You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/03/21 00:02:55 UTC
svn commit: r1303194 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/catalina/valves/RequestFilterValve.java
java/org/apache/catalina/valves/mbeans-descriptors.xml
webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: kkolinko
Date: Tue Mar 20 23:02:55 2012
New Revision: 1303194
URL: http://svn.apache.org/viewvc?rev=1303194&view=rev
Log:
Add "denyStatus" attribute to RequestFilterValve.
Add overridable denyRequest() method to RequestFilterValve.
The denyStatus attribute is used to change HTTP status code that is used when rejecting denied request.
E.g. to be 404 instead of default 403.
Backport of r1202565 in trunk, r1202570 in TC7.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1303194&r1=1303193&r2=1303194&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Mar 20 23:02:55 2012
@@ -61,14 +61,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko
-1:
-* Add denyStatus attribute to RequestFilterValve
- (RemoteAddrValve, RemoteHostValve valves). It allows to use different
- HTTP response code when rejecting denied request. E.g. 404 instead of 403.
- http://people.apache.org/~kkolinko/patches/2011-11-16_tc6_RequestFilterValve_denyStatus.patch
- (r1202565 in trunk, r1202570 in TC7)
- +1: kkolinko, rjung, fhanik
- -1:
-
* Backport SetCharacterEncodingFilter
1) patch
http://people.apache.org/~kkolinko/patches/2011-12-22_tc6_SetCharacterEncodingFilter.patch
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1303194&r1=1303193&r2=1303194&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Tue Mar 20 23:02:55 2012
@@ -133,6 +133,12 @@ public abstract class RequestFilterValve
protected volatile boolean denyValid = true;
/**
+ * The HTTP response status code that is used when rejecting denied
+ * request. It is 403 by default, but may be changed to be 404.
+ */
+ protected int denyStatus = HttpServletResponse.SC_FORBIDDEN;
+
+ /**
* The lifecycle event support for this component.
*/
protected LifecycleSupport lifecycle = new LifecycleSupport(this);
@@ -224,6 +230,22 @@ public abstract class RequestFilterValve
/**
+ * Return response status code that is used to reject denied request.
+ */
+ public int getDenyStatus() {
+ return denyStatus;
+ }
+
+
+ /**
+ * Set response status code that is used to reject denied request.
+ */
+ public void setDenyStatus(int denyStatus) {
+ this.denyStatus = denyStatus;
+ }
+
+
+ /**
* Return descriptive information about this Valve implementation.
*/
public String getInfo() {
@@ -318,8 +340,22 @@ public abstract class RequestFilterValve
}
// Deny this request
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ denyRequest(request, response);
+
+ }
+
+ /**
+ * Reject the request that was denied by this valve.
+ *
+ * @param request The servlet request to be processed
+ * @param response The servlet response to be processed
+ * @exception IOException if an input/output error occurs
+ * @exception ServletException if a servlet error occurs
+ */
+ protected void denyRequest(Request request, Response response)
+ throws IOException, ServletException {
+ response.sendError(denyStatus);
}
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml?rev=1303194&r1=1303193&r2=1303194&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml Tue Mar 20 23:02:55 2012
@@ -306,6 +306,10 @@
description="The comma-delimited set of deny expressions"
type="java.lang.String"/>
+ <attribute name="denyStatus"
+ description="HTTP response status code that is used when rejecting denied request"
+ type="int"/>
+
<attribute name="denyValid"
description="Becomes false if assigned value of deny expression is not syntactically correct"
is="true"
@@ -353,6 +357,10 @@
description="The comma-delimited set of deny expressions"
type="java.lang.String"/>
+ <attribute name="denyStatus"
+ description="HTTP response status code that is used when rejecting denied request"
+ type="int"/>
+
<attribute name="denyValid"
description="Becomes false if assigned value of deny expression is not syntactically correct"
is="true"
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1303194&r1=1303193&r2=1303194&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Mar 20 23:02:55 2012
@@ -107,6 +107,12 @@
Slightly improve performance of UDecoder.convert(). Align
<code>%2f</code> handling between implementations. (kkolinko)
</fix>
+ <add>
+ Add <code>denyStatus</code> attribute to <code>RequestFilterValve</code>
+ (<code>RemoteAddrValve</code>, <code>RemoteHostValve</code> valves).
+ It allows to use different HTTP response code when rejecting denied
+ request. E.g. 404 instead of 403. (kkolinko)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml?rev=1303194&r1=1303193&r2=1303194&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml Tue Mar 20 23:02:55 2012
@@ -282,6 +282,12 @@
governed solely by the <code>accept</code> attribute.</p>
</attribute>
+ <attribute name="denyStatus" required="false">
+ <p>HTTP response status code that is used when rejecting denied
+ request. The default value is <code>403</code>. For example,
+ it can be set to the value <code>404</code>.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -338,6 +344,12 @@
governed solely by the <code>accept</code> attribute.</p>
</attribute>
+ <attribute name="denyStatus" required="false">
+ <p>HTTP response status code that is used when rejecting denied
+ request. The default value is <code>403</code>. For example,
+ it can be set to the value <code>404</code>.</p>
+ </attribute>
+
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org