All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.jetty.server.Request Maven / Gradle / Ivy

There is a newer version: 12.1.0.alpha0
Show newest version
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//

package org.eclipse.jetty.server;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnsupportedCharsetException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.EventListener;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.AsyncContext;
import javax.servlet.AsyncListener;
import javax.servlet.DispatcherType;
import javax.servlet.MultipartConfigElement;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestAttributeEvent;
import javax.servlet.ServletRequestAttributeListener;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletMapping;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUpgradeHandler;
import javax.servlet.http.Part;
import javax.servlet.http.PushBuilder;
import javax.servlet.http.WebConnection;

import org.eclipse.jetty.http.BadMessageException;
import org.eclipse.jetty.http.ComplianceViolation;
import org.eclipse.jetty.http.HostPortHttpField;
import org.eclipse.jetty.http.HttpCompliance;
import org.eclipse.jetty.http.HttpCookie;
import org.eclipse.jetty.http.HttpCookie.SetCookieHttpField;
import org.eclipse.jetty.http.HttpField;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpHeaderValue;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.HttpURI;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http.MetaData;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.http.UriCompliance;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.RuntimeIOException;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.ContextHandler.Context;
import org.eclipse.jetty.server.session.Session;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.util.Attributes;
import org.eclipse.jetty.util.AttributesMap;
import org.eclipse.jetty.util.HostPort;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.MultiMap;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.UrlEncoded;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static org.eclipse.jetty.http.HttpCompliance.Violation.MISMATCHED_AUTHORITY;

/**
 * Jetty Request.
 * 

* Implements {@link javax.servlet.http.HttpServletRequest} from the javax.servlet.http package. *

*

* The standard interface of mostly getters, is extended with setters so that the request is mutable by the handlers that it is passed to. This allows the * request object to be as lightweight as possible and not actually implement any significant behavior. For example *

    * *
  • the {@link Request#getContextPath()} method will return null, until the request has been passed to a {@link ContextHandler} which matches the * {@link Request#getPathInfo()} with a context path and calls {@link Request#setContext(Context,String)} as a result. For * some dispatch types (ie include and named dispatch) the context path may not reflect the {@link ServletContext} set * by {@link Request#setContext(Context, String)}.
  • * *
  • the HTTP session methods will all return null sessions until such time as a request has been passed to a * {@link org.eclipse.jetty.server.session.SessionHandler} which checks for session cookies and enables the ability to create new sessions.
  • * *
  • The {@link Request#getServletPath()} method will return "" until the request has been passed to a org.eclipse.jetty.servlet.ServletHandler * and the pathInfo matched against the servlet URL patterns and {@link Request#setServletPathMapping(ServletPathMapping)} called as a result.
  • *
* *

* A request instance is created for each connection accepted by the server and recycled for each HTTP request received via that connection. * An effort is made to avoid reparsing headers and cookies that are likely to be the same for requests from the same connection. *

*

* Request instances are recycled, which combined with badly written asynchronous applications can result in calls on requests that have been reset. * The code is written in a style to avoid NPE and ISE when such calls are made, as this has often proved generate exceptions that distraction * from debugging such bad asynchronous applications. Instead, request methods attempt to not fail when called in an illegal state, so that hopefully * the bad application will proceed to a major state event (eg calling AsyncContext.onComplete) which has better asynchronous guards, true atomic state * and better failure behaviour that will assist in debugging. *

*

* The form content that a request can process is limited to protect from Denial of Service attacks. The size in bytes is limited by * {@link ContextHandler#getMaxFormContentSize()} or if there is no context then the "org.eclipse.jetty.server.Request.maxFormContentSize" {@link Server} * attribute. The number of parameters keys is limited by {@link ContextHandler#getMaxFormKeys()} or if there is no context then the * "org.eclipse.jetty.server.Request.maxFormKeys" {@link Server} attribute. *

*

If IOExceptions or timeouts occur while reading form parameters, these are thrown as unchecked Exceptions: ether {@link RuntimeIOException}, * {@link BadMessageException} or {@link RuntimeException} as appropriate.

*/ public class Request implements HttpServletRequest { public static final String __MULTIPART_CONFIG_ELEMENT = "org.eclipse.jetty.multipartConfig"; private static final Logger LOG = LoggerFactory.getLogger(Request.class); private static final Collection __defaultLocale = Collections.singleton(Locale.getDefault()); private static final int INPUT_NONE = 0; private static final int INPUT_STREAM = 1; private static final int INPUT_READER = 2; private static final MultiMap NO_PARAMS = new MultiMap<>(); private static final MultiMap BAD_PARAMS = new MultiMap<>(); /** * Compare inputParameters to NO_PARAMS by Reference * * @param inputParameters The parameters to compare to NO_PARAMS * @return True if the inputParameters reference is equal to NO_PARAMS otherwise False */ private static boolean isNoParams(MultiMap inputParameters) { @SuppressWarnings("ReferenceEquality") boolean isNoParams = (inputParameters == NO_PARAMS); return isNoParams; } /** * Obtain the base {@link Request} instance of a {@link ServletRequest}, by * coercion, unwrapping or special attribute. * * @param request The request * @return the base {@link Request} instance of a {@link ServletRequest}. */ public static Request getBaseRequest(ServletRequest request) { if (request instanceof Request) return (Request)request; Object channel = request.getAttribute(HttpChannel.class.getName()); if (channel instanceof HttpChannel) return ((HttpChannel)channel).getRequest(); while (request instanceof ServletRequestWrapper) { request = ((ServletRequestWrapper)request).getRequest(); } if (request instanceof Request) return (Request)request; return null; } private final HttpChannel _channel; private final List _requestAttributeListeners = new ArrayList<>(); private final HttpInput _input; private MetaData.Request _metaData; private HttpFields _httpFields; private HttpFields _trailers; private HttpURI _uri; private String _method; private String _pathInContext; private ServletPathMapping _servletPathMapping; private Object _asyncNotSupportedSource = null; private boolean _secure; private boolean _newContext; private boolean _cookiesExtracted = false; private boolean _handled = false; private boolean _contentParamsExtracted; private boolean _requestedSessionIdFromCookie = false; private Attributes _attributes; private Authentication _authentication; private String _contentType; private String _characterEncoding; private ContextHandler.Context _context; private ContextHandler.Context _errorContext; private Cookies _cookies; private DispatcherType _dispatcherType; private int _inputState = INPUT_NONE; private BufferedReader _reader; private String _readerEncoding; private MultiMap _queryParameters; private MultiMap _contentParameters; private MultiMap _parameters; private Charset _queryEncoding; private InetSocketAddress _remote; private String _requestedSessionId; private UserIdentity.Scope _scope; private HttpSession _session; private SessionHandler _sessionHandler; private long _timeStamp; private MultiParts _multiParts; //if the request is a multi-part mime private AsyncContextState _async; private List _sessions; //list of sessions used during lifetime of request public Request(HttpChannel channel, HttpInput input) { _channel = channel; _input = input; } public HttpFields getHttpFields() { return _httpFields; } public void setHttpFields(HttpFields fields) { _httpFields = fields.asImmutable(); } @Override public Map getTrailerFields() { HttpFields trailersFields = getTrailerHttpFields(); if (trailersFields == null) return Collections.emptyMap(); Map trailers = new HashMap<>(); for (HttpField field : trailersFields) { String key = field.getName().toLowerCase(); String value = trailers.get(key); trailers.put(key, value == null ? field.getValue() : value + "," + field.getValue()); } return trailers; } public void setTrailerHttpFields(HttpFields trailers) { _trailers = trailers == null ? null : trailers.asImmutable(); } public HttpFields getTrailerHttpFields() { return _trailers; } public HttpInput getHttpInput() { return _input; } public boolean isPush() { return Boolean.TRUE.equals(getAttribute("org.eclipse.jetty.pushed")); } public boolean isPushSupported() { return !isPush() && getHttpChannel().getHttpTransport().isPushSupported(); } private static final EnumSet NOT_PUSHED_HEADERS = EnumSet.of( HttpHeader.IF_MATCH, HttpHeader.IF_RANGE, HttpHeader.IF_UNMODIFIED_SINCE, HttpHeader.RANGE, HttpHeader.EXPECT, HttpHeader.REFERER, HttpHeader.COOKIE, HttpHeader.AUTHORIZATION, HttpHeader.IF_NONE_MATCH, HttpHeader.IF_MODIFIED_SINCE ); @Override public PushBuilder newPushBuilder() { if (!isPushSupported()) return null; HttpFields.Mutable fields = HttpFields.build(getHttpFields(), NOT_PUSHED_HEADERS); HttpField authField = getHttpFields().getField(HttpHeader.AUTHORIZATION); //TODO check what to do for digest etc etc if (authField != null && getUserPrincipal() != null && authField.getValue().startsWith("Basic")) fields.add(authField); String id; try { HttpSession session = getSession(); if (session != null) { session.getLastAccessedTime(); // checks if session is valid id = session.getId(); } else id = getRequestedSessionId(); } catch (IllegalStateException e) { id = getRequestedSessionId(); } Map cookies = new HashMap<>(); Cookie[] existingCookies = getCookies(); if (existingCookies != null) { for (Cookie c: getCookies()) { cookies.put(c.getName(), c.getValue()); } } //Any Set-Cookies that were set on the response must be set as Cookies on the //PushBuilder, unless the max-age of the cookie is <= 0 HttpFields responseFields = getResponse().getHttpFields(); for (HttpField field : responseFields) { HttpHeader header = field.getHeader(); if (header == HttpHeader.SET_COOKIE) { HttpCookie cookie = (field instanceof SetCookieHttpField) ? ((SetCookieHttpField)field).getHttpCookie() : new HttpCookie(field.getValue()); if (cookie.getMaxAge() > 0) cookies.put(cookie.getName(), cookie.getValue()); else cookies.remove(cookie.getName()); } } if (!cookies.isEmpty()) { StringBuilder buff = new StringBuilder(); for (Map.Entry entry : cookies.entrySet()) { if (buff.length() > 0) buff.append("; "); buff.append(entry.getKey()).append('=').append(entry.getValue()); } fields.add(new HttpField(HttpHeader.COOKIE, buff.toString())); } PushBuilder builder = new PushBuilderImpl(this, fields, getMethod(), getQueryString(), id); builder.addHeader("referer", getRequestURL().toString()); return builder; } public void addEventListener(final EventListener listener) { if (listener instanceof ServletRequestAttributeListener) _requestAttributeListeners.add((ServletRequestAttributeListener)listener); if (listener instanceof AsyncListener) throw new IllegalArgumentException(listener.getClass().toString()); } /** * Remember a session that this request has just entered. * * @param s the session */ public void enterSession(HttpSession s) { if (!(s instanceof Session)) return; if (_sessions == null) _sessions = new ArrayList<>(); if (LOG.isDebugEnabled()) LOG.debug("Request {} entering session={}", this, s); _sessions.add((Session)s); } /** * Complete this request's access to a session. * * @param session the session */ private void leaveSession(Session session) { if (LOG.isDebugEnabled()) LOG.debug("Request {} leaving session {}", this, session); //try and scope to a request and context before leaving the session ServletContext ctx = session.getServletContext(); ContextHandler handler = ContextHandler.getContextHandler(ctx); if (handler == null) session.getSessionHandler().complete(session); else handler.handle(this, () -> session.getSessionHandler().complete(session)); } /** * A response is being committed for a session, * potentially write the session out before the * client receives the response. * * @param session the session */ private void commitSession(Session session) { if (LOG.isDebugEnabled()) LOG.debug("Response {} committing for session {}", this, session); //try and scope to a request and context before committing the session ServletContext ctx = session.getServletContext(); ContextHandler handler = ContextHandler.getContextHandler(ctx); if (handler == null) session.getSessionHandler().commit(session); else handler.handle(this, () -> session.getSessionHandler().commit(session)); } private MultiMap getParameters() { if (!_contentParamsExtracted) { // content parameters need boolean protection as they can only be read // once, but may be reset to null by a reset _contentParamsExtracted = true; // Extract content parameters; these cannot be replaced by a forward() // once extracted and may have already been extracted by getParts() or // by a processing happening after a form-based authentication. if (_contentParameters == null) { try { extractContentParameters(); } catch (IllegalStateException | IllegalArgumentException e) { LOG.warn(e.toString()); throw new BadMessageException("Unable to parse form content", e); } } } // Extract query string parameters; these may be replaced by a forward() // and may have already been extracted by mergeQueryParameters(). if (_queryParameters == null) extractQueryParameters(); // Do parameters need to be combined? if (isNoParams(_queryParameters) || _queryParameters.size() == 0) _parameters = _contentParameters; else if (isNoParams(_contentParameters) || _contentParameters.size() == 0) _parameters = _queryParameters; else if (_parameters == null) { _parameters = new MultiMap<>(); _parameters.addAllValues(_queryParameters); _parameters.addAllValues(_contentParameters); } // protect against calls to recycled requests (which is illegal, but // this gives better failures MultiMap parameters = _parameters; return parameters == null ? NO_PARAMS : parameters; } private void extractQueryParameters() { if (_uri == null || StringUtil.isEmpty(_uri.getQuery())) _queryParameters = NO_PARAMS; else { try { _queryParameters = new MultiMap<>(); UrlEncoded.decodeTo(_uri.getQuery(), _queryParameters, _queryEncoding); } catch (IllegalStateException | IllegalArgumentException e) { _queryParameters = BAD_PARAMS; throw new BadMessageException("Unable to parse URI query", e); } } } private boolean isContentEncodingSupported() { String contentEncoding = getHttpFields().get(HttpHeader.CONTENT_ENCODING); if (contentEncoding == null) return true; return HttpHeaderValue.IDENTITY.is(contentEncoding); } private void extractContentParameters() { String contentType = getContentType(); if (contentType == null || contentType.isEmpty()) _contentParameters = NO_PARAMS; else { _contentParameters = new MultiMap<>(); int contentLength = getContentLength(); if (contentLength != 0 && _inputState == INPUT_NONE) { String baseType = HttpField.valueParameters(contentType, null); if (MimeTypes.Type.FORM_ENCODED.is(baseType) && _channel.getHttpConfiguration().isFormEncodedMethod(getMethod())) { if (_metaData != null && !isContentEncodingSupported()) { throw new BadMessageException(HttpStatus.UNSUPPORTED_MEDIA_TYPE_415, "Unsupported Content-Encoding"); } extractFormParameters(_contentParameters); } else if (MimeTypes.Type.MULTIPART_FORM_DATA.is(baseType) && getAttribute(__MULTIPART_CONFIG_ELEMENT) != null && _multiParts == null) { try { if (_metaData != null && !isContentEncodingSupported()) { throw new BadMessageException(HttpStatus.UNSUPPORTED_MEDIA_TYPE_415, "Unsupported Content-Encoding"); } getParts(_contentParameters); } catch (IOException e) { String msg = "Unable to extract content parameters"; if (LOG.isDebugEnabled()) LOG.debug(msg, e); throw new RuntimeIOException(msg, e); } } } } } public void extractFormParameters(MultiMap params) { try { int maxFormContentSize = ContextHandler.DEFAULT_MAX_FORM_CONTENT_SIZE; int maxFormKeys = ContextHandler.DEFAULT_MAX_FORM_KEYS; if (_context != null) { ContextHandler contextHandler = _context.getContextHandler(); maxFormContentSize = contextHandler.getMaxFormContentSize(); maxFormKeys = contextHandler.getMaxFormKeys(); } else { maxFormContentSize = lookupServerAttribute(ContextHandler.MAX_FORM_CONTENT_SIZE_KEY, maxFormContentSize); maxFormKeys = lookupServerAttribute(ContextHandler.MAX_FORM_KEYS_KEY, maxFormKeys); } int contentLength = getContentLength(); if (maxFormContentSize >= 0 && contentLength > maxFormContentSize) throw new IllegalStateException("Form is larger than max length " + maxFormContentSize); InputStream in = getInputStream(); if (_input.isAsync()) throw new IllegalStateException("Cannot extract parameters with async IO"); UrlEncoded.decodeTo(in, params, getCharacterEncoding(), maxFormContentSize, maxFormKeys); } catch (IOException e) { String msg = "Unable to extract form parameters"; if (LOG.isDebugEnabled()) LOG.debug(msg, e); throw new RuntimeIOException(msg, e); } } private int lookupServerAttribute(String key, int dftValue) { Object attribute = _channel.getServer().getAttribute(key); if (attribute instanceof Number) return ((Number)attribute).intValue(); else if (attribute instanceof String) return Integer.parseInt((String)attribute); return dftValue; } @Override public AsyncContext getAsyncContext() { HttpChannelState state = getHttpChannelState(); if (_async == null || !state.isAsyncStarted()) throw new IllegalStateException(state.getStatusString()); return _async; } public HttpChannelState getHttpChannelState() { return _channel.getState(); } public ComplianceViolation.Listener getComplianceViolationListener() { if (_channel instanceof ComplianceViolation.Listener) { return (ComplianceViolation.Listener)_channel; } ComplianceViolation.Listener listener = _channel.getConnector().getBean(ComplianceViolation.Listener.class); if (listener == null) { listener = _channel.getServer().getBean(ComplianceViolation.Listener.class); } return listener; } /** * Get Request Attribute. *

* Also supports jetty specific attributes to gain access to Jetty APIs: *

*
org.eclipse.jetty.server.Server
The Jetty Server instance
*
org.eclipse.jetty.server.HttpChannel
The HttpChannel for this request
*
org.eclipse.jetty.server.HttpConnection
The HttpConnection or null if another transport is used
*
* While these attributes may look like security problems, they are exposing nothing that is not already * available via reflection from a Request instance. * * @see javax.servlet.ServletRequest#getAttribute(java.lang.String) */ @Override public Object getAttribute(String name) { if (name.startsWith("org.eclipse.jetty")) { if (Server.class.getName().equals(name)) return _channel.getServer(); if (HttpChannel.class.getName().equals(name)) return _channel; if (HttpConnection.class.getName().equals(name) && _channel.getHttpTransport() instanceof HttpConnection) return _channel.getHttpTransport(); } return (_attributes == null) ? null : _attributes.getAttribute(name); } @Override public Enumeration getAttributeNames() { if (_attributes == null) return Collections.enumeration(Collections.emptyList()); return AttributesMap.getAttributeNamesCopy(_attributes); } public Attributes getAttributes() { if (_attributes == null) _attributes = new ServletAttributes(); return _attributes; } /** * Get the authentication. * * @return the authentication */ public Authentication getAuthentication() { return _authentication; } @Override public String getAuthType() { if (_authentication instanceof Authentication.Deferred) setAuthentication(((Authentication.Deferred)_authentication).authenticate(this)); if (_authentication instanceof Authentication.User) return ((Authentication.User)_authentication).getAuthMethod(); return null; } @Override public String getCharacterEncoding() { if (_characterEncoding == null) { if (_context != null) _characterEncoding = _context.getRequestCharacterEncoding(); if (_characterEncoding == null) { String contentType = getContentType(); if (contentType != null) { MimeTypes.Type mime = MimeTypes.CACHE.get(contentType); String charset = (mime == null || mime.getCharset() == null) ? MimeTypes.getCharsetFromContentType(contentType) : mime.getCharset().toString(); if (charset != null) _characterEncoding = charset; } } } return _characterEncoding; } /** * @return Returns the connection. */ public HttpChannel getHttpChannel() { return _channel; } @Override public int getContentLength() { long contentLength = getContentLengthLong(); if (contentLength > Integer.MAX_VALUE) // Per ServletRequest#getContentLength() javadoc this must return -1 for values exceeding Integer.MAX_VALUE return -1; return (int)contentLength; } @Override public long getContentLengthLong() { // Even thought the metadata might know the real content length, // we always look at the headers because the length may be changed by interceptors. if (_httpFields == null) return -1; return _httpFields.getLongField(HttpHeader.CONTENT_LENGTH); } public long getContentRead() { return _input.getContentReceived(); } @Override public String getContentType() { if (_contentType == null) { MetaData.Request metadata = _metaData; _contentType = metadata == null ? null : metadata.getFields().get(HttpHeader.CONTENT_TYPE); } return _contentType; } /** * @return The current {@link Context context} used for this request, or null if {@link #setContext} has not yet been called. */ public Context getContext() { return _context; } /** * @return The current {@link Context context} used for this error handling for this request. If the request is asynchronous, * then it is the context that called async. Otherwise it is the last non-null context passed to #setContext */ public Context getErrorContext() { if (isAsyncStarted()) { ContextHandler handler = _channel.getState().getContextHandler(); if (handler != null) return handler.getServletContext(); } return _errorContext; } @Override public String getContextPath() { // The context path returned is normally for the current context. Except during a cross context // INCLUDE dispatch, in which case this method returns the context path of the source context, // which we recover from the IncludeAttributes wrapper. Context context; if (_dispatcherType == DispatcherType.INCLUDE) { Dispatcher.IncludeAttributes include = Attributes.unwrap(_attributes, Dispatcher.IncludeAttributes.class); context = (include == null) ? _context : include.getSourceContext(); } else { context = _context; } if (context == null) return null; return context.getContextHandler().getRequestContextPath(); } /** Get the path in the context. * * The path relative to the context path, analogous to {@link #getServletPath()} + {@link #getPathInfo()}. * If no context is set, then the path in context is the full path. * @return The decoded part of the {@link #getRequestURI()} path after any {@link #getContextPath()} * up to any {@link #getQueryString()}, excluding path parameters. * @see #setContext(Context, String) */ public String getPathInContext() { return _pathInContext; } @Override public Cookie[] getCookies() { MetaData.Request metadata = _metaData; if (metadata == null || _cookiesExtracted) { if (_cookies == null || _cookies.getCookies().length == 0) return null; return _cookies.getCookies(); } _cookiesExtracted = true; for (HttpField field : metadata.getFields()) { if (field.getHeader() == HttpHeader.COOKIE) { if (_cookies == null) _cookies = new Cookies(getHttpChannel().getHttpConfiguration().getRequestCookieCompliance(), getComplianceViolationListener()); _cookies.addCookieField(field.getValue()); } } //Javadoc for Request.getCookies() stipulates null for no cookies if (_cookies == null || _cookies.getCookies().length == 0) return null; return _cookies.getCookies(); } @Override public long getDateHeader(String name) { HttpFields fields = _httpFields; return fields == null ? -1 : fields.getDateField(name); } @Override public DispatcherType getDispatcherType() { return _dispatcherType; } @Override public String getHeader(String name) { HttpFields fields = _httpFields; return fields == null ? null : fields.get(name); } @Override public Enumeration getHeaderNames() { HttpFields fields = _httpFields; return fields == null ? Collections.emptyEnumeration() : fields.getFieldNames(); } @Override public Enumeration getHeaders(String name) { HttpFields fields = _httpFields; if (fields == null) return Collections.emptyEnumeration(); Enumeration e = fields.getValues(name); if (e == null) return Collections.enumeration(Collections.emptyList()); return e; } /** * @return Returns the inputState. */ public int getInputState() { return _inputState; } @Override public ServletInputStream getInputStream() throws IOException { if (_inputState != INPUT_NONE && _inputState != INPUT_STREAM) throw new IllegalStateException("READER"); _inputState = INPUT_STREAM; if (_channel.isExpecting100Continue()) _channel.continue100(_input.available()); return _input; } @Override public int getIntHeader(String name) { HttpFields fields = _httpFields; return fields == null ? -1 : (int)fields.getLongField(name); } @Override public Locale getLocale() { HttpFields fields = _httpFields; if (fields == null) return Locale.getDefault(); List acceptable = fields.getQualityCSV(HttpHeader.ACCEPT_LANGUAGE); // handle no locale if (acceptable.isEmpty()) return Locale.getDefault(); String language = acceptable.get(0); language = HttpField.stripParameters(language); String country = ""; int dash = language.indexOf('-'); if (dash > -1) { country = language.substring(dash + 1).trim(); language = language.substring(0, dash).trim(); } return new Locale(language, country); } @Override public Enumeration getLocales() { HttpFields fields = _httpFields; if (fields == null) return Collections.enumeration(__defaultLocale); List acceptable = fields.getQualityCSV(HttpHeader.ACCEPT_LANGUAGE); // handle no locale if (acceptable.isEmpty()) return Collections.enumeration(__defaultLocale); List locales = acceptable.stream().map(language -> { language = HttpField.stripParameters(language); String country = ""; int dash = language.indexOf('-'); if (dash > -1) { country = language.substring(dash + 1).trim(); language = language.substring(0, dash).trim(); } return new Locale(language, country); }).collect(Collectors.toList()); return Collections.enumeration(locales); } @Override public String getLocalAddr() { if (_channel != null) { InetSocketAddress local = _channel.getLocalAddress(); if (local == null) return ""; InetAddress address = local.getAddress(); String result = address == null ? local.getHostString() : address.getHostAddress(); return formatAddrOrHost(result); } return ""; } /* * @see javax.servlet.ServletRequest#getLocalName() */ @Override public String getLocalName() { if (_channel != null) { String localName = _channel.getLocalName(); return formatAddrOrHost(localName); } return ""; // not allowed to be null } @Override public int getLocalPort() { if (_channel != null) { int localPort = _channel.getLocalPort(); if (localPort > 0) return localPort; } return 0; } @Override public String getMethod() { return _method; } @Override public String getParameter(String name) { return getParameters().getValue(name, 0); } @Override public Map getParameterMap() { return Collections.unmodifiableMap(getParameters().toStringArrayMap()); } @Override public Enumeration getParameterNames() { return Collections.enumeration(getParameters().keySet()); } @Override public String[] getParameterValues(String name) { List vals = getParameters().getValues(name); if (vals == null) return null; return vals.toArray(new String[0]); } public MultiMap getQueryParameters() { return _queryParameters; } public void setQueryParameters(MultiMap queryParameters) { _queryParameters = queryParameters; } public void setContentParameters(MultiMap contentParameters) { _contentParameters = contentParameters; } public void resetParameters() { _parameters = null; } @Override public String getPathInfo() { // The pathInfo returned is normally for the current servlet. Except during an // INCLUDE dispatch, in which case this method returns the pathInfo of the source servlet, // which we recover from the IncludeAttributes wrapper. ServletPathMapping mapping = findServletPathMapping(); return mapping == null ? _pathInContext : mapping.getPathInfo(); } @Override public String getPathTranslated() { String pathInfo = getPathInfo(); if (pathInfo == null || _context == null) return null; return _context.getRealPath(pathInfo); } @Override public String getProtocol() { MetaData.Request metadata = _metaData; if (metadata == null) return null; HttpVersion version = metadata.getHttpVersion(); if (version == null) return null; return version.toString(); } /* * @see javax.servlet.ServletRequest#getProtocol() */ public HttpVersion getHttpVersion() { MetaData.Request metadata = _metaData; return metadata == null ? null : metadata.getHttpVersion(); } public String getQueryEncoding() { return _queryEncoding == null ? null : _queryEncoding.name(); } Charset getQueryCharset() { return _queryEncoding; } @Override public String getQueryString() { return _uri == null ? null : _uri.getQuery(); } @Override public BufferedReader getReader() throws IOException { if (_inputState != INPUT_NONE && _inputState != INPUT_READER) throw new IllegalStateException("STREAMED"); if (_inputState == INPUT_READER) return _reader; String encoding = getCharacterEncoding(); if (encoding == null) encoding = StringUtil.__ISO_8859_1; if (_reader == null || !encoding.equalsIgnoreCase(_readerEncoding)) { ServletInputStream in = getInputStream(); _readerEncoding = encoding; _reader = new BufferedReader(new InputStreamReader(in, encoding)) { @Override public void close() throws IOException { // Do not call super to avoid marking this reader as closed, // but do close the ServletInputStream that can be reopened. in.close(); } }; } else if (_channel.isExpecting100Continue()) { _channel.continue100(_input.available()); } _inputState = INPUT_READER; return _reader; } @Override @Deprecated(since = "Servlet API 2.1") public String getRealPath(String path) { if (_context == null) return null; return _context.getRealPath(path); } /** * Access the underlying Remote {@link InetSocketAddress} for this request. * * @return the remote {@link InetSocketAddress} for this request, or null if the request has no remote (see {@link ServletRequest#getRemoteAddr()} for * conditions that result in no remote address) */ public InetSocketAddress getRemoteInetSocketAddress() { InetSocketAddress remote = _remote; if (remote == null) remote = _channel.getRemoteAddress(); return remote; } @Override public String getRemoteAddr() { InetSocketAddress remote = _remote; if (remote == null) remote = _channel.getRemoteAddress(); if (remote == null) return ""; InetAddress address = remote.getAddress(); String result = address == null ? remote.getHostString() : address.getHostAddress(); return formatAddrOrHost(result); } @Override public String getRemoteHost() { InetSocketAddress remote = _remote; if (remote == null) remote = _channel.getRemoteAddress(); if (remote == null) return ""; // We want the URI host, so add IPv6 brackets if necessary. return formatAddrOrHost(remote.getHostString()); } @Override public int getRemotePort() { InetSocketAddress remote = _remote; if (remote == null) remote = _channel.getRemoteAddress(); return remote == null ? 0 : remote.getPort(); } @Override public String getRemoteUser() { Principal p = getUserPrincipal(); if (p == null) return null; return p.getName(); } @Override public RequestDispatcher getRequestDispatcher(String path) { if (path == null || _context == null) return null; // handle relative path if (!path.startsWith("/")) { String relTo = _pathInContext; int slash = relTo.lastIndexOf("/"); if (slash > 1) relTo = relTo.substring(0, slash + 1); else relTo = "/"; path = URIUtil.addPaths(relTo, path); } return _context.getRequestDispatcher(path); } @Override public String getRequestedSessionId() { return _requestedSessionId; } @Override public String getRequestURI() { return _uri == null ? null : _uri.getPath(); } @Override public StringBuffer getRequestURL() { final StringBuffer url = new StringBuffer(128); URIUtil.appendSchemeHostPort(url, getScheme(), getServerName(), getServerPort()); String path = getRequestURI(); if (path != null) url.append(path); return url; } public Response getResponse() { return _channel.getResponse(); } /** * Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port number, and, but it does not include a * path. *

* Because this method returns a StringBuffer, not a string, you can modify the URL easily, for example, to append path and query parameters. * * This method is useful for creating redirect messages and for reporting errors. * * @return "scheme://host:port" */ public StringBuilder getRootURL() { StringBuilder url = new StringBuilder(128); URIUtil.appendSchemeHostPort(url, getScheme(), getServerName(), getServerPort()); return url; } @Override public String getScheme() { return _uri == null ? "http" : _uri.getScheme(); } @Override public String getServerName() { if ((_uri != null) && StringUtil.isNotBlank(_uri.getAuthority())) return formatAddrOrHost(_uri.getHost()); else return findServerName(); } private String findServerName() { if (_channel != null) { HostPort serverAuthority = _channel.getServerAuthority(); if (serverAuthority != null) return formatAddrOrHost(serverAuthority.getHost()); } // Return host from connection String name = getLocalName(); if (name != null) return formatAddrOrHost(name); return ""; // not allowed to be null } @Override public int getServerPort() { int port = -1; if ((_uri != null) && StringUtil.isNotBlank(_uri.getAuthority())) port = _uri.getPort(); else port = findServerPort(); // If no port specified, return the default port for the scheme if (port <= 0) return HttpScheme.getDefaultPort(getScheme()); // return a specific port return port; } private int findServerPort() { if (_channel != null) { HostPort serverAuthority = _channel.getServerAuthority(); if (serverAuthority != null) return serverAuthority.getPort(); } // Return host from connection return getLocalPort(); } @Override public ServletContext getServletContext() { return _context; } public String getServletName() { if (_scope != null) return _scope.getName(); return null; } @Override public String getServletPath() { // The servletPath returned is normally for the current servlet. Except during an // INCLUDE dispatch, in which case this method returns the servletPath of the source servlet, // which we recover from the IncludeAttributes wrapper. ServletPathMapping mapping = findServletPathMapping(); return mapping == null ? "" : mapping.getServletPath(); } public ServletResponse getServletResponse() { return _channel.getResponse(); } @Override public String changeSessionId() { HttpSession session = getSession(false); if (session == null) throw new IllegalStateException("No session"); if (session instanceof Session) { Session s = ((Session)session); s.renewId(this); if (getRemoteUser() != null) s.setAttribute(Session.SESSION_CREATED_SECURE, Boolean.TRUE); if (s.isIdChanged() && _sessionHandler.isUsingCookies()) _channel.getResponse().replaceCookie(_sessionHandler.getSessionCookie(s, getContextPath(), isSecure())); } return session.getId(); } /** * Called when the request is fully finished being handled. * For every session in any context that the session has * accessed, ensure that the session is completed. */ public void onCompleted() { HttpChannel httpChannel = getHttpChannel(); // httpChannel can be null in some scenarios // it's not possible to use requestlog in those scenarios anyway. if (httpChannel != null) { RequestLog requestLog = httpChannel.getRequestLog(); if (requestLog != null) { // Don't allow pulling more parameters from request body content _contentParamsExtracted = true; if (_contentParameters == null) _contentParameters = NO_PARAMS; // Reset the status code to what was committed MetaData.Response committedResponse = getResponse().getCommittedMetaData(); if (committedResponse != null) { getResponse().setStatus(committedResponse.getStatus()); // TODO: Reset the response headers to what they were when committed } requestLog.log(this, getResponse()); } } if (_sessions != null) { for (Session s:_sessions) leaveSession(s); } //Clean up any tmp files created by MultiPartInputStream if (_multiParts != null) { try { _multiParts.close(); } catch (Throwable e) { LOG.warn("Errors deleting multipart tmp files", e); } } } /** * Called when a response is about to be committed, ie sent * back to the client */ public void onResponseCommit() { if (_sessions != null) { for (Session s:_sessions) { commitSession(s); } } } /** * Find a session that this request has already entered for the * given SessionHandler * * @param sessionHandler the SessionHandler (ie context) to check * @return the session for the passed session handler or null */ public HttpSession getSession(SessionHandler sessionHandler) { if (_sessions == null || _sessions.size() == 0 || sessionHandler == null) return null; HttpSession session = null; for (HttpSession s:_sessions) { Session ss = (Session)s; if (sessionHandler == ss.getSessionHandler()) { session = s; if (ss.isValid()) return session; } } return session; } @Override public HttpSession getSession() { return getSession(true); } @Override public HttpSession getSession(boolean create) { if (_session != null) { if (_sessionHandler != null && !_sessionHandler.isValid(_session)) _session = null; else return _session; } if (!create) return null; if (getResponse().isCommitted()) throw new IllegalStateException("Response is committed"); if (_sessionHandler == null) throw new IllegalStateException("No SessionManager"); _session = _sessionHandler.newHttpSession(this); if (_session == null) throw new IllegalStateException("Create session failed"); HttpCookie cookie = _sessionHandler.getSessionCookie(_session, getContextPath(), isSecure()); if (cookie != null) _channel.getResponse().replaceCookie(cookie); return _session; } /** * @return Returns the sessionManager. */ public SessionHandler getSessionHandler() { return _sessionHandler; } /** * Get Request TimeStamp * * @return The time that the request was received. */ public long getTimeStamp() { return _timeStamp; } public HttpURI getHttpURI() { return _uri; } public void setHttpURI(HttpURI uri) { if (_uri != null && !Objects.equals(_uri.getQuery(), uri.getQuery()) && _queryParameters != BAD_PARAMS) _parameters = _queryParameters = null; _uri = uri.asImmutable(); } /** * @return Returns the original uri passed in metadata before customization/rewrite */ public String getOriginalURI() { MetaData.Request metadata = _metaData; if (metadata == null) return null; HttpURI uri = metadata.getURI(); if (uri == null) return null; return uri.isAbsolute() && metadata.getHttpVersion() == HttpVersion.HTTP_2 ? uri.getPathQuery() : uri.toString(); } public UserIdentity getUserIdentity() { if (_authentication instanceof Authentication.Deferred) setAuthentication(((Authentication.Deferred)_authentication).authenticate(this)); if (_authentication instanceof Authentication.User) return ((Authentication.User)_authentication).getUserIdentity(); return null; } /** * @return The resolved user Identity, which may be null if the {@link Authentication} is not {@link Authentication.User} (eg. * {@link Authentication.Deferred}). */ public UserIdentity getResolvedUserIdentity() { if (_authentication instanceof Authentication.User) return ((Authentication.User)_authentication).getUserIdentity(); return null; } public UserIdentity.Scope getUserIdentityScope() { return _scope; } @Override public Principal getUserPrincipal() { if (_authentication instanceof Authentication.Deferred) setAuthentication(((Authentication.Deferred)_authentication).authenticate(this)); if (_authentication instanceof Authentication.User) { UserIdentity user = ((Authentication.User)_authentication).getUserIdentity(); return user.getUserPrincipal(); } return null; } public boolean isHandled() { return _handled; } @Override public boolean isAsyncStarted() { return getHttpChannelState().isAsyncStarted(); } @Override public boolean isAsyncSupported() { return _asyncNotSupportedSource == null; } @Override public boolean isRequestedSessionIdFromCookie() { return _requestedSessionId != null && _requestedSessionIdFromCookie; } @Override @Deprecated(since = "Servlet API 2.1") public boolean isRequestedSessionIdFromUrl() { return _requestedSessionId != null && !_requestedSessionIdFromCookie; } @Override public boolean isRequestedSessionIdFromURL() { return _requestedSessionId != null && !_requestedSessionIdFromCookie; } @Override public boolean isRequestedSessionIdValid() { if (_requestedSessionId == null) return false; HttpSession session = getSession(false); return (session != null && _sessionHandler.getSessionIdManager().getId(_requestedSessionId).equals(_sessionHandler.getId(session))); } @Override public boolean isSecure() { return _secure; } public void setSecure(boolean secure) { _secure = secure; } /** *

Get the nanoTime at which the request arrived to a connector, obtained via {@link System#nanoTime()}. * This method can be used when measuring latencies.

* @return The nanoTime at which the request was received/created in nanoseconds */ public long getBeginNanoTime() { return _metaData.getBeginNanoTime(); } @Override public boolean isUserInRole(String role) { if (_authentication instanceof Authentication.Deferred) setAuthentication(((Authentication.Deferred)_authentication).authenticate(this)); if (_authentication instanceof Authentication.User) return ((Authentication.User)_authentication).isUserInRole(_scope, role); return false; } /** * @param request the Request metadata */ public void setMetaData(MetaData.Request request) { if (_metaData == null && _input != null && _channel != null) { _input.reopen(); _channel.getResponse().getHttpOutput().reopen(); } _metaData = request; _method = request.getMethod(); _httpFields = request.getFields(); final HttpURI uri = request.getURI(); UriCompliance compliance = null; if (uri.hasViolations()) { compliance = _channel == null || _channel.getHttpConfiguration() == null ? null : _channel.getHttpConfiguration().getUriCompliance(); String badMessage = UriCompliance.checkUriCompliance(compliance, uri); if (badMessage != null) throw new BadMessageException(badMessage); } HttpField host = getHttpFields().getField(HttpHeader.HOST); if (uri.isAbsolute() && uri.hasAuthority() && uri.getPath() != null) { _uri = uri; if (host instanceof HostPortHttpField && !((HostPortHttpField)host).getHostPort().toString().equals(uri.getAuthority())) { HttpChannel httpChannel = getHttpChannel(); HttpConfiguration httpConfiguration = httpChannel.getHttpConfiguration(); if (httpConfiguration != null) { HttpCompliance httpCompliance = httpConfiguration.getHttpCompliance(); if (httpCompliance.allows(MISMATCHED_AUTHORITY)) { if (httpChannel instanceof ComplianceViolation.Listener) ((ComplianceViolation.Listener)httpChannel).onComplianceViolation(httpCompliance, MISMATCHED_AUTHORITY, _uri.toString()); } else { throw new BadMessageException(400, "Mismatched Authority"); } } } } else { HttpURI.Mutable builder = HttpURI.build(uri); if (!uri.isAbsolute()) builder.scheme(HttpScheme.HTTP.asString()); if (uri.getPath() == null) builder.path("/"); if (!uri.hasAuthority()) { if (host instanceof HostPortHttpField) { HostPortHttpField authority = (HostPortHttpField)host; builder.host(authority.getHost()).port(authority.getPort()); } else { builder.host(findServerName()).port(findServerPort()); } } _uri = builder.asImmutable(); } setSecure(HttpScheme.HTTPS.is(_uri.getScheme())); String encoded = _uri.getPath(); String path; if (encoded == null) // TODO this is not really right for CONNECT path = _uri.isAbsolute() ? "/" : null; else if (encoded.startsWith("/")) { path = (encoded.length() == 1) ? "/" : _uri.getDecodedPath(); } else if ("*".equals(encoded) || HttpMethod.CONNECT.is(getMethod())) { path = encoded; } else { path = null; } if (path == null || path.isEmpty()) { _pathInContext = encoded == null ? "" : encoded; throw new BadMessageException(400, "Bad URI"); } _pathInContext = path; } public org.eclipse.jetty.http.MetaData.Request getMetaData() { return _metaData; } public boolean hasMetaData() { return _metaData != null; } protected void recycle() { if (_context != null) throw new IllegalStateException("Request in context!"); if (_reader != null && _inputState == INPUT_READER) { try { int r = _reader.read(); while (r != -1) { r = _reader.read(); } } catch (Exception e) { LOG.trace("IGNORED", e); _reader = null; _readerEncoding = null; } } getHttpChannelState().recycle(); _requestAttributeListeners.clear(); _input.recycle(); _metaData = null; _httpFields = null; _trailers = null; _uri = null; _method = null; _pathInContext = null; _servletPathMapping = null; _asyncNotSupportedSource = null; _secure = false; _newContext = false; _cookiesExtracted = false; _handled = false; _contentParamsExtracted = false; _requestedSessionIdFromCookie = false; _attributes = Attributes.unwrap(_attributes); if (_attributes != null) { if (ServletAttributes.class.equals(_attributes.getClass())) _attributes.clearAttributes(); else _attributes = null; } setAuthentication(Authentication.NOT_CHECKED); _contentType = null; _characterEncoding = null; _context = null; _errorContext = null; if (_cookies != null) _cookies.reset(); _dispatcherType = null; _inputState = INPUT_NONE; // _reader can be reused // _readerEncoding can be reused _queryParameters = null; _contentParameters = null; _parameters = null; _queryEncoding = null; _remote = null; _requestedSessionId = null; _scope = null; _session = null; _sessionHandler = null; _timeStamp = 0; _multiParts = null; if (_async != null) _async.reset(); _async = null; _sessions = null; } @Override public void removeAttribute(String name) { Object oldValue = _attributes == null ? null : _attributes.getAttribute(name); if (_attributes != null) _attributes.removeAttribute(name); if (oldValue != null && !_requestAttributeListeners.isEmpty()) { final ServletRequestAttributeEvent event = new ServletRequestAttributeEvent(_context, this, name, oldValue); for (ServletRequestAttributeListener listener : _requestAttributeListeners) { listener.attributeRemoved(event); } } } public void removeEventListener(final EventListener listener) { _requestAttributeListeners.remove(listener); } public void setAsyncSupported(boolean supported, Object source) { _asyncNotSupportedSource = supported ? null : (source == null ? "unknown" : source); } /** * Set a request attribute. if the attribute name is "org.eclipse.jetty.server.server.Request.queryEncoding" then the value is also passed in a call to * {@link #setQueryEncoding}. * * @see javax.servlet.ServletRequest#setAttribute(java.lang.String, java.lang.Object) */ @Override public void setAttribute(String name, Object value) { Object oldValue = _attributes == null ? null : _attributes.getAttribute(name); if ("org.eclipse.jetty.server.Request.queryEncoding".equals(name)) setQueryEncoding(value == null ? null : value.toString()); else if ("org.eclipse.jetty.server.sendContent".equals(name)) LOG.warn("Deprecated: org.eclipse.jetty.server.sendContent"); if (_attributes == null) _attributes = new ServletAttributes(); _attributes.setAttribute(name, value); if (!_requestAttributeListeners.isEmpty()) { final ServletRequestAttributeEvent event = new ServletRequestAttributeEvent(_context, this, name, oldValue == null ? value : oldValue); for (ServletRequestAttributeListener l : _requestAttributeListeners) { if (oldValue == null) l.attributeAdded(event); else if (value == null) l.attributeRemoved(event); else l.attributeReplaced(event); } } } /** * Set the attributes for the request. * * @param attributes The attributes, which must be a {@link org.eclipse.jetty.util.Attributes.Wrapper} * for which {@link Attributes#unwrap(Attributes)} will return the * original {@link ServletAttributes}. */ public void setAttributes(Attributes attributes) { _attributes = attributes; } public void setAsyncAttributes() { // Return if we have been async dispatched before. if (getAttribute(AsyncContext.ASYNC_REQUEST_URI) != null) return; // Unwrap the _attributes to get the base attributes instance. Attributes baseAttributes; if (_attributes == null) baseAttributes = _attributes = new ServletAttributes(); else baseAttributes = Attributes.unwrap(_attributes); // We cannot use a apply AsyncAttribute via #setAttributes as that // will wrap over any dispatch specific attribute wrappers (eg. // Dispatcher#ForwardAttributes). Async attributes must persist // after the current dispatch, so they must be set under any other // wrappers. String fwdRequestURI = (String)getAttribute(RequestDispatcher.FORWARD_REQUEST_URI); if (fwdRequestURI == null) { if (baseAttributes instanceof ServletAttributes) { // The baseAttributes map is our ServletAttributes, so we can set the async // attributes there, under any other wrappers. ((ServletAttributes)baseAttributes).setAsyncAttributes(getRequestURI(), getContextPath(), getPathInContext(), getServletPathMapping(), getQueryString()); } else { // We cannot find our ServletAttributes instance, so just set directly and hope // whatever non jetty wrappers that have been applied will do the right thing. _attributes.setAttribute(AsyncContext.ASYNC_REQUEST_URI, getRequestURI()); _attributes.setAttribute(AsyncContext.ASYNC_CONTEXT_PATH, getContextPath()); _attributes.setAttribute(AsyncContext.ASYNC_SERVLET_PATH, getServletPath()); _attributes.setAttribute(AsyncContext.ASYNC_PATH_INFO, getPathInfo()); _attributes.setAttribute(AsyncContext.ASYNC_QUERY_STRING, getQueryString()); _attributes.setAttribute(AsyncContext.ASYNC_MAPPING, getHttpServletMapping()); } } else { if (baseAttributes instanceof ServletAttributes) { // The baseAttributes map is our ServletAttributes, so we can set the async // attributes there, under any other wrappers. ((ServletAttributes)baseAttributes).setAsyncAttributes(fwdRequestURI, (String)getAttribute(RequestDispatcher.FORWARD_CONTEXT_PATH), (String)getAttribute(RequestDispatcher.FORWARD_PATH_INFO), (ServletPathMapping)getAttribute(RequestDispatcher.FORWARD_MAPPING), (String)getAttribute(RequestDispatcher.FORWARD_QUERY_STRING)); } else { // We cannot find our ServletAttributes instance, so just set directly and hope // whatever non jetty wrappers that have been applied will do the right thing. _attributes.setAttribute(AsyncContext.ASYNC_REQUEST_URI, fwdRequestURI); _attributes.setAttribute(AsyncContext.ASYNC_CONTEXT_PATH, getAttribute(RequestDispatcher.FORWARD_CONTEXT_PATH)); _attributes.setAttribute(AsyncContext.ASYNC_SERVLET_PATH, getAttribute(RequestDispatcher.FORWARD_SERVLET_PATH)); _attributes.setAttribute(AsyncContext.ASYNC_PATH_INFO, getAttribute(RequestDispatcher.FORWARD_PATH_INFO)); _attributes.setAttribute(AsyncContext.ASYNC_QUERY_STRING, getAttribute(RequestDispatcher.FORWARD_QUERY_STRING)); _attributes.setAttribute(AsyncContext.ASYNC_MAPPING, getAttribute(RequestDispatcher.FORWARD_MAPPING)); } } } /** * Set the authentication. * * @param authentication the authentication to set */ public void setAuthentication(Authentication authentication) { _authentication = authentication; } @Override public void setCharacterEncoding(String encoding) throws UnsupportedEncodingException { if (_inputState != INPUT_NONE) return; _characterEncoding = encoding; // check encoding is supported if (!StringUtil.isUTF8(encoding)) { try { Charset.forName(encoding); } catch (UnsupportedCharsetException e) { throw new UnsupportedEncodingException(e.getMessage()); } } } /* * @see javax.servlet.ServletRequest#setCharacterEncoding(java.lang.String) */ public void setCharacterEncodingUnchecked(String encoding) { _characterEncoding = encoding; } /* * @see javax.servlet.ServletRequest#getContentType() */ public void setContentType(String contentType) { _contentType = contentType; } /** * Set request context and path in the context. * * @param context context object * @param pathInContext the part of the URI path that is withing the context. * For servlets, this is equal to servletPath + pathInfo */ public void setContext(Context context, String pathInContext) { _newContext = _context != context; _context = context; _pathInContext = pathInContext; if (context != null) _errorContext = context; } /** * @return True if this is the first call of takeNewContext() since the last * {@link #setContext(org.eclipse.jetty.server.handler.ContextHandler.Context, String)} call. */ public boolean takeNewContext() { boolean nc = _newContext; _newContext = false; return nc; } /** * @param cookies The cookies to set. */ public void setCookies(Cookie[] cookies) { if (_cookies == null) _cookies = new Cookies(getHttpChannel().getHttpConfiguration().getRequestCookieCompliance(), getComplianceViolationListener()); _cookies.setCookies(cookies); } public void setDispatcherType(DispatcherType type) { _dispatcherType = type; } public void setHandled(boolean h) { _handled = h; } /** * @param method The method to set. */ public void setMethod(String method) { _method = method; } public boolean isHead() { return HttpMethod.HEAD.is(getMethod()); } /** * Set the character encoding used for the query string. This call will effect the return of getQueryString and getParamaters. It must be called before any * getParameter methods. * * The request attribute "org.eclipse.jetty.server.Request.queryEncoding" may be set as an alternate method of calling setQueryEncoding. * * @param queryEncoding the URI query character encoding */ public void setQueryEncoding(String queryEncoding) { _queryEncoding = Charset.forName(queryEncoding); } /** * @param addr The address to set. */ public void setRemoteAddr(InetSocketAddress addr) { _remote = addr; } /** * @param requestedSessionId The requestedSessionId to set. */ public void setRequestedSessionId(String requestedSessionId) { _requestedSessionId = requestedSessionId; } /** * @param requestedSessionIdCookie The requestedSessionIdCookie to set. */ public void setRequestedSessionIdFromCookie(boolean requestedSessionIdCookie) { _requestedSessionIdFromCookie = requestedSessionIdCookie; } /** * @param session The session to set. */ public void setSession(HttpSession session) { _session = session; } /** * @param sessionHandler The SessionHandler to set. */ public void setSessionHandler(SessionHandler sessionHandler) { _sessionHandler = sessionHandler; } public void setTimeStamp(long ts) { _timeStamp = ts; } public void setUserIdentityScope(UserIdentity.Scope scope) { _scope = scope; } @Override public AsyncContext startAsync() throws IllegalStateException { if (_asyncNotSupportedSource != null) throw new IllegalStateException("!asyncSupported: " + _asyncNotSupportedSource); return forceStartAsync(); } private AsyncContextState forceStartAsync() { HttpChannelState state = getHttpChannelState(); if (_async == null) _async = new AsyncContextState(state); AsyncContextEvent event = new AsyncContextEvent(_context, _async, state, this, this, getResponse()); state.startAsync(event); return _async; } @Override public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException { if (_asyncNotSupportedSource != null) throw new IllegalStateException("!asyncSupported: " + _asyncNotSupportedSource); HttpChannelState state = getHttpChannelState(); if (_async == null) _async = new AsyncContextState(state); AsyncContextEvent event = new AsyncContextEvent(_context, _async, state, this, servletRequest, servletResponse, getHttpURI()); event.setDispatchContext(getServletContext()); state.startAsync(event); return _async; } public static HttpServletRequest unwrap(ServletRequest servletRequest) { if (servletRequest instanceof HttpServletRequestWrapper) { return (HttpServletRequestWrapper)servletRequest; } if (servletRequest instanceof ServletRequestWrapper) { return unwrap(((ServletRequestWrapper)servletRequest).getRequest()); } return ((HttpServletRequest)servletRequest); } @Override public String toString() { return String.format("%s%s%s %s%s@%x", getClass().getSimpleName(), _handled ? "[" : "(", getMethod(), getHttpURI(), _handled ? "]" : ")", hashCode()); } @Override public boolean authenticate(HttpServletResponse response) throws IOException, ServletException { //if already authenticated, return true if (getUserPrincipal() != null && getRemoteUser() != null && getAuthType() != null) return true; //do the authentication if (_authentication instanceof Authentication.Deferred) { setAuthentication(((Authentication.Deferred)_authentication).authenticate(this, response)); } //if the authentication did not succeed if (_authentication instanceof Authentication.Deferred) response.sendError(HttpStatus.UNAUTHORIZED_401); //if the authentication is incomplete, return false if (!(_authentication instanceof Authentication.ResponseSent)) return false; //something has gone wrong throw new ServletException("Authentication failed"); } @Override public Part getPart(String name) throws IOException, ServletException { getParts(); return _multiParts.getPart(name); } @Override public Collection getParts() throws IOException, ServletException { String contentType = getContentType(); if (contentType == null || !MimeTypes.Type.MULTIPART_FORM_DATA.is(HttpField.valueParameters(contentType, null))) throw new ServletException("Unsupported Content-Type [" + contentType + "], expected [multipart/form-data]"); return getParts(null); } private Collection getParts(MultiMap params) throws IOException { if (_multiParts == null) { MultipartConfigElement config = (MultipartConfigElement)getAttribute(__MULTIPART_CONFIG_ELEMENT); if (config == null) throw new IllegalStateException("No multipart config for servlet"); int maxFormContentSize = ContextHandler.DEFAULT_MAX_FORM_CONTENT_SIZE; int maxFormKeys = ContextHandler.DEFAULT_MAX_FORM_KEYS; if (_context != null) { ContextHandler contextHandler = _context.getContextHandler(); maxFormContentSize = contextHandler.getMaxFormContentSize(); maxFormKeys = contextHandler.getMaxFormKeys(); } else { maxFormContentSize = lookupServerAttribute(ContextHandler.MAX_FORM_CONTENT_SIZE_KEY, maxFormContentSize); maxFormKeys = lookupServerAttribute(ContextHandler.MAX_FORM_KEYS_KEY, maxFormKeys); } _multiParts = newMultiParts(config, maxFormKeys); Collection parts = _multiParts.getParts(); String formCharset = null; Part charsetPart = _multiParts.getPart("_charset_"); if (charsetPart != null) { try (InputStream is = charsetPart.getInputStream()) { ByteArrayOutputStream os = new ByteArrayOutputStream(); IO.copy(is, os); formCharset = os.toString(StandardCharsets.UTF_8); } } /* Select Charset to use for this part. (NOTE: charset behavior is for the part value only and not the part header/field names) 1. Use the part specific charset as provided in that part's Content-Type header; else 2. Use the overall default charset. Determined by: a. if part name _charset_ exists, use that part's value. b. if the request.getCharacterEncoding() returns a value, use that. (note, this can be either from the charset field on the request Content-Type header, or from a manual call to request.setCharacterEncoding()) c. use utf-8. */ Charset defaultCharset; if (formCharset != null) defaultCharset = Charset.forName(formCharset); else if (getCharacterEncoding() != null) defaultCharset = Charset.forName(getCharacterEncoding()); else defaultCharset = StandardCharsets.UTF_8; long formContentSize = 0; ByteArrayOutputStream os = null; for (Part p : parts) { if (p.getSubmittedFileName() == null) { formContentSize = Math.addExact(formContentSize, p.getSize()); if (maxFormContentSize >= 0 && formContentSize > maxFormContentSize) throw new IllegalStateException("Form is larger than max length " + maxFormContentSize); // Servlet Spec 3.0 pg 23, parts without filename must be put into params. String charset = null; if (p.getContentType() != null) charset = MimeTypes.getCharsetFromContentType(p.getContentType()); try (InputStream is = p.getInputStream()) { if (os == null) os = new ByteArrayOutputStream(); IO.copy(is, os); String content = os.toString(charset == null ? defaultCharset : Charset.forName(charset)); if (_contentParameters == null) _contentParameters = params == null ? new MultiMap<>() : params; _contentParameters.add(p.getName(), content); } os.reset(); } } } return _multiParts.getParts(); } private MultiParts newMultiParts(MultipartConfigElement config, int maxParts) throws IOException { MultiPartFormDataCompliance compliance = getHttpChannel().getHttpConfiguration().getMultipartFormDataCompliance(); if (LOG.isDebugEnabled()) LOG.debug("newMultiParts {} {}", compliance, this); switch (compliance) { case RFC7578: return new MultiParts.MultiPartsHttpParser(getInputStream(), getContentType(), config, (_context != null ? (File)_context.getAttribute("javax.servlet.context.tempdir") : null), this, maxParts); case LEGACY: default: return new MultiParts.MultiPartsUtilParser(getInputStream(), getContentType(), config, (_context != null ? (File)_context.getAttribute("javax.servlet.context.tempdir") : null), this, maxParts); } } @Override public void login(String username, String password) throws ServletException { if (_authentication instanceof Authentication.LoginAuthentication) { Authentication auth = ((Authentication.LoginAuthentication)_authentication).login(username, password, this); if (auth == null) throw new Authentication.Failed("Authentication failed for username '" + username + "'"); else _authentication = auth; } else { throw new Authentication.Failed("Authenticated failed for username '" + username + "'. Already authenticated as " + _authentication); } } @Override public void logout() throws ServletException { if (_authentication instanceof Authentication.LogoutAuthentication) _authentication = ((Authentication.LogoutAuthentication)_authentication).logout(this); } public void mergeQueryParameters(String oldQuery, String newQuery) { MultiMap newQueryParams = null; // Have to assume ENCODING because we can't know otherwise. if (newQuery != null) { newQueryParams = new MultiMap<>(); UrlEncoded.decodeTo(newQuery, newQueryParams, UrlEncoded.ENCODING); } MultiMap oldQueryParams = _queryParameters; if (oldQueryParams == null && oldQuery != null) { oldQueryParams = new MultiMap<>(); try { UrlEncoded.decodeTo(oldQuery, oldQueryParams, getQueryCharset()); } catch (Throwable th) { _queryParameters = BAD_PARAMS; throw new BadMessageException(400, "Bad query encoding", th); } } MultiMap mergedQueryParams; if (newQueryParams == null || newQueryParams.size() == 0) mergedQueryParams = oldQueryParams == null ? NO_PARAMS : oldQueryParams; else if (oldQueryParams == null || oldQueryParams.size() == 0) mergedQueryParams = newQueryParams; else { // Parameters values are accumulated. mergedQueryParams = new MultiMap<>(newQueryParams); mergedQueryParams.addAllValues(oldQueryParams); } setQueryParameters(mergedQueryParams); resetParameters(); } @Override public T upgrade(Class handlerClass) throws IOException, ServletException { Response response = _channel.getResponse(); if (response.getStatus() != HttpStatus.SWITCHING_PROTOCOLS_101) throw new IllegalStateException("Response status should be 101"); if (response.getHeader("Upgrade") == null) throw new IllegalStateException("Missing Upgrade header"); if (!"Upgrade".equalsIgnoreCase(response.getHeader("Connection"))) throw new IllegalStateException("Invalid Connection header"); if (response.isCommitted()) throw new IllegalStateException("Cannot upgrade committed response"); if (_metaData == null || _metaData.getHttpVersion() != HttpVersion.HTTP_1_1) throw new IllegalStateException("Only requests over HTTP/1.1 can be upgraded"); ServletOutputStream outputStream = response.getOutputStream(); ServletInputStream inputStream = getInputStream(); HttpChannelOverHttp httpChannel11 = (HttpChannelOverHttp)_channel; HttpConnection httpConnection = (HttpConnection)_channel.getConnection(); T upgradeHandler; try { upgradeHandler = handlerClass.getDeclaredConstructor().newInstance(); } catch (Exception e) { throw new ServletException("Unable to instantiate handler class", e); } httpChannel11.servletUpgrade(); // tell the HTTP 1.1 channel that it is now handling an upgraded servlet AsyncContext asyncContext = forceStartAsync(); // force the servlet in async mode outputStream.flush(); // commit the 101 response httpConnection.getGenerator().servletUpgrade(); // tell the generator it can send data as-is httpConnection.addEventListener(new Connection.Listener() { @Override public void onClosed(Connection connection) { try { asyncContext.complete(); } catch (Exception e) { LOG.warn("error during upgrade AsyncContext complete", e); } try { upgradeHandler.destroy(); } catch (Exception e) { LOG.warn("error during upgrade HttpUpgradeHandler destroy", e); } } @Override public void onOpened(Connection connection) { } }); upgradeHandler.init(new WebConnection() { @Override public void close() throws Exception { try { inputStream.close(); } finally { outputStream.close(); } } @Override public ServletInputStream getInputStream() { return inputStream; } @Override public ServletOutputStream getOutputStream() { return outputStream; } }); return upgradeHandler; } /** * Set the servletPathMapping, the servletPath and the pathInfo. * @param servletPathMapping The mapping used to return from {@link #getHttpServletMapping()} */ public void setServletPathMapping(ServletPathMapping servletPathMapping) { _servletPathMapping = servletPathMapping; } /** * @return The mapping for the current target servlet, regardless of dispatch type. */ public ServletPathMapping getServletPathMapping() { return _servletPathMapping; } /** * @return The mapping for the target servlet reported by the {@link #getServletPath()} and * {@link #getPathInfo()} methods. For {@link DispatcherType#INCLUDE} dispatches, this * method returns the mapping of the source servlet, otherwise it returns the mapping of * the target servlet. */ ServletPathMapping findServletPathMapping() { ServletPathMapping mapping; if (_dispatcherType == DispatcherType.INCLUDE) { Dispatcher.IncludeAttributes include = Attributes.unwrap(_attributes, Dispatcher.IncludeAttributes.class); mapping = (include == null) ? _servletPathMapping : include.getSourceMapping(); } else { mapping = _servletPathMapping; } return mapping; } @Override public HttpServletMapping getHttpServletMapping() { // TODO This is to pass the current TCK. This has been challenged in https://github.com/eclipse-ee4j/jakartaee-tck/issues/585 if (_dispatcherType == DispatcherType.ASYNC) { ServletPathMapping async = (ServletPathMapping)getAttribute(AsyncContext.ASYNC_MAPPING); if (async != null && "/DispatchServlet".equals(async.getServletPath())) return async; } // The mapping returned is normally for the current servlet. Except during an // INCLUDE dispatch, in which case this method returns the mapping of the source servlet, // which we recover from the IncludeAttributes wrapper. return findServletPathMapping(); } private String formatAddrOrHost(String name) { return _channel == null ? HostPort.normalizeHost(name) : _channel.formatAddrOrHost(name); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy