Class ControlFilter

  • All Implemented Interfaces:, Filter, FilterConfig

    public class ControlFilter
    extends HttpFilter
    A Filter used to specify an allowlist of allowed paths to the OFBiz application. Requests that do not match any of the paths listed in allowedPaths are redirected to redirectPath, or an error code is returned (the error code can be set in errorCode, the default value is 403). If forceRedirectAll is set to Y then allowedPaths is ignored and all requests are redirected to redirectPath; note that forceRedirectAll is ignored if redirectPath is not set. Init parameters: - forceRedirectAll: when set to Y, and redirectPath is set, then redirects all traffic to redirectPath - allowedPaths: a colon separated list of URL or URI that are allowed; non matching request paths are redirected, or an error code is returned, according to the setup of redirectPath and errorCode - redirectPath: if the path requested is not in the allowedPaths, or forceRedirectAll is set to Y, specifies the the path to which the request is redirected to; - errorCode: the error code set in the response if the path requested is not in the allowedPaths and redirectPath is not set; defaults to 403 Interaction with the context: - for its internal logic (to avoid an infinite loop of redirections when forceRedirectAll is set) the filter sets a session parameter (_FORCE_REDIRECT_=true) before the first redirection; the parameter is removed during the second pass before the request is forwarded to the next filter in the chain - the filter skips the check against the allowlist of allowed paths if a request attribute with name _FORWARDED_FROM_SERVLET_ is present; this attribute is typically set by the ControlServlet to indicate that the request path is safe and should not be checked again
    See Also:
    Serialized Form