blob: 7079e9d1e7e96a66ae33fe7847024173e7ccc0d2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.filter;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.web.util.WebUtils;
/**
* This filter intercepts a request and populates the {@code contextPath} attribute on the request with a sanitized value (originally) retrieved from {@code nifi.properties}.
*/
public class SanitizeContextPathFilter implements Filter {
private static final String ALLOWED_CONTEXT_PATHS_PARAMETER_NAME = "allowedContextPaths";
private String allowedContextPaths = "";
private List<String> parsedAllowedContextPaths = Collections.emptyList();
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String providedAllowedList = filterConfig.getServletContext().getInitParameter(ALLOWED_CONTEXT_PATHS_PARAMETER_NAME);
if (StringUtils.isNotBlank(providedAllowedList)) {
allowedContextPaths = providedAllowedList;
parsedAllowedContextPaths = Arrays.asList(StringUtils.split(providedAllowedList, ','));
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
// Inject the contextPath attribute into the request
injectContextPathAttribute(request);
// Pass execution to the next filter in the chain
filterChain.doFilter(request, response);
}
/**
* Determines, sanitizes, and injects the {@code contextPath} attribute into the {@code request}. If not present, an empty string {@code ""} is injected.
*
* @param request the request
*/
protected void injectContextPathAttribute(ServletRequest request) {
// Capture the provided context path headers and sanitize them before using in the response
String contextPath = WebUtils.sanitizeContextPath(request, parsedAllowedContextPaths, "");
request.setAttribute("contextPath", contextPath);
}
@Override
public void destroy() {
}
/**
* Getter for allowed context paths. Cannot be package-private because of an issue where the package is scoped per classloader.
*
* @return the allowed context path(s)
*/
protected String getAllowedContextPaths() {
return allowedContextPaths;
}
}