org.apache.catalina.valves: abstract public class: RequestFilterValve

org.apache.catalina.valves
abstract public class: RequestFilterValve [javadoc | source]

java.lang.Object
   org.apache.catalina.valves.ValveBase
      org.apache.catalina.valves.RequestFilterValve

All Implemented Interfaces:
Valve, MBeanRegistration, Contained

Direct Known Subclasses:
RemoteHostValve, RemoteAddrValve

Implementation of a Valve that performs filtering based on comparing the appropriate request property (selected based on which subclass you choose to configure into your Container's pipeline) against a set of regular expressions configured for this Valve.

This valve is configured by setting the allow and/or deny properties to a comma-delimited list of regular expressions (in the syntax supported by the jakarta-regexp library) to which the appropriate request property will be compared. Evaluation proceeds as follows:

The subclass extracts the request property to be filtered, and calls the common process() method.
If there are any deny expressions configured, the property will be compared to each such expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
If there are any allow expressions configured, the property will be compared to each such expression. If a match is found, this request will be allowed to pass through to the next Valve in the current pipeline.
If one or more deny expressions was specified but no allow expressions, allow this request to pass through (because none of the deny expressions matched it).
The request will be rejected with a "Forbidden" HTTP response.

This Valve may be attached to any Container, depending on the granularity of the filtering you wish to perform.

author: Craig - R. McClanahan

version: $ - Revision: 467222 $ $Date: 2006-10-24 05:17:11 +0200 (mar., 24 oct. 2006) $

Field Summary
protected static StringManager	sm	The StringManager for this package.
protected String	allow	The comma-delimited set of `allow` expressions.
protected Pattern[]	allows	The set of `allow` regular expressions we will evaluate.
protected Pattern[]	denies	The set of `deny` regular expressions we will evaluate.
protected String	deny	The comma-delimited set of `deny` expressions.

Fields inherited from org.apache.catalina.valves.ValveBase:
container, containerLog, info, next, sm, domain, oname, mserver, controller

Method from org.apache.catalina.valves.RequestFilterValve Summary:
getAllow, getDeny, getInfo, invoke, precalculate, process, setAllow, setDeny

Methods from org.apache.catalina.valves.ValveBase:
backgroundProcess, createObjectName, event, getContainer, getContainerName, getController, getDomain, getInfo, getNext, getObjectName, getParentName, invoke, postDeregister, postRegister, preDeregister, preRegister, setContainer, setController, setNext, setObjectName, toString

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.catalina.valves.RequestFilterValve Detail:
public String getAllow() { // ------------------------------------------------------------- Properties return (this.allow); } Return a comma-delimited set of the `allow` expressions configured for this Valve, if any; otherwise, return `null`.
public String getDeny() { return (this.deny); } Return a comma-delimited set of the `deny` expressions configured for this Valve, if any; otherwise, return `null`.
public String getInfo() { return (info); } Return descriptive information about this Valve implementation.
abstract public void invoke(Request request, Response response) throws IOException, ServletException Extract the desired request property, and pass it (along with the specified request and response objects) to the protected `process()` method to perform the actual filtering. This method must be implemented by a concrete subclass.
protected Pattern[] precalculate(String list) { if (list == null) return (new Pattern[0]); list = list.trim(); if (list.length() < 1) return (new Pattern[0]); list += ","; ArrayList reList = new ArrayList(); while (list.length() > 0) { int comma = list.indexOf(',"); if (comma < 0) break; String pattern = list.substring(0, comma).trim(); try { reList.add(Pattern.compile(pattern)); } catch (PatternSyntaxException e) { IllegalArgumentException iae = new IllegalArgumentException (sm.getString("requestFilterValve.syntax", pattern)); iae.initCause(e); throw iae; } list = list.substring(comma + 1); } Pattern reArray[] = new Pattern[reList.size()]; return ((Pattern[]) reList.toArray(reArray)); } Return an array of regular expression objects initialized from the specified argument, which must be `null` or a comma-delimited list of regular expression patterns.
protected void process(String property, Request request, Response response) throws IOException, ServletException { // Check the deny patterns, if any for (int i = 0; i < denies.length; i++) { if (denies[i].matcher(property).matches()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); return; } } // Check the allow patterns, if any for (int i = 0; i < allows.length; i++) { if (allows[i].matcher(property).matches()) { getNext().invoke(request, response); return; } } // Allow if denies specified but not allows if ((denies.length > 0) && (allows.length == 0)) { getNext().invoke(request, response); return; } // Deny this request response.sendError(HttpServletResponse.SC_FORBIDDEN); } Perform the filtering that has been configured for this Valve, matching against the specified request property.
public void setAllow(String allow) { this.allow = allow; allows = precalculate(allow); } Set the comma-delimited set of the `allow` expressions configured for this Valve, if any.
public void setDeny(String deny) { this.deny = deny; denies = precalculate(deny); } Set the comma-delimited set of the `deny` expressions configured for this Valve, if any.

Method from org.apache.catalina.valves.RequestFilterValve Detail:

 public String getAllow() {
    // ------------------------------------------------------------- Properties
        return (this.allow);
}

allow

null

 public String getDeny() {
        return (this.deny);
}

deny

null

 public String getInfo() {
        return (info);
}

Return descriptive information about this Valve implementation.

 abstract public  void invoke(Request request,
    Response response) throws IOException, ServletExceptionExtract the desired request property, and pass it (along with the
specified request and response objects) to the protected
process() method to perform the actual filtering.
This method must be implemented by a concrete subclass.

 protected Pattern[] precalculate(String list) {
        if (list == null)
            return (new Pattern[0]);
        list = list.trim();
        if (list.length() <  1)
            return (new Pattern[0]);
        list += ",";
        ArrayList reList = new ArrayList();
        while (list.length()  > 0) {
            int comma = list.indexOf(',");
            if (comma <  0)
                break;
            String pattern = list.substring(0, comma).trim();
            try {
                reList.add(Pattern.compile(pattern));
            } catch (PatternSyntaxException e) {
                IllegalArgumentException iae = new IllegalArgumentException
                    (sm.getString("requestFilterValve.syntax", pattern));
                iae.initCause(e);
                throw iae;
            }
            list = list.substring(comma + 1);
        }
        Pattern reArray[] = new Pattern[reList.size()];
        return ((Pattern[]) reList.toArray(reArray));
}

null

 protected  void process(String property,
    Request request,
    Response response) throws IOException, ServletException {
        // Check the deny patterns, if any
        for (int i = 0; i <  denies.length; i++) {
            if (denies[i].matcher(property).matches()) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
        }
        // Check the allow patterns, if any
        for (int i = 0; i <  allows.length; i++) {
            if (allows[i].matcher(property).matches()) {
                getNext().invoke(request, response);
                return;
            }
        }
        // Allow if denies specified but not allows
        if ((denies.length  > 0) && (allows.length == 0)) {
            getNext().invoke(request, response);
            return;
        }
        // Deny this request
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
}

Perform the filtering that has been configured for this Valve, matching against the specified request property.

 public  void setAllow(String allow) {
        this.allow = allow;
        allows = precalculate(allow);
}

allow

 public  void setDeny(String deny) {
        this.deny = deny;
        denies = precalculate(deny);
}

deny