Class RequestFilterValve

java.lang.Object
All Implemented Interfaces:
MBeanRegistration, Contained, JmxEnabled, Lifecycle, Valve
Direct Known Subclasses:
RemoteAddrValve, RemoteCIDRValve, RemoteHostValve

public abstract class RequestFilterValve extends ValveBase
Implementation of a Valve that performs filtering based on comparing the appropriate request property (selected based on which subclass you choose to configure into your Container's pipeline) against the regular expressions configured for this Valve.

This valve is configured by setting the allow and/or deny properties to a regular expressions (in the syntax supported by Pattern) to which the appropriate request property will be compared. Evaluation proceeds as follows:

  • The subclass extracts the request property to be filtered, and calls the common process() method.
  • If there is a deny expression configured, the property will be compared to the expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
  • If there is a allow expression configured, the property will be compared to each such expression. If a match is found, this request will be allowed to pass through to the next Valve in the current pipeline.
  • If a deny expression was specified but no allow expression, allow this request to pass through (because none of the deny expressions matched it).
  • The request will be rejected with a "Forbidden" HTTP response.

As an option the valve can generate an invalid authenticate header instead of denying the request. This can be combined with the context attribute preemptiveAuthentication="true" and an authenticator to force authentication instead of denial.

This Valve may be attached to any Container, depending on the granularity of the filtering you wish to perform.

Author:
Craig R. McClanahan