Package org.apache.ofbiz.webapp.control
Class ControlFilter
java.lang.Object
javax.servlet.GenericFilter
javax.servlet.http.HttpFilter
org.apache.ofbiz.webapp.control.ControlFilter
- All Implemented Interfaces:
Serializable
,Filter
,FilterConfig
A Filter used to specify an allowlist of allowed paths to the OFBiz application.
Requests that do not match any of the paths listed in allowedPaths are redirected to redirectPath, or an error code
is returned (the error code can be set in errorCode, the default value is 403).
If forceRedirectAll is set to Y then allowedPaths is ignored and all requests are redirected to redirectPath; note
that forceRedirectAll is ignored if redirectPath is not set.
Init parameters:
- forceRedirectAll: when set to Y, and redirectPath is set, then redirects all traffic to redirectPath
- allowedPaths: a colon separated list of URL or URI that are allowed;
non matching request paths are redirected, or an error code is returned,
according to the setup of redirectPath and errorCode
- redirectPath: if the path requested is not in the allowedPaths, or forceRedirectAll is set to Y,
specifies the the path to which the request is redirected to;
- errorCode: the error code set in the response if the path requested is not in the allowedPaths
and redirectPath is not set; defaults to 403
Interaction with the context:
- for its internal logic (to avoid an infinite loop of redirections when forceRedirectAll is set) the filter sets
a session parameter (_FORCE_REDIRECT_=true) before the first redirection; the parameter is removed during the
second pass before the request is forwarded to the next filter in the chain
- the filter skips the check against the allowlist of allowed paths if a request attribute
with name _FORWARDED_FROM_SERVLET_ is present; this attribute is typically set by the ControlServlet to indicate
that the request path is safe and should not be checked again
- See Also:
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
doFilter
(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) Makes allowed paths pass through while redirecting the others to a fix location.void
init
(FilterConfig conf) Methods inherited from class javax.servlet.http.HttpFilter
doFilter
Methods inherited from class javax.servlet.GenericFilter
getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init
-
Field Details
-
FORWARDED_FROM_SERVLET
- See Also:
-
DEFAULT_HTTP_ERROR_CODE
public static final int DEFAULT_HTTP_ERROR_CODE- See Also:
-
-
Constructor Details
-
ControlFilter
public ControlFilter()
-
-
Method Details
-
init
- Specified by:
init
in interfaceFilter
- Overrides:
init
in classGenericFilter
- Throws:
ServletException
-
doFilter
public void doFilter(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException Makes allowed paths pass through while redirecting the others to a fix location.- Overrides:
doFilter
in classHttpFilter
- Throws:
IOException
ServletException
-