Package org.apache.ofbiz.webapp.control

Class ControlFilter

java.lang.Object

javax.servlet.GenericFilter

javax.servlet.http.HttpFilter

org.apache.ofbiz.webapp.control.ControlFilter

All Implemented Interfaces:

Serializable, Filter, FilterConfig

public class ControlFilter
extends HttpFilter

A Filter used to specify an allowlist of allowed paths to the OFBiz application. Requests that do not match any of the paths listed in allowedPaths are redirected to redirectPath, or an error code is returned (the error code can be set in errorCode, the default value is 403). If forceRedirectAll is set to Y then allowedPaths is ignored and all requests are redirected to redirectPath; note that forceRedirectAll is ignored if redirectPath is not set. Init parameters: - forceRedirectAll: when set to Y, and redirectPath is set, then redirects all traffic to redirectPath - allowedPaths: a colon separated list of URL or URI that are allowed; non matching request paths are redirected, or an error code is returned, according to the setup of redirectPath and errorCode - redirectPath: if the path requested is not in the allowedPaths, or forceRedirectAll is set to Y, specifies the the path to which the request is redirected to; - errorCode: the error code set in the response if the path requested is not in the allowedPaths and redirectPath is not set; defaults to 403 Interaction with the context: - for its internal logic (to avoid an infinite loop of redirections when forceRedirectAll is set) the filter sets a session parameter (_FORCE_REDIRECT_=true) before the first redirection; the parameter is removed during the second pass before the request is forwarded to the next filter in the chain - the filter skips the check against the allowlist of allowed paths if a request attribute with name _FORWARDED_FROM_SERVLET_ is present; this attribute is typically set by the ControlServlet to indicate that the request path is safe and should not be checked again

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
static final int	DEFAULT_HTTP_ERROR_CODE
static final String	FORWARDED_FROM_SERVLET

Constructor Summary

Constructors

Constructor	Description
ControlFilter()

Method Summary

Modifier and Type	Method	Description
void	doFilter(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)	Makes allowed paths pass through while redirecting the others to a fix location.
void	init(FilterConfig conf)

Methods inherited from class javax.servlet.http.HttpFilter

doFilter

Methods inherited from class javax.servlet.GenericFilter

getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.Filter

destroy

Field Details

FORWARDED_FROM_SERVLET

public static final String FORWARDED_FROM_SERVLET

See Also:

• Constant Field Values

DEFAULT_HTTP_ERROR_CODE

public static final int DEFAULT_HTTP_ERROR_CODE

See Also:

• Constant Field Values

Constructor Details

ControlFilter

public ControlFilter()

Method Details

init

public void init(FilterConfig conf)
          throws ServletException

Specified by:

init in interface Filter

Overrides:

init in class GenericFilter

Throws:

ServletException

doFilter

public void doFilter(HttpServletRequest req,
 HttpServletResponse resp,
 FilterChain chain)
              throws IOException,
ServletException

Makes allowed paths pass through while redirecting the others to a fix location.

Overrides:

doFilter in class HttpFilter

Throws:

IOException

ServletException