Package net.solarnetwork.web.security

Class SecurityHttpServletRequestWrapper

java.lang.Object
javax.servlet.ServletRequestWrapper
javax.servlet.http.HttpServletRequestWrapper
net.solarnetwork.web.security.SecurityHttpServletRequestWrapper
All Implemented Interfaces:
javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest
public class SecurityHttpServletRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
HttpServletRequestWrapper to aid in computing hash values for the request content.
Since:
1.11
Version:
1.3
Author:
matt

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Pattern
    DEFAULT_COMPRESSIBLE_CONTENT_PATTERN
    The compressibleContentTypePattern property default value.
    static final int
    DEFAULT_MINIMUM_COMPRESS_LENGTH
    The minimumCompressLength property default value.
    static final int
    DEFAULT_MINIMUM_SPOOL_LENGTH
    The minimumSpoolLength property default value.

    Fields inherited from interface javax.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength)
    Construct from a request.
    SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody)
    Construct from a request.
    SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody, int minimumCompressLength)
    Construct from a request.
    SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody, int minimumCompressLength, Pattern compressibleContentTypePattern, int minimumSpoolLength, Path spoolDirectory)
    Construct from a request.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    deleteCachedContent()
    Immediately delete any cached request body content.
    byte[]
    getContentMD5()
    Compute the MD5 hash of the request body.
    byte[]
    getContentSHA1()
    Compute the SHA1 hash of the request body.
    byte[]
    getContentSHA256()
    Compute the SHA-256 hash of the request body.
    byte[]
    getContentSHA512()
    Compute the SHA-512 hash of the request body.
    javax.servlet.ServletInputStream
    getInputStream()
     

    Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isUserInRole, login, logout, upgrade

    Methods inherited from class javax.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface javax.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

  • Field Details

    • DEFAULT_MINIMUM_COMPRESS_LENGTH

      public static final int DEFAULT_MINIMUM_COMPRESS_LENGTH
      The minimumCompressLength property default value.
      See Also:

    • DEFAULT_MINIMUM_SPOOL_LENGTH

      public static final int DEFAULT_MINIMUM_SPOOL_LENGTH
      The minimumSpoolLength property default value.
      Since:
      1.2
      See Also:

    • DEFAULT_COMPRESSIBLE_CONTENT_PATTERN

      public static final Pattern DEFAULT_COMPRESSIBLE_CONTENT_PATTERN
      The compressibleContentTypePattern property default value.
      Since:
      1.2

  • Constructor Details

    • SecurityHttpServletRequestWrapper

      public SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength)
      Construct from a request.
      Parameters:
      request - the request to wrap
      maxLength - the maximum body length allowed (in bytes)

    • SecurityHttpServletRequestWrapper

      public SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody)
      Construct from a request.
      Parameters:
      request - the request to wrap
      maxLength - the maximum body length allowed (in bytes)
      compressBody - true to compress the cached body in memory, false to not compress
      Since:
      1.1

    • SecurityHttpServletRequestWrapper

      public SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody, int minimumCompressLength)
      Construct from a request.

      The DEFAULT_COMPRESSIBLE_CONTENT_PATTERN pattern will be used and the DEFAULT_MINIMUM_SPOOL_LENGTH value will be used with the default spool directory set to the value of the java.io.tmpdir system property.

      Parameters:
      request - the request to wrap
      maxLength - the maximum body length allowed (in bytes)
      compressBody - true to compress the cached body in memory, false to not compress
      minimumCompressLength - The minimum size (in bytes) a request body must be before compressing it.
      Since:
      1.1

    • SecurityHttpServletRequestWrapper

      public SecurityHttpServletRequestWrapper(javax.servlet.http.HttpServletRequest request, int maxLength, boolean compressBody, int minimumCompressLength, Pattern compressibleContentTypePattern, int minimumSpoolLength, Path spoolDirectory)
      Construct from a request.
      Parameters:
      request - the request to wrap
      maxLength - the maximum body length allowed (in bytes)
      compressBody - true to compress the cached body in memory, false to not compress
      minimumCompressLength - The minimum size (in bytes) a request body must be before compressing it.
      compressibleContentTypePattern - A pattern to match against content type values to allow compressing, or null to compress anything.
      minimumSpoolLength - The minimum size (in bytes) a request body must be before spooling to content to disk.
      spoolDirectory - the directory to create spooled (temporary) files, or null to never spool to disk
      Since:
      1.2

  • Method Details

    • getContentMD5

      public byte[] getContentMD5() throws IOException
      Compute the MD5 hash of the request body.
      Returns:
      the MD5 hash, or null if there is no request content
      Throws:
      IOException - if an IO exception occurs
      SecurityException - if the request content length is larger than the configured maximumLength

    • getContentSHA1

      public byte[] getContentSHA1() throws IOException
      Compute the SHA1 hash of the request body.
      Returns:
      the SHA1 hash, or null if there is no request content
      Throws:
      IOException - if an IO exception occurs
      SecurityException - if the request content length is larger than the configured maximumLength

    • getContentSHA256

      public byte[] getContentSHA256() throws IOException
      Compute the SHA-256 hash of the request body.
      Returns:
      the SHA-256 hash, or null if there is no request content
      Throws:
      IOException - if an IO exception occurs
      SecurityException - if the request content length is larger than the configured maximumLength

    • getContentSHA512

      public byte[] getContentSHA512() throws IOException
      Compute the SHA-512 hash of the request body.
      Returns:
      the SHA-512 hash, or null if there is no request content
      Throws:
      IOException - if an IO exception occurs
      SecurityException - if the request content length is larger than the configured maximumLength
      Since:
      1.3

    • getInputStream

      public javax.servlet.ServletInputStream getInputStream() throws IOException
      Specified by:
      getInputStream in interface javax.servlet.ServletRequest
      Overrides:
      getInputStream in class javax.servlet.ServletRequestWrapper
      Throws:
      IOException

    • deleteCachedContent

      public void deleteCachedContent() throws IOException
      Immediately delete any cached request body content.
      Throws:
      IOException - if any IO error occurs