framework/base/src/main/java/org/apache/ofbiz/base/util/CacheFilter.java

/*******************************************************************************
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 *******************************************************************************/
package org.apache.ofbiz.base.util;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

public class CacheFilter implements Filter {

    private FilterConfig filterConfig = null;

    /**
     * The <code>doFilter</code> method of the Filter is called by the container each time a request/response pair is passed through the chain due to
     * a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and
     * response to the next entity in the chain.
     * <p>
     * A typical implementation of this method would follow the following pattern:- <br>
     * 1. Examine the request<br>
     * 2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering <br>
     * 3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering <br>
     * 4. a) <strong>Either</strong> invoke the next entity in the chain using the FilterChain object (<code>chain.doFilter()</code>), <br>
     * 4. b) <strong>or</strong> not pass on the request/response pair to the next entity in the filter chain to block the request processing<br>
     * 5. Directly set headers on the response after invocation of the next entity in the filter chain. <br>
     * <br>
     * ----------------------------------------------------------------------------------------------------<br>
     * Actually its goal in OFBiz is simply to prevent a post-auth security issue described in OFBIZ-12332 <br>
     * ----------------------------------------------------------------------------------------------------<br>
     * <br>
     * @param request The request to process
     * @param response The response associated with the request
     * @param chain Provides access to the next filter in the chain for this filter to pass the request and response to for further processing
     * @throws IOException if an I/O error occurs during this filter's processing of the request
     * @throws ServletException if the processing fails for any other reason
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // Get the request URI without the webapp mount point.
        String context = ((HttpServletRequest) request).getContextPath();
        String uriWithContext = ((HttpServletRequest) request).getRequestURI();
        String uri = uriWithContext.substring(context.length());
        chain.doFilter(request, response);
    }

    /**
     * Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly
     * once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.
     * <p>
     * The web container cannot place the filter into service if the init method either:
     * <ul>
     * <li>Throws a ServletException</li>
     * <li>Does not return within a time period defined by the web container</li>
     * </ul>
     * The default implementation is a NO-OP.
     * @param filterConfiguration The configuration information associated with the filter instance being initialised
     * @throws ServletException if the initialisation fails
     */
    public void init(FilterConfig filterConfiguration) throws ServletException {
        setFilterConfig(filterConfiguration);
    }

    /**
     * Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within
     * the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the
     * doFilter method again on this instance of the filter. <br>
     * <br>
     * This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make
     * sure that any persistent state is synchronized with the filter's current state in memory. The default implementation is a NO-OP.
     */
    public void destroy() {
        setFilterConfig(null);
    }

    /**
     * @return the filterConfig
     */
    public FilterConfig getFilterConfig() {
        return filterConfig;
    }

    /**
     * @param filterConfig the filterConfig to set
     */
    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

}