Package org.apache.catalina.valves.rewrite

Class RewriteValve

  • All Implemented Interfaces:
    javax.management.MBeanRegistration, Contained, JmxEnabled, Lifecycle, Valve
    public class RewriteValve
extends ValveBase
    Note: Extra caution should be used when adding a Rewrite Rule. When specifying a regex to match for in a Rewrite Rule, certain regex could allow an attacker to DoS your server, as Java's regex parsing is vulnerable to "catastrophic backtracking" (also known as "Regular expression Denial of Service", or ReDoS). There are some open source tools to help detect vulnerable regex, though in general it is a hard problem. A good defence is to use a regex debugger on your desired regex, and read more on the subject of catastrophic backtracking.
    See Also:
    OWASP ReDoS

    • Field Detail

      • rules

        protected RewriteRule[] rules
        The rewrite rules that the valve will use.

      • invoked

        protected java.lang.ThreadLocal<java.lang.Boolean> invoked
        If rewriting occurs, the whole request will be processed again.

      • resourcePath

        protected java.lang.String resourcePath
        Relative path to the configuration file. Note: If the valve's container is a context, this will be relative to /WEB-INF/.

      • context

        protected boolean context
        Will be set to true if the valve is associated with a context.

      • enabled

        protected boolean enabled
        enabled this component

      • maps

        protected java.util.Map<java.lang.String,​RewriteMap> maps
        Maps to be used by the rules.

      • mapsConfiguration

        protected java.util.ArrayList<java.lang.String> mapsConfiguration
        Maps configuration.

    • Constructor Detail

      • RewriteValve

        public RewriteValve()

    • Method Detail

      • getEnabled

        public boolean getEnabled()

      • setEnabled

        public void setEnabled​(boolean enabled)

      • initInternal

        protected void initInternal()
                     throws LifecycleException
        Description copied from class: LifecycleMBeanBase
        Sub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.
        Overrides:
        initInternal in class ValveBase
        Throws:
        LifecycleException - If the initialisation fails

      • setConfiguration

        public void setConfiguration​(java.lang.String configuration)
                      throws java.lang.Exception
        Throws:
        java.lang.Exception

      • getConfiguration

        public java.lang.String getConfiguration()

      • invoke

        public void invoke​(Request request,
                   Response response)
            throws java.io.IOException,
                   ServletException
        Description copied from interface: Valve

        Perform request processing as required by this Valve.

        An individual Valve MAY perform the following actions, in the specified order:

        • Examine and/or modify the properties of the specified Request and Response.
        • Examine the properties of the specified Request, completely generate the corresponding Response, and return control to the caller.
        • Examine the properties of the specified Request and Response, wrap either or both of these objects to supplement their functionality, and pass them on.
        • If the corresponding Response was not generated (and control was not returned, call the next Valve in the pipeline (if there is one) by executing getNext().invoke().
        • Examine, but not modify, the properties of the resulting Response (which was created by a subsequently invoked Valve or Container).

        A Valve MUST NOT do any of the following things:

        • Change request properties that have already been used to direct the flow of processing control for this request (for instance, trying to change the virtual host to which a Request should be sent from a pipeline attached to a Host or Context in the standard implementation).
        • Create a completed Response AND pass this Request and Response on to the next Valve in the pipeline.
        • Consume bytes from the input stream associated with the Request, unless it is completely generating the response, or wrapping the request before passing it on.
        • Modify the HTTP headers included with the Response after the getNext().invoke() method has returned.
        • Perform any actions on the output stream associated with the specified Response after the getNext().invoke() method has returned.
        Parameters:
        request - The servlet request to be processed
        response - The servlet response to be created
        Throws:
        java.io.IOException - if an input/output error occurs, or is thrown by a subsequently invoked Valve, Filter, or Servlet
        ServletException - if a servlet error occurs, or is thrown by a subsequently invoked Valve, Filter, or Servlet

      • parse

        public static java.lang.Object parse​(java.lang.String line)
        This factory method will parse a line formed like: Example: RewriteCond %{REMOTE_HOST} ^host1.* [OR]
        Parameters:
        line - A line from the rewrite configuration
        Returns:
        The condition, rule or map resulting from parsing the line

      • parseCondFlag

        protected static void parseCondFlag​(java.lang.String line,
                                    RewriteCond condition,
                                    java.lang.String flag)
        Parser for RewriteCond flags.
        Parameters:
        line - The configuration line being parsed
        condition - The current condition
        flag - The flag

      • parseRuleFlag

        protected static void parseRuleFlag​(java.lang.String line,
                                    RewriteRule rule,
                                    java.lang.String flag)
        Parser for RewriteRule flags.
        Parameters:
        line - The configuration line being parsed
        rule - The current rule
        flag - The flag