions configured for this Filter.

    This filter is configured by setting the allow and/or deny properties to a regular expressions (in the syntax supported by Pattern) to which the appropriate request property will be compared. Evaluation proceeds as follows:

    • The subclass extracts the request property to be filtered, and calls the common process() method.
    • If there is a deny expression configured, the property will be compared to the expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
    • If there is a allow expression configured, the property will be compared to the expression. If a match is found, this request will be allowed to pass through to the next filter in the current pipeline.
    • If a deny expression was specified but no allow expression, allow this request to pass through (because none of the deny expressions matched it).
    • The request will be rejected with a "Forbidden" HTTP response.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected java.util.regex.Pattern allow
      The regular expression used to test for allowed requests.
      protected java.util.regex.Pattern deny
      The regular expression used to test for denied requests.
      protected int denyStatus
      The HTTP response status code that is used when rejecting denied request.

      • Fields inherited from class org.apache.catalina.filters.FilterBase

        sm

    • Constructor Summary

      Constructors 
      Constructor Description
      RequestFilter()  

    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      abstract void doFilter​(ServletRequest request, ServletResponse response, FilterChain chain)
      Extract the desired request property, and pass it (along with the specified request and response objects) to the protected process() method to perform the actual filtering.
      java.lang.String getAllow()  
      java.lang.String getDeny()  
      int getDenyStatus()  
      protected boolean isConfigProblemFatal()
      Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
      protected void process​(java.lang.String property, ServletRequest request, ServletResponse response, FilterChain chain)
      Perform the filtering that has been configured for this Filter, matching against the specified request property.
      void setAllow​(java.lang.String allow)
      Set the regular expression used to test for allowed requests for this Filter, if any.
      void setDeny​(java.lang.String deny)
      Set the regular expression used to test for denied requests for this Filter, if any.
      void setDenyStatus​(int denyStatus)
      Set response status code that is used to reject denied request.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • allow

        protected java.util.regex.Pattern allow
        The regular expression used to test for allowed requests.

      • deny

        protected java.util.regex.Pattern deny
        The regular expression used to test for denied requests.

      • denyStatus

        protected int denyStatus
        The HTTP response status code that is used when rejecting denied request. It is 403 by default, but may be changed to be 404.

    • Constructor Detail

      • RequestFilter

        public RequestFilter()

    • Method Detail

      • getAllow

        public java.lang.String getAllow()
        Returns:
        the regular expression used to test for allowed requests for this Filter, if any; otherwise, return null.

      • setAllow

        public void setAllow​(java.lang.String allow)
        Set the regular expression used to test for allowed requests for this Filter, if any.
        Parameters:
        allow - The new allow expression

      • getDeny

        public java.lang.String getDeny()
        Returns:
        the regular expression used to test for denied requests for this Filter, if any; otherwise, return null.

      • setDeny

        public void setDeny​(java.lang.String deny)
        Set the regular expression used to test for denied requests for this Filter, if any.
        Parameters:
        deny - The new deny expression

      • getDenyStatus

        public int getDenyStatus()
        Returns:
        response status code that is used to reject denied request.

      • setDenyStatus

        public void setDenyStatus​(int denyStatus)
        Set response status code that is used to reject denied request.
        Parameters:
        denyStatus - The status code for deny

      • doFilter

        public abstract void doFilter​(ServletRequest request,
                              ServletResponse response,
                              FilterChain chain)
                       throws java.io.IOException,
                              ServletException
        Extract the desired request property, and pass it (along with the specified request and response objects) to the protected process() method to perform the actual filtering. This method must be implemented by a concrete subclass.
        Parameters:
        request - The servlet request to be processed
        response - The servlet response to be created
        chain - The filter chain
        Throws:
        java.io.IOException - if an input/output error occurs
        ServletException - if a servlet error occurs

      • isConfigProblemFatal

        protected boolean isConfigProblemFatal()
        Description copied from class: FilterBase
        Determines if an exception when calling a setter or an unknown configuration attribute triggers the failure of the this filter which in turn will prevent the web application from starting.
        Overrides:
        isConfigProblemFatal in class FilterBase
        Returns:
        true if a problem should trigger the failure of this filter, else false

      • process

        protected void process​(java.lang.String property,
                       ServletRequest request,
                       ServletResponse response,
                       FilterChain chain)
                throws java.io.IOException,
                       ServletException
        Perform the filtering that has been configured for this Filter, matching against the specified request property.
        Parameters:
        property - The request property on which to filter
        request - The servlet request to be processed
        response - The servlet response to be processed
        chain - The filter chain
        Throws:
        java.io.IOException - if an input/output error occurs
        ServletException - if a servlet error occurs