org.sakaiproject.util
Class RequestFilter

java.lang.Object
  extended byorg.sakaiproject.util.RequestFilter
All Implemented Interfaces:
Filter

public class RequestFilter
extends Object
implements Filter

RequestFilter Filters all requests to Sakai tools. It is responsible for keeping the Sakai session, done using a cookie to the end user's browser storing the user's session id.

Version:
$Revision: 6283 $
Author:
University of Michigan, Sakai Software Development Team

Nested Class Summary
 class RequestFilter.WrappedRequest
          Wraps a request object so we can override some standard behavior.
 class RequestFilter.WrappedResponse
          Wraps a response object so we can override some standard behavior.
 
Field Summary
static String ATTR_CHARACTER_ENCODING_DONE
          The request attribute name (and value) used to indicated that character encoding has been set.
static String ATTR_FILTERED
          The request attribute name (and value) used to indicated that the request has been filtered.
static String ATTR_REDIRECT
          The request attribute name used to indicated that the *response* has been redirected.
static String ATTR_SESSION
          The request attribute name used to store the Sakai session.
static String ATTR_UPLOADS_DONE
          The request attribute name (and value) used to indicated that file uploads have been parsed.
static String CONFIG_CHARACTER_ENCODING
          Config parameter which to control character encoding to apply to the request.
static String CONFIG_CHARACTER_ENCODING_ENABLED
          Config parameter to control whether to set the character encoding on the request.
static String CONFIG_CONTEXT
          Config parameter to set the servlet context for context based session (overriding the servlet's context name).
static String CONFIG_REMOTE_USER
          Config parameter to control remote user handling.
static String CONFIG_SESSION
          Config parameter to control http session handling.
static String CONFIG_TOOL_PLACEMENT
          Config parameter to control tool placement URL en/de-coding.
static String CONFIG_UPLOAD_DIR
          Config parameter that specifies the absolute path of a temporary directory in which to store file uploads.
static String CONFIG_UPLOAD_ENABLED
          Config parameter to control whether the request filter parses file uploads.
static String CONFIG_UPLOAD_MAX
          Config parameter to control the maximum allowed upload size (in bytes) from the browser.
static String CONFIG_UPLOAD_THRESHOLD
          Config parameter (in bytes) to control the threshold at which to store uploaded files on-disk (temporarily) instead of in-memory.
protected static int CONTAINER_SESSION
          sakaiHttpSession setting for don't do anything.
protected static int CONTEXT_SESSION
          sakaiHttpSession setting for use the context session.
protected static String CURRENT_CONTEXT
          Key in the ThreadLocalManager for binding our context id.
static String CURRENT_HTTP_REQUEST
          Key in the ThreadLocalManager for access to the current http request object.
static String CURRENT_HTTP_RESPONSE
          Key in the ThreadLocalManager for access to the current http response object.
protected static String CURRENT_HTTP_SESSION
          Key in the ThreadLocalManager for binding our http session preference.
static String CURRENT_INVALID_SESSION
          Key in the ThreadLocalManager for the case where a session requested was invalid, and we started a new one.
protected static String CURRENT_REMOTE_USER
          Key in the ThreadLocalManager for binding our remoteUser preference.
static String CURRENT_SERVER_URL
          Key in the ThreadLocalManager for the serverUrl based on the current request.
protected static String DOT
          The "." character
protected  String m_characterEncoding
           
protected  boolean m_characterEncodingEnabled
           
protected  String m_contextId
          Our contex (i.e. servlet context) id.
protected  boolean m_displayModJkWarning
           
protected  int m_sakaiHttpSession
          If true, we deliver the Sakai wide session as the Http session for each request.
protected  boolean m_sakaiRemoteUser
          If true, we deliver the Sakai end user enterprise id as the remote user in each request.
protected  boolean m_toolPlacement
          If true, we encode / decode the tool placement using the a URL parameter.
protected  boolean m_uploadEnabled
           
protected  long m_uploadMaxSize
           
protected  String m_uploadTempDir
           
protected  int m_uploadThreshold
           
static String PARAM_AUTO
          The request parameter name used to indicated that the request is automatic, not from a user action.
protected static String SAKAI_SERVERID
          The name of the system property that will be used when setting the value of the session cookie.
protected static int SAKAI_SESSION
          sakaiHttpSession setting for use the sakai wide session.
static String SESSION_COOKIE
          The name of the cookie we use to keep sakai session.
static String SYSTEM_UPLOAD_MAX
          System property to control the maximum allowed upload size (in MEGABYTES) from the browser.
protected static int TOOL_SESSION
          sakaiHttpSession setting for use the tool session, in any, else context.
 
Constructor Summary
RequestFilter()
           
 
Method Summary
protected  Session assureSession(HttpServletRequest req, HttpServletResponse res)
          Make sure we have a Sakai session.
 void destroy()
          Take this filter out of service.
protected  ToolSession detectToolPlacement(Session s, HttpServletRequest req)
          Detect a tool placement from the URL, and if found, setup the placement attribute and current tool session based on that id.
 void doFilter(ServletRequest requestObj, ServletResponse responseObj, FilterChain chain)
          Filter a request / response.
protected  Cookie findCookie(HttpServletRequest req, String name, String suffix)
          Find a cookie by this name from the request; one with a value that has the specified suffix.
protected  void handleCharacterEncoding(HttpServletRequest req, HttpServletResponse resp)
          If setting character encoding is enabled for this filter, and there isn't already a character encoding on the request, then set the encoding.
protected  HttpServletRequest handleFileUpload(HttpServletRequest req, HttpServletResponse resp)
          if the filter is configured to parse file uploads, AND the request is multipart (typically a file upload), then parse the request.
 void init(FilterConfig filterConfig)
          Place this filter into service.
protected  void postProcessResponse(Session s, HttpServletRequest req, HttpServletResponse res)
          Post-process the response.
protected  HttpServletRequest preProcessRequest(Session s, HttpServletRequest req)
          Pre-process the request, returning a possibly wrapped req for further processing.
protected  HttpServletResponse preProcessResponse(Session s, HttpServletRequest req, HttpServletResponse res)
          Pre-process the response, returning a possibly wrapped res for further processing.
static String serverUrl(HttpServletRequest req)
          Compute the URL that would return to this server based on the current request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SESSION_COOKIE

public static final String SESSION_COOKIE
The name of the cookie we use to keep sakai session.

See Also:
Constant Field Values

ATTR_SESSION

public static final String ATTR_SESSION
The request attribute name used to store the Sakai session.

See Also:
Constant Field Values

ATTR_FILTERED

public static final String ATTR_FILTERED
The request attribute name (and value) used to indicated that the request has been filtered.

See Also:
Constant Field Values

ATTR_UPLOADS_DONE

public static final String ATTR_UPLOADS_DONE
The request attribute name (and value) used to indicated that file uploads have been parsed.

See Also:
Constant Field Values

ATTR_CHARACTER_ENCODING_DONE

public static final String ATTR_CHARACTER_ENCODING_DONE
The request attribute name (and value) used to indicated that character encoding has been set.

See Also:
Constant Field Values

ATTR_REDIRECT

public static final String ATTR_REDIRECT
The request attribute name used to indicated that the *response* has been redirected.

See Also:
Constant Field Values

PARAM_AUTO

public static final String PARAM_AUTO
The request parameter name used to indicated that the request is automatic, not from a user action.

See Also:
Constant Field Values

CONFIG_SESSION

public static final String CONFIG_SESSION
Config parameter to control http session handling.

See Also:
Constant Field Values

CONFIG_REMOTE_USER

public static final String CONFIG_REMOTE_USER
Config parameter to control remote user handling.

See Also:
Constant Field Values

CONFIG_TOOL_PLACEMENT

public static final String CONFIG_TOOL_PLACEMENT
Config parameter to control tool placement URL en/de-coding.

See Also:
Constant Field Values

CONFIG_CHARACTER_ENCODING_ENABLED

public static final String CONFIG_CHARACTER_ENCODING_ENABLED
Config parameter to control whether to set the character encoding on the request. Default is true.

See Also:
Constant Field Values

CONFIG_CHARACTER_ENCODING

public static final String CONFIG_CHARACTER_ENCODING
Config parameter which to control character encoding to apply to the request. Default is UTF-8.

See Also:
Constant Field Values

CONFIG_UPLOAD_ENABLED

public static final String CONFIG_UPLOAD_ENABLED
Config parameter to control whether the request filter parses file uploads. Default is true. If false, the tool will need to provide its own upload filter that executes BEFORE the Sakai request filter.

See Also:
Constant Field Values

CONFIG_UPLOAD_MAX

public static final String CONFIG_UPLOAD_MAX
Config parameter to control the maximum allowed upload size (in bytes) from the browser. If defined on the filter, overrides the system property. Default is 1 MB (1048576 bytes). This is an aggregate limit on the sum of all files included in a single request.

See Also:
Constant Field Values

SYSTEM_UPLOAD_MAX

public static final String SYSTEM_UPLOAD_MAX
System property to control the maximum allowed upload size (in MEGABYTES) from the browser. Default is 1 (one megabyte). This is an aggregate limit on the sum of all files included in a single request.

See Also:
Constant Field Values

CONFIG_UPLOAD_THRESHOLD

public static final String CONFIG_UPLOAD_THRESHOLD
Config parameter (in bytes) to control the threshold at which to store uploaded files on-disk (temporarily) instead of in-memory. Default is 1024 bytes.

See Also:
Constant Field Values

CONFIG_UPLOAD_DIR

public static final String CONFIG_UPLOAD_DIR
Config parameter that specifies the absolute path of a temporary directory in which to store file uploads. Default is the servlet container temporary directory. Note that this is TRANSIENT storage, used by the commons-fileupload API. The files must be renamed or otherwise processed (by the tool through the commons-fileupload API) in order for the data to become permenant.

See Also:
Constant Field Values

CONFIG_CONTEXT

public static final String CONFIG_CONTEXT
Config parameter to set the servlet context for context based session (overriding the servlet's context name).

See Also:
Constant Field Values

CONTAINER_SESSION

protected static final int CONTAINER_SESSION
sakaiHttpSession setting for don't do anything.

See Also:
Constant Field Values

SAKAI_SESSION

protected static final int SAKAI_SESSION
sakaiHttpSession setting for use the sakai wide session.

See Also:
Constant Field Values

CONTEXT_SESSION

protected static final int CONTEXT_SESSION
sakaiHttpSession setting for use the context session.

See Also:
Constant Field Values

TOOL_SESSION

protected static final int TOOL_SESSION
sakaiHttpSession setting for use the tool session, in any, else context.

See Also:
Constant Field Values

CURRENT_REMOTE_USER

protected static final String CURRENT_REMOTE_USER
Key in the ThreadLocalManager for binding our remoteUser preference.

See Also:
Constant Field Values

CURRENT_HTTP_SESSION

protected static final String CURRENT_HTTP_SESSION
Key in the ThreadLocalManager for binding our http session preference.

See Also:
Constant Field Values

CURRENT_CONTEXT

protected static final String CURRENT_CONTEXT
Key in the ThreadLocalManager for binding our context id.

See Also:
Constant Field Values

CURRENT_SERVER_URL

public static final String CURRENT_SERVER_URL
Key in the ThreadLocalManager for the serverUrl based on the current request.

See Also:
Constant Field Values

CURRENT_INVALID_SESSION

public static final String CURRENT_INVALID_SESSION
Key in the ThreadLocalManager for the case where a session requested was invalid, and we started a new one.

See Also:
Constant Field Values

CURRENT_HTTP_REQUEST

public static final String CURRENT_HTTP_REQUEST
Key in the ThreadLocalManager for access to the current http request object.

See Also:
Constant Field Values

CURRENT_HTTP_RESPONSE

public static final String CURRENT_HTTP_RESPONSE
Key in the ThreadLocalManager for access to the current http response object.

See Also:
Constant Field Values

DOT

protected static final String DOT
The "." character

See Also:
Constant Field Values

SAKAI_SERVERID

protected static final String SAKAI_SERVERID
The name of the system property that will be used when setting the value of the session cookie.

See Also:
Constant Field Values

m_sakaiHttpSession

protected int m_sakaiHttpSession
If true, we deliver the Sakai wide session as the Http session for each request.


m_sakaiRemoteUser

protected boolean m_sakaiRemoteUser
If true, we deliver the Sakai end user enterprise id as the remote user in each request.


m_toolPlacement

protected boolean m_toolPlacement
If true, we encode / decode the tool placement using the a URL parameter.


m_contextId

protected String m_contextId
Our contex (i.e. servlet context) id.


m_characterEncoding

protected String m_characterEncoding

m_characterEncodingEnabled

protected boolean m_characterEncodingEnabled

m_uploadEnabled

protected boolean m_uploadEnabled

m_uploadMaxSize

protected long m_uploadMaxSize

m_uploadThreshold

protected int m_uploadThreshold

m_uploadTempDir

protected String m_uploadTempDir

m_displayModJkWarning

protected boolean m_displayModJkWarning
Constructor Detail

RequestFilter

public RequestFilter()
Method Detail

destroy

public void destroy()
Take this filter out of service.

Specified by:
destroy in interface Filter

doFilter

public void doFilter(ServletRequest requestObj,
                     ServletResponse responseObj,
                     FilterChain chain)
              throws IOException,
                     ServletException
Filter a request / response.

Specified by:
doFilter in interface Filter
Throws:
IOException
ServletException

init

public void init(FilterConfig filterConfig)
          throws ServletException
Place this filter into service.

Specified by:
init in interface Filter
Parameters:
filterConfig - The filter configuration object
Throws:
ServletException

handleCharacterEncoding

protected void handleCharacterEncoding(HttpServletRequest req,
                                       HttpServletResponse resp)
                                throws UnsupportedEncodingException
If setting character encoding is enabled for this filter, and there isn't already a character encoding on the request, then set the encoding.

Throws:
UnsupportedEncodingException

handleFileUpload

protected HttpServletRequest handleFileUpload(HttpServletRequest req,
                                              HttpServletResponse resp)
                                       throws ServletException,
                                              UnsupportedEncodingException
if the filter is configured to parse file uploads, AND the request is multipart (typically a file upload), then parse the request.

Returns:
If there is a file upload, and the filter handles it, return the wrapped request that has the results of the parsed file upload. Parses the files using Apache commons-fileuplaod. Exposes the results through a wrapped request. Files are available like: fileItem = (FileItem) request.getAttribute("myHtmlFileUploadId");
Throws:
ServletException
UnsupportedEncodingException

assureSession

protected Session assureSession(HttpServletRequest req,
                                HttpServletResponse res)
Make sure we have a Sakai session.

Parameters:
req - The request object.
res - The response object.
Returns:
The Sakai Session object.

detectToolPlacement

protected ToolSession detectToolPlacement(Session s,
                                          HttpServletRequest req)
Detect a tool placement from the URL, and if found, setup the placement attribute and current tool session based on that id.

Parameters:
s - The sakai session.
req - The request, already prepared with the placement id if any.
Returns:
The tool session.

preProcessRequest

protected HttpServletRequest preProcessRequest(Session s,
                                               HttpServletRequest req)
Pre-process the request, returning a possibly wrapped req for further processing.

Parameters:
s - The Sakai Session.
req - The request object.
Returns:
a possibly wrapped and possibly new request object for further processing.

preProcessResponse

protected HttpServletResponse preProcessResponse(Session s,
                                                 HttpServletRequest req,
                                                 HttpServletResponse res)
Pre-process the response, returning a possibly wrapped res for further processing.

Parameters:
s - The Sakai Session.
req - The request object.
res - The response object.
Returns:
a possibly wrapped and possibly new response object for further processing.

postProcessResponse

protected void postProcessResponse(Session s,
                                   HttpServletRequest req,
                                   HttpServletResponse res)
Post-process the response.

Parameters:
s - The Sakai Session.
req - The request object.
res - The response object.

findCookie

protected Cookie findCookie(HttpServletRequest req,
                            String name,
                            String suffix)
Find a cookie by this name from the request; one with a value that has the specified suffix.

Parameters:
req - The servlet request.
name - The cookie name
suffix - The suffix string to find at the end of the found cookie value.
Returns:
The cookie of this name in the request, or null if not found.

serverUrl

public static String serverUrl(HttpServletRequest req)
Compute the URL that would return to this server based on the current request. Note: this method is a duplicate of one in the util/Web.java

Parameters:
req - The request.
Returns:
The URL back to this server based on the current request.