|
Oracle Fusion Middleware Java API for Oracle WebLogic Portal 10g Release 3 (10.3.4) E14255-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.bea.wsrp.consumer.resource.DefaultSecurityCheckResourceServletInterceptor
public abstract class DefaultSecurityCheckResourceServletInterceptor
The default base interceptor class for WSRP and Clipper resources. The class is responsible for checking security via white & black lists and the security token. Additionally, this class will handle error codes & messages and set response headers.
Constructor Summary | |
---|---|
DefaultSecurityCheckResourceServletInterceptor()
|
Method Summary | |
---|---|
protected Pattern |
createPattern(javax.servlet.ServletConfig config,
String initParamName)
Create a RE Pattern |
protected abstract void |
filterResponseHeaders(Map<String,List<String>> headers)
Filter the headers sent to the client on the response |
protected PortletParameters |
getAdditionalSecurityParameters()
Get any additional security parameters to pass to SecurityTokenUtils.isSecurityTokenValid() |
String |
getErrorMessage()
Get the error message if set |
static Set<Pattern> |
getForwardBlackList()
Get the list or forward black-list patterns |
protected Set<Pattern> |
getForwardWhiteList()
Get the list or forward white-list patterns |
int |
getStatusCode()
Get the response's status code |
protected Set<Pattern> |
getTargetUrlBlackList()
Get the list or target-URL black-list patterns |
protected Set<Pattern> |
getTargetUrlWhiteList()
Get the list or target-URL white-list patterns |
protected boolean |
isForwardPathAllowed(IResourceServletRequestContext requestContext)
Is the forward path allowed by the white & black lists |
protected boolean |
isSecurityTokenValid(IResourceServletRequestContext requestContext)
Check if the security token in URL is valid |
protected boolean |
isTargetUrlAllowed(IResourceServletRequestContext requestContext)
Do a security check (white & black list) on a target URL |
protected boolean |
isTargetUrlNotMatchedByListsAllowed(IResourceServletRequestContext requestContext)
This method is called when a target URL (not called on forward) is in neither the white-list nor the black-list. |
protected boolean |
matchesPatterns(Collection<Pattern> patterns,
String input)
Does input match one of patterns |
Status.OnIOFailure |
onIOFailure(IResourceServletRequestContext requestContext,
IResourceServletResponseContext responseContext,
Throwable t)
Handle and IOFailure |
void |
onServletDestroy()
Cleans up the white & black lists |
void |
onServletInit(javax.servlet.ServletConfig config)
Sets up the white and black lists |
Status.PostInvoke |
postInvoke(IResourceServletRequestContext requestContext,
IResourceServletResponseContext responseContext)
Called after the forward or target URL has happened Set the response contexts's status code error message headers |
Status.PreInvoke |
preInvoke(IResourceServletRequestContext requestContext)
Setup the request context & do security checks |
protected Status.PreInvoke |
preInvokeSecurityCheck(IResourceServletRequestContext requestContext)
Check the security token, white and black lists |
protected abstract Status.PreInvoke |
preInvokeSetupRequestContext(IResourceServletRequestContext requestContext)
Setup the request context |
void |
setErrorMessage(String errorMessage)
Set the response's error message |
void |
setStatusCode(int statusCode)
Set the response's status code |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public DefaultSecurityCheckResourceServletInterceptor()
Method Detail |
---|
public Status.OnIOFailure onIOFailure(IResourceServletRequestContext requestContext, IResourceServletResponseContext responseContext, Throwable t)
onIOFailure
in interface IResourceServletInterceptor
requestContext
- The current request contextresponseContext
- The current response contextt
- the error or exception
public void onServletDestroy()
onServletDestroy
in interface IResourceServletInterceptor
public void onServletInit(javax.servlet.ServletConfig config) throws javax.servlet.ServletException
onServletInit
in interface IResourceServletInterceptor
config
- the servlet config for getting init-params
javax.servlet.ServletException
- If the interceptor throws an ServletException it will be handled by the servlet container.protected Pattern createPattern(javax.servlet.ServletConfig config, String initParamName)
config
- the servlet's config to get the initParam frominitParamName
- the initParam's name
public Status.PostInvoke postInvoke(IResourceServletRequestContext requestContext, IResourceServletResponseContext responseContext) throws IOException
postInvoke
in interface IResourceServletInterceptor
requestContext
- The request contextresponseContext
- The response context
IOException
- If there's an issue getting data from the URL connectionfilterResponseHeaders(Map)
public Status.PreInvoke preInvoke(IResourceServletRequestContext requestContext) throws IOException
preInvoke
in interface IResourceServletInterceptor
requestContext
- The request context
IOException
- If there's a problem setting up the URL Connectionprotected abstract Status.PreInvoke preInvokeSetupRequestContext(IResourceServletRequestContext requestContext) throws IOException
requestContext
- the existing un-set (other than request, response and servlet context) request context
IOException
- If there's a problem setting up the request contextprotected Status.PreInvoke preInvokeSecurityCheck(IResourceServletRequestContext requestContext) throws IOException
requestContext
- The request context
IOException
- If there's an error checking the security tokenprotected boolean isSecurityTokenValid(IResourceServletRequestContext requestContext) throws IOException
requestContext
- The request token
IOException
- If there's an error checking the security tokenprotected PortletParameters getAdditionalSecurityParameters()
protected boolean isTargetUrlAllowed(IResourceServletRequestContext requestContext)
requestContext
- The request context
isTargetUrlNotMatchedByListsAllowed(IResourceServletRequestContext)
protected boolean isTargetUrlNotMatchedByListsAllowed(IResourceServletRequestContext requestContext)
requestContext
- the request's context to get the URL from.
preInvoke(IResourceServletRequestContext)
,
IResourceServletRequestContext.getTargetURL()
protected boolean isForwardPathAllowed(IResourceServletRequestContext requestContext)
requestContext
- the request contexyt
protected boolean matchesPatterns(Collection<Pattern> patterns, String input)
patterns
- The patterns to check againstinput
- the string to check
protected Set<Pattern> getTargetUrlWhiteList()
protected Set<Pattern> getTargetUrlBlackList()
protected Set<Pattern> getForwardWhiteList()
public String getErrorMessage()
public void setErrorMessage(String errorMessage)
errorMessage
- public static Set<Pattern> getForwardBlackList()
public int getStatusCode()
public void setStatusCode(int statusCode)
statusCode
- protected abstract void filterResponseHeaders(Map<String,List<String>> headers)
headers
- a mutable set of HTTP headers
|
Oracle Fusion Middleware Java API for Oracle WebLogic Portal 10g Release 3 (10.3.4) E14255-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |