public abstract class RequestFilterValve extends ValveBase
This valve is configured by setting the allow
and/or
deny
properties to a regular expressions (in the syntax
supported by Pattern
) to which the appropriate request property will
be compared. Evaluation proceeds as follows:
process()
method.
As an option the valve can generate an invalid authenticate
header instead of denying the request. This can be combined with the
context attribute preemptiveAuthentication="true"
and an
authenticator to force authentication instead of denial.
This Valve may be attached to any Container, depending on the granularity of the filtering you wish to perform.
Lifecycle.SingleUse
Modifier and Type | Field and Description |
---|---|
protected java.util.regex.Pattern |
allow
The regular expression used to test for allowed requests.
|
protected boolean |
allowValid
Helper variable to catch configuration errors.
|
protected java.lang.String |
allowValue
The current allow configuration value that may or may not compile into a
valid
Pattern . |
protected java.util.regex.Pattern |
deny
The regular expression used to test for denied requests.
|
protected int |
denyStatus
The HTTP response status code that is used when rejecting denied
request.
|
protected boolean |
denyValid
Helper variable to catch configuration errors.
|
protected java.lang.String |
denyValue
The current deny configuration value that may or may not compile into a
valid
Pattern . |
asyncSupported, container, containerLog, next, sm
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
RequestFilterValve() |
Modifier and Type | Method and Description |
---|---|
protected void |
denyRequest(Request request,
Response response)
Reject the request that was denied by this valve.
|
boolean |
getAddConnectorPort()
Get the flag deciding whether we add the server connector port to the
property compared in the filtering method.
|
java.lang.String |
getAllow()
Return the regular expression used to test for allowed requests for this
Valve, if any; otherwise, return
null . |
java.lang.String |
getDeny()
Return the regular expression used to test for denied requests for this
Valve, if any; otherwise, return
null . |
int |
getDenyStatus()
Return response status code that is used to reject denied request.
|
boolean |
getInvalidAuthenticationWhenDeny()
Return true if a deny is handled by setting an invalid auth header.
|
protected abstract Log |
getLog() |
protected void |
initInternal()
Sub-classes wishing to perform additional initialization should override
this method, ensuring that super.initInternal() is the first call in the
overriding method.
|
abstract void |
invoke(Request request,
Response response)
Extract the desired request property, and pass it (along with the
specified request and response objects) to the protected
process() method to perform the actual filtering. |
boolean |
isAllowed(java.lang.String property)
Perform the test implemented by this Valve, matching against the
specified request property value.
|
boolean |
isAllowValid()
Returns
false if the last change to the allow pattern did
not apply successfully. |
boolean |
isDenyValid()
Returns
false if the last change to the deny pattern did
not apply successfully. |
protected void |
process(java.lang.String property,
Request request,
Response response)
Perform the filtering that has been configured for this Valve, matching
against the specified request property.
|
void |
setAddConnectorPort(boolean addConnectorPort)
Set the flag deciding whether we add the server connector port to the
property compared in the filtering method.
|
void |
setAllow(java.lang.String allow)
Set the regular expression used to test for allowed requests for this
Valve, if any.
|
void |
setDeny(java.lang.String deny)
Set the regular expression used to test for denied requests for this
Valve, if any.
|
void |
setDenyStatus(int denyStatus)
Set response status code that is used to reject denied request.
|
void |
setInvalidAuthenticationWhenDeny(boolean value)
Set invalidAuthenticationWhenDeny property.
|
protected void |
startInternal()
Start this component and implement the requirements
of
LifecycleBase.startInternal() . |
backgroundProcess, event, getContainer, getDomainInternal, getNext, getObjectNameKeyProperties, isAsyncSupported, setAsyncSupported, setContainer, setNext, stopInternal, toString
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected volatile java.util.regex.Pattern allow
protected volatile java.lang.String allowValue
Pattern
.protected volatile boolean allowValid
true
by default, but becomes false
if there was an attempt to assign an invalid value to the
allow
pattern.protected volatile java.util.regex.Pattern deny
protected volatile java.lang.String denyValue
Pattern
.protected volatile boolean denyValid
true
by default, but becomes false
if there was an attempt to assign an invalid value to the
deny
pattern.protected int denyStatus
public java.lang.String getAllow()
null
.public void setAllow(java.lang.String allow)
allow
- The new allow expressionpublic java.lang.String getDeny()
null
.public void setDeny(java.lang.String deny)
deny
- The new deny expressionpublic final boolean isAllowValid()
false
if the last change to the allow
pattern did
not apply successfully. E.g. if the pattern is syntactically
invalid.public final boolean isDenyValid()
false
if the last change to the deny
pattern did
not apply successfully. E.g. if the pattern is syntactically
invalid.public int getDenyStatus()
public void setDenyStatus(int denyStatus)
public boolean getInvalidAuthenticationWhenDeny()
public void setInvalidAuthenticationWhenDeny(boolean value)
public boolean getAddConnectorPort()
true
to add the connector portpublic void setAddConnectorPort(boolean addConnectorPort)
addConnectorPort
- The new flagpublic abstract void invoke(Request request, Response response) throws java.io.IOException, ServletException
process()
method to perform the actual filtering.
This method must be implemented by a concrete subclass.invoke
in interface Valve
invoke
in class ValveBase
request
- The servlet request to be processedresponse
- The servlet response to be createdjava.io.IOException
- if an input/output error occursServletException
- if a servlet error occursprotected void initInternal() throws LifecycleException
LifecycleMBeanBase
initInternal
in class ValveBase
LifecycleException
protected void startInternal() throws LifecycleException
ValveBase
LifecycleBase.startInternal()
.startInternal
in class ValveBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void process(java.lang.String property, Request request, Response response) throws java.io.IOException, ServletException
property
- The request property on which to filterrequest
- The servlet request to be processedresponse
- The servlet response to be processedjava.io.IOException
- if an input/output error occursServletException
- if a servlet error occursprotected abstract Log getLog()
protected void denyRequest(Request request, Response response) throws java.io.IOException, ServletException
If invalidAuthenticationWhenDeny
is true
and the context has preemptiveAuthentication
set, set an invalid authorization header to trigger basic auth.
request
- The servlet request to be processedresponse
- The servlet response to be processedjava.io.IOException
- if an input/output error occursServletException
- if a servlet error occurspublic boolean isAllowed(java.lang.String property)
property
- The request property value on which to filterCopyright © 2000-2018 Apache Software Foundation. All Rights Reserved.