org.apache.catalina.valves
Class RequestFilterValve
- Contained, MBeanRegistration, Valve
public abstract class RequestFilterValve
Implementation of a Valve that performs filtering based on comparing the
appropriate request property (selected based on which subclass you choose
to configure into your Container's pipeline) against a set of regular
expressions configured for this Valve.
This valve is configured by setting the
allow
and/or
deny
properties to a comma-delimited list of regular
expressions (in the syntax supported by the jakarta-regexp library) to
which the appropriate request property will be compared. Evaluation
proceeds as follows:
- The subclass extracts the request property to be filtered, and
calls the common
process()
method.
- If there are any deny expressions configured, the property will
be compared to each such expression. If a match is found, this
request will be rejected with a "Forbidden" HTTP response.
- If there are any allow expressions configured, the property will
be compared to each such expression. If a match is found, this
request will be allowed to pass through to the next Valve in the
current pipeline.
- If one or more deny expressions was specified but no allow expressions,
allow this request to pass through (because none of the deny
expressions matched it).
- The request will be rejected with a "Forbidden" HTTP response.
This Valve may be attached to any Container, depending on the granularity
of the filtering you wish to perform.
Version:
- Craig R. McClanahan
protected String | allow - The comma-delimited set of
allow expressions.
|
protected RE[] | allows - The set of
allow regular expressions we will evaluate.
|
protected RE[] | denies - The set of
deny regular expressions we will evaluate.
|
protected String | deny - The comma-delimited set of
deny expressions.
|
protected static StringManager | sm - The StringManager for this package.
|
String | getAllow() - Return a comma-delimited set of the
allow expressions
configured for this Valve, if any; otherwise, return null .
|
String | getDeny() - Return a comma-delimited set of the
deny expressions
configured for this Valve, if any; otherwise, return null .
|
String | getInfo() - Return descriptive information about this Valve implementation.
|
void | invoke(Request request, Response response, ValveContext context) - Extract the desired request property, and pass it (along with the
specified request and response objects) to the protected
process() method to perform the actual filtering.
|
protected RE[] | precalculate(String list) - Return an array of regular expression objects initialized from the
specified argument, which must be
null or a comma-delimited
list of regular expression patterns.
|
protected void | process(String property, Request request, Response response, ValveContext context) - Perform the filtering that has been configured for this Valve, matching
against the specified request property.
|
void | setAllow(String allow) - Set the comma-delimited set of the
allow expressions
configured for this Valve, if any.
|
void | setDeny(String deny) - Set the comma-delimited set of the
deny expressions
configured for this Valve, if any.
|
createObjectName , getContainer , getContainerName , getController , getDebug , getDomain , getInfo , getObjectName , getParentName , invoke , postDeregister , postRegister , preDeregister , preRegister , setContainer , setController , setDebug , setObjectName |
allow
protected String allow
The comma-delimited set of allow
expressions.
allows
protected RE[] allows
The set of allow
regular expressions we will evaluate.
denies
protected RE[] denies
The set of deny
regular expressions we will evaluate.
deny
protected String deny
The comma-delimited set of deny
expressions.
sm
protected static StringManager sm
The StringManager for this package.
getAllow
public String getAllow()
Return a comma-delimited set of the allow
expressions
configured for this Valve, if any; otherwise, return null
.
getDeny
public String getDeny()
Return a comma-delimited set of the deny
expressions
configured for this Valve, if any; otherwise, return null
.
getInfo
public String getInfo()
Return descriptive information about this Valve implementation.
- getInfo in interface Valve
- getInfo in interface ValveBase
invoke
public void invoke(Request request,
Response response,
ValveContext context)
throws IOException,
ServletException
Extract the desired request property, and pass it (along with the
specified request and response objects) to the protected
process()
method to perform the actual filtering.
This method must be implemented by a concrete subclass.
- invoke in interface Valve
- invoke in interface ValveBase
request
- The servlet request to be processedresponse
- The servlet response to be createdcontext
- The valve context used to invoke the next valve
in the current processing pipeline
precalculate
protected RE[] precalculate(String list)
Return an array of regular expression objects initialized from the
specified argument, which must be null
or a comma-delimited
list of regular expression patterns.
list
- The comma-separated list of patterns
process
protected void process(String property,
Request request,
Response response,
ValveContext context)
throws IOException,
ServletException
Perform the filtering that has been configured for this Valve, matching
against the specified request property.
property
- The request property on which to filterrequest
- The servlet request to be processedresponse
- The servlet response to be processedcontext
- The valve context used to invoke the next valve
in the current processing pipeline
setAllow
public void setAllow(String allow)
Set the comma-delimited set of the allow
expressions
configured for this Valve, if any.
allow
- The new set of allow expressions
setDeny
public void setDeny(String deny)
Set the comma-delimited set of the deny
expressions
configured for this Valve, if any.
deny
- The new set of deny expressions
Copyright B) 2000-2003 Apache Software Foundation. All Rights Reserved.