omnifaces icon indicating copy to clipboard operation
omnifaces copied to clipboard

Published 20 hours ago verified publisher icon omnifaces

Editable header HttpServletRequestWrapper class

Open djmj opened this issue 3 years ago • 4 comments
trafficstars

In my authentification @WebFilter i previously redireted to the login page if user is not logged in appending the current URI as a request param like "/login?referer=/account".

I wanted to get rid of this "referer" query param in the application and used the referer request param which easily worked using the internal links, except inside a filter since the header params are not accessible from the HttpServletRequest object.

So i had to use a wrapper from following comment to make it work: https://stackoverflow.com/a/23590606/1085958

Maybe its an OmniFaces candidate since others have similar problems.

djmj avatar Mar 08 '22 20:03 djmj

Feature request is understood, however ..

except inside a filter since the header params are not accessible from the HttpServletRequest object

.. this is actually not true. Inside a filter, only the request.getServletPath() and request.getPathInfo() are not per definition available (because final target servlet is on an initial request only known for sure when all filters are finished). But the request params and headers must all be readily available. Perhaps you was actually sending a redirect to that filter?

BalusC avatar Mar 19 '22 13:03 BalusC

Yes they are available but not editable since HttpServletRequest.getHeaderNames() is immutable and i want to edit them.

Perhaps you was actually sending a redirect to that filter? Not sure exactly what you mean?

I am doing something like this:

@WebFilter(filterName = "UserAuthenticationFilter", urlPatterns =
{
	"/sites/user/account.xhtml"
}, dispatcherTypes =
{
	DispatcherType.FORWARD, DispatcherType.REQUEST, DispatcherType.ERROR
})
public class UserAuthFilter extends HttpFilter
{
	@Override
	public void doFilter(final HttpServletRequest request, final HttpServletResponse response,
		final HttpSession session, final FilterChain chain) throws ServletException, IOException
	{
		if(isLoggedIn())
			chain.doFilter(request, response);
		else
		{
			// get forwarded url in case of rewritten url's
			final String currentURL = Servlets.getRequestDomainURL(request)
				+ Servlets.getRequestURIWithQueryString("/sites/user/login.xhtml");

			// set current url as referer - for post login redirect
			final HttpServletRequestHeader requestHeader = new HttpServletRequestHeader(request);
			requestHeader.addHeader("referer", currentURL);

			// create login URI
			final UriBuilder uriBuilder = UriBuilder.fromUri(loginUri);
			final String uri = request.getContextPath() + uriBuilder.build().toString();

			// forward to login page with new referer
			request.getRequestDispatcher(uri).forward(requestHeader, response);
		}
	}
}

djmj avatar Mar 19 '22 15:03 djmj

Hm ok, probably you meant to say "mutable" instead of "accessible" in the following sentence?

except inside a filter since the header params are not accessible from the HttpServletRequest object

BalusC avatar Mar 19 '22 16:03 BalusC

Yes exactly!

djmj avatar Mar 19 '22 16:03 djmj

I've added a MutableRequestFilter and associated helper methods in Faces, FacesLocal and Servlets to obtain the mutable header map and mutable parameter map.

BalusC avatar Sep 24 '22 22:09 BalusC