org.terracotta.management.embedded.NoIaFilter Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of ehcache Show documentation

Ehcache is an open source, standards-based cache used to boost performance, offload the database and simplify scalability. Ehcache is robust, proven and full-featured and this has made it the most widely-used Java-based cache.

There is a newer version: 2.10.9.2

Show newest version

/*
 * All content copyright (c) 2003-2012 Terracotta, Inc., except as may otherwise be noted in a separate copyright
 * notice. All rights reserved.
 */
package org.terracotta.management.embedded;

import org.terracotta.management.resource.ErrorEntity;
import org.terracotta.management.resource.exceptions.ExceptionUtils;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * A servlet filter that prevents Identity Assertion requests from being processed. This is
 * useful to prevent non-secure agents from processing secure requests.
 *
 * @author Ludovic Orban
 */
public class NoIaFilter implements Filter {

    private static final String REQ_TICKET = "req-ticket";
    private static final String TC_ID_TOKEN = "tc-identity-token";
    private static final String ALIAS = "alias";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest)request;
        HttpServletResponse httpServletResponse = (HttpServletResponse)response;

        if (httpServletRequest.getHeader(REQ_TICKET) != null ||
                httpServletRequest.getHeader(TC_ID_TOKEN) != null ||
                httpServletRequest.getHeader(ALIAS) != null) {
            httpServletResponse.setContentType("application/json");
      ErrorEntity jsonError = ExceptionUtils.toErrorEntity(new ServletException(
          "Request cannot contain security headers"));
            httpServletResponse.getWriter().print(jsonError.toJSON());
            httpServletResponse.setStatus(400);
            return;
        }

        chain.doFilter(request, response);
    }

}