com.bea.wsrp.consumer.resource
Class WsrpResourceServletInterceptor

java.lang.Object
  com.bea.wsrp.consumer.resource.DefaultSecurityCheckResourceServletInterceptor
      com.bea.wsrp.consumer.resource.WsrpResourceServletInterceptor

All Implemented Interfaces

IResourceServletInterceptor

public class WsrpResourceServletInterceptor
extends DefaultSecurityCheckResourceServletInterceptor

Field Summary

protected static javax.mail.internet.ContentType	APPLICATION_X_WWW_FORM_URLENCODED application/x-www-form-urlencoded
protected static String	MIME_TYPE_WILD suffix for wild-card mime types e.g: text/*
static HashSet<String>	RESPONSE_HEADERS_TO_SKIP By default, the following response headers will not be sent to the client (Must be lower-case) content-length proxy-authenticate www-authenticate transfer-encoding

Constructor Summary

WsrpResourceServletInterceptor()

Method Summary

protected void	addSkipParameterNames(IResourceServletRequestContext requestContext) Parameters not to send to the producer
protected List<String>	cookieCheck(List<String> cookieList) parse the cookies and block the consumer's JSESSION cookie
protected void	filterResponseHeaders(Map<String,List<String>> headers) Remove any unwanted headers from the response
protected PortletParameters	getAdditionalSecurityParameters() Get the security token parameter(s)
protected int	getConnectionEstablishmentTimeoutMSecs(IResourceServletRequestContext requestContext) Get the time-out for a connection to be established
protected int	getConnectionTimeoutMSecs(IResourceServletRequestContext requestContext) Get the time-out for a connection to be read
protected List<String>	getResponseCookies() Get the Set-Cookie values to add the response
protected String	getWindowLabel() Get the portlet's window label
protected boolean	isRewriteResource() Should the resource be rewritten
protected boolean	isTargetUrlNotMatchedByListsAllowed(IResourceServletRequestContext requestContext) Is the target URL allowed, it did not match any white or black list
void	onServletInit(javax.servlet.ServletConfig config) Setup the resource connection and header filter and the URL param from init-params
Status.PostInvoke	postInvoke(IResourceServletRequestContext requestContext, IResourceServletResponseContext responseContext) Rewrite the response (if needed) and add any Set-Cookie headers
protected Status.PreInvoke	preInvokeSetupRequestContext(IResourceServletRequestContext requestContext) Set the target URL or forward path along with other connection info
protected byte[]	readInputStream(IResourceServletRequestContext requestContext) Pre-read the intput stream so that reading POST parameters doesn't foul it up
protected void	sendPortletCookies(IResourceServletRequestContext requestContext) Add the producer's cookies to the url connection
protected void	sendPortletCookies(IResourceServletRequestContext requestContext, com.bea.wsrp.consumer.registry.ProducerRegistry producerRegistry) Sends portlet scoped cookies (init cookies + portlet app cookies).
protected void	sendRequestHeaders(ResourceHeaders headers, HttpURLConnection connection) Sends request headers.
protected void	setAdditionalSecurityParameters(PortletParameters additionalSecurityParameters) Set the security token parameters
protected void	setConnectionTimeouts(IResourceServletRequestContext requestContext) Set the timeouts on the URL connection
protected void	setResponseCookies(List<String> responseCookies) Set the list of cookies to add to the response
protected void	setRewriteResource(boolean rewriteResource) Should the resource be rewritten
protected void	setWindowLabel(String windowLabel) Set the portlet's window label

Methods inherited from class com.bea.wsrp.consumer.resource.DefaultSecurityCheckResourceServletInterceptor

createPattern, getErrorMessage, getForwardBlackList, getForwardWhiteList, getStatusCode, getTargetUrlBlackList, getTargetUrlWhiteList, isForwardPathAllowed, isSecurityTokenValid, isTargetUrlAllowed, matchesPatterns, onIOFailure, onServletDestroy, preInvoke, preInvokeSecurityCheck, setErrorMessage, setStatusCode

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESPONSE_HEADERS_TO_SKIP

public static HashSet<String> RESPONSE_HEADERS_TO_SKIP

By default, the following response headers will not be sent to the client (Must be lower-case)

• content-length
• proxy-authenticate
• www-authenticate
• transfer-encoding

MIME_TYPE_WILD

protected static final String MIME_TYPE_WILD

suffix for wild-card mime types e.g: text/*

See Also

Constants Summary

APPLICATION_X_WWW_FORM_URLENCODED

protected static final javax.mail.internet.ContentType APPLICATION_X_WWW_FORM_URLENCODED

application/x-www-form-urlencoded

Constructor Detail

WsrpResourceServletInterceptor

public WsrpResourceServletInterceptor()

Method Detail

onServletInit

public void onServletInit(javax.servlet.ServletConfig config)
                   throws javax.servlet.ServletException

Setup the resource connection and header filter and the URL param from init-params

Specified by:

onServletInit in interface IResourceServletInterceptor

Overrides:

onServletInit in class DefaultSecurityCheckResourceServletInterceptor

Parameters

config - The servlet config

Throws

javax.servlet.ServletException - If the interceptor throws an ServletException it will be handled by the servlet container.

isTargetUrlNotMatchedByListsAllowed

protected boolean isTargetUrlNotMatchedByListsAllowed(IResourceServletRequestContext requestContext)

Is the target URL allowed, it did not match any white or black list

Overrides:

isTargetUrlNotMatchedByListsAllowed in class DefaultSecurityCheckResourceServletInterceptor

Parameters

The - request context

Returns

true if its a known producer URL or the connection filter has been set and return true

See Also

DefaultSecurityCheckResourceServletInterceptor.preInvoke(IResourceServletRequestContext), IResourceServletRequestContext.getTargetURL()

preInvokeSetupRequestContext

protected Status.PreInvoke preInvokeSetupRequestContext(IResourceServletRequestContext requestContext)
                                                 throws IOException

Set the target URL or forward path along with other connection info

Specified by:

preInvokeSetupRequestContext in class DefaultSecurityCheckResourceServletInterceptor

Parameters

requestContext - the request context

Returns

CONTINUE_CHAIN unless an error occurs

Throws

if - there's a problem setting up the connection

IOException - If there's a problem setting up the request context

readInputStream

protected final byte[] readInputStream(IResourceServletRequestContext requestContext)
                                throws IOException

Pre-read the intput stream so that reading POST parameters doesn't foul it up

Parameters

requestContext - the request context

Returns

the bytep[] read in or null if there is none

Throws

IOException - If there's a problem reading the input stream

sendRequestHeaders

protected void sendRequestHeaders(ResourceHeaders headers,
                                  HttpURLConnection connection)

Sends request headers.

Parameters

headers -

connection -

sendPortletCookies

protected void sendPortletCookies(IResourceServletRequestContext requestContext,
                                  com.bea.wsrp.consumer.registry.ProducerRegistry producerRegistry)
                           throws IOException

Sends portlet scoped cookies (init cookies + portlet app cookies).

Parameters

targetURL -

request -

connection -

windowLabel -

Throws

IOException

sendPortletCookies

protected void sendPortletCookies(IResourceServletRequestContext requestContext)
                           throws IOException

Add the producer's cookies to the url connection

Parameters

requestContext - The request context

Throws

IOException - If there's a problem setting the cookie headers

getConnectionEstablishmentTimeoutMSecs

protected int getConnectionEstablishmentTimeoutMSecs(IResourceServletRequestContext requestContext)

Get the time-out for a connection to be established

Parameters

requestContext - the request context

Returns

the number of milliseconds to wait for connection establishment

getConnectionTimeoutMSecs

protected int getConnectionTimeoutMSecs(IResourceServletRequestContext requestContext)

Get the time-out for a connection to be read

Parameters

requestContext - the request context

Returns

the number of milliseconds to wait for a connection

setConnectionTimeouts

protected void setConnectionTimeouts(IResourceServletRequestContext requestContext)
                              throws IOException

Set the timeouts on the URL connection

Parameters

requestContext - the requyest context

Throws

IOException - If there's a problem setting the timeouts

addSkipParameterNames

protected void addSkipParameterNames(IResourceServletRequestContext requestContext)

Parameters not to send to the producer

Parameters

requestContext - the request context

postInvoke

public Status.PostInvoke postInvoke(IResourceServletRequestContext requestContext,
                                    IResourceServletResponseContext responseContext)
                             throws IOException

Rewrite the response (if needed) and add any Set-Cookie headers

Specified by:

postInvoke in interface IResourceServletInterceptor

Overrides:

postInvoke in class DefaultSecurityCheckResourceServletInterceptor

Parameters

requestContext - the request context

responseContext - the response context

Returns

Throws

IOException - If there's a problem reading from the URL connection

See Also

DefaultSecurityCheckResourceServletInterceptor.filterResponseHeaders(Map)

isRewriteResource

protected boolean isRewriteResource()

Should the resource be rewritten

Returns

true if it should be rewritten

setRewriteResource

protected void setRewriteResource(boolean rewriteResource)

Should the resource be rewritten

Parameters

rewriteResource - the value

getWindowLabel

protected String getWindowLabel()

Get the portlet's window label

Returns

the label

setWindowLabel

protected void setWindowLabel(String windowLabel)

Set the portlet's window label

Parameters

windowLabel - the lable

getAdditionalSecurityParameters

protected PortletParameters getAdditionalSecurityParameters()

Get the security token parameter(s)

Overrides:

getAdditionalSecurityParameters in class DefaultSecurityCheckResourceServletInterceptor

Returns

the parameters

setAdditionalSecurityParameters

protected void setAdditionalSecurityParameters(PortletParameters additionalSecurityParameters)

Set the security token parameters

Parameters

additionalSecurityParameters - the parameters

getResponseCookies

protected List<String> getResponseCookies()

Get the Set-Cookie values to add the response

Returns

the cookie header values

setResponseCookies

protected void setResponseCookies(List<String> responseCookies)

Set the list of cookies to add to the response

Parameters

responseCookies - The cookies in Set-Cookie header value format.

filterResponseHeaders

protected void filterResponseHeaders(Map<String,List<String>> headers)

Remove any unwanted headers from the response

Specified by:

filterResponseHeaders in class DefaultSecurityCheckResourceServletInterceptor

Parameters

the - headers to filter

See Also

RESPONSE_HEADERS_TO_SKIP

cookieCheck

protected List<String> cookieCheck(List<String> cookieList)

parse the cookies and block the consumer's JSESSION cookie

Parameters

the - original cookies

Returns

the cleaned list of cookies