You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Campbell, Lance" <la...@illinois.edu> on 2016/10/13 15:04:13 UTC
how to write a valve
Tomcat 8.0.38
In my Eclipse development environment when particular servlet requests are made I want to simulate going through Shibboleth prior to Tomcat handling the request. I wanted to see if this will work.
In Eclipse within each dynamic web application I would add a valve to the context.xml file.
The valve would:
1) Check the URL request.
2) If the URL string matches a list then it will add particular name value pairs to the request.
Example of a possible valve:
<Valve className="my.valves.ShibbolethSimulationValve" />
1) Can a valve actually identify a particular URL path?
2) Can a valve add an attribute to the request prior to the servlet getting the request?
3) If item #1 and #2 will work does anyone have some base code for a value that would get me started down the correct path?
Thanks for all of your help.
Lance Campbell
Web Services
University of Illinois
Re: how to write a valve
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 13.10.2016 17:04, Campbell, Lance wrote:
> Tomcat 8.0.38
>
> In my Eclipse development environment when particular servlet requests are made I want to simulate going through Shibboleth prior to Tomcat handling the request. I wanted to see if this will work.
>
> In Eclipse within each dynamic web application I would add a valve to the context.xml file.
>
> The valve would:
>
> 1) Check the URL request.
>
> 2) If the URL string matches a list then it will add particular name value pairs to the request.
>
> Example of a possible valve:
>
> <Valve className="my.valves.ShibbolethSimulationValve" />
>
>
> 1) Can a valve actually identify a particular URL path?
>
> 2) Can a valve add an attribute to the request prior to the servlet getting the request?
>
> 3) If item #1 and #2 will work does anyone have some base code for a value that would get me started down the correct path?
>
Hi.
I think the best thing here is to point you to Google. If you search for
"HttpServletRequest immutable", you'll get a whole bunch of useful links.
There is also example code there.
The basic thing here, is that the HttpServletRequest object that you get originally, is
*immutable* (can't be modified, for example to add a header or add additional parameters).
So you have to "wrap" it with a HttpServletRequestWrapper, and then override some of the
standard methods in that wrapper.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by Mark Thomas <ma...@apache.org>.
On 17/10/2016 16:53, Andr� Warnier (tomcat) wrote:
<snip/>
> In this case, the OP originally mentioned "add an attribute to the
> request".
> I have the feeling that the word "attribute" here was not very specific,
> and in reality (since we are talking about an authentication method
> "faking" another one) it may have meant "add a HTTP header" (the OP is
> welcome to correct if I am mistaken).
> Assuming that you were in a Filter, what you would need to do in such a
> "wrapper", would probably be to
> 1) copy the existing request headers in your own, wrapper-specific, new,
> headers collection
> 2) add the additional header to that copied collection
> 3) override all the methods by which one can obtain these headers, to
> return the copied/modified version instead of the original headers
> collection (or member of)
>
> But maybe in a Valve, you do not need to go through all of that, and you
> can modify the original headers collection directly. (question mark)
Correct. In a Valve, you can modify request headers directly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 17.10.2016 16:57, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Mark,
>
> On 10/14/16 6:08 AM, Mark Thomas wrote:
>> On 14/10/2016 10:51, Andr� Warnier (tomcat) wrote:
>>> On 14.10.2016 10:05, Mark Thomas wrote:
>>>> On 13/10/2016 16:04, Campbell, Lance wrote:
>>>>> Tomcat 8.0.38
>>>>>
>>>>> In my Eclipse development environment when particular
>>>>> servlet requests are made I want to simulate going through
>>>>> Shibboleth prior to Tomcat handling the request. I wanted to
>>>>> see if this will work.
>>>>>
>>>>> In Eclipse within each dynamic web application I would add a
>>>>> valve to the context.xml file.
>>>>>
>>>>> The valve would:
>>>>>
>>>>> 1) Check the URL request.
>>>>>
>>>>> 2) If the URL string matches a list then it will add
>>>>> particular name value pairs to the request.
>>>>>
>>>>> Example of a possible valve:
>>>>>
>>>>> <Valve className="my.valves.ShibbolethSimulationValve" />
>>>>>
>>>>>
>>>>> 1) Can a valve actually identify a particular URL path?
>>>>
>>>> Yes. Valves have access to Tomcat's internal request and
>>>> response objects.
>>>>
>>>>> 2) Can a valve add an attribute to the request prior to
>>>>> the servlet getting the request?
>>>>
>>>> Yes.
>>>
>>> Apologies for barging in. Does that mean that, at this point,
>>> the request is still "mutable" ? (at the servlet filter level, it
>>> isn't, as far as I know).
>>
>> Mostly, yes since a Valve has direct access to the internals.
>>
>> In a Filter you are limited to what you can do with
>> HttpServletRequest. It isn't completely immutable (setAttribute(),
>> setCharacterEncoding(), changeSessionId()) but you have a lot less
>> scope for changing the request.
>
> In both cases (Filter, Valve), it's possible to wrap the request
> object (HttpServletRequest in the case of a Filter, (Tomcat) Request
> in the case of a Valve) and basically change anything you want. There
> are certainly things you can't do and expect everything to work -- for
> example, disconnecting the input streams, etc. but many things are
> possible including intercepting calls to the request methods, which is
> of course the most interesting thing that you can do in general.
In this case, the OP originally mentioned "add an attribute to the request".
I have the feeling that the word "attribute" here was not very specific, and in reality
(since we are talking about an authentication method "faking" another one) it may have
meant "add a HTTP header" (the OP is welcome to correct if I am mistaken).
Assuming that you were in a Filter, what you would need to do in such a "wrapper", would
probably be to
1) copy the existing request headers in your own, wrapper-specific, new, headers collection
2) add the additional header to that copied collection
3) override all the methods by which one can obtain these headers, to return the
copied/modified version instead of the original headers collection (or member of)
But maybe in a Valve, you do not need to go through all of that, and you can modify the
original headers collection directly. (question mark)
>
> Tomcat does not include wrapper classes for its Request and Response
> objects, but there are examples includes in a long-standing Bugzilla
> issue[1] that anyone is welcome to use.
>
> In general, I would say that anything that *can* be done in a Filter
> *should* be done in a Filter (as opposed to a Valve). In the OP's
> case, it might not be entirely possible if his operation needs to
> affect the way that authentication is done, since that is typically
> done (for container-based authentication) in Valves before any Filter
> is called.
>
> - -chris
>
> [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=45014
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 10/14/16 6:08 AM, Mark Thomas wrote:
> On 14/10/2016 10:51, Andr� Warnier (tomcat) wrote:
>> On 14.10.2016 10:05, Mark Thomas wrote:
>>> On 13/10/2016 16:04, Campbell, Lance wrote:
>>>> Tomcat 8.0.38
>>>>
>>>> In my Eclipse development environment when particular
>>>> servlet requests are made I want to simulate going through
>>>> Shibboleth prior to Tomcat handling the request. I wanted to
>>>> see if this will work.
>>>>
>>>> In Eclipse within each dynamic web application I would add a
>>>> valve to the context.xml file.
>>>>
>>>> The valve would:
>>>>
>>>> 1) Check the URL request.
>>>>
>>>> 2) If the URL string matches a list then it will add
>>>> particular name value pairs to the request.
>>>>
>>>> Example of a possible valve:
>>>>
>>>> <Valve className="my.valves.ShibbolethSimulationValve" />
>>>>
>>>>
>>>> 1) Can a valve actually identify a particular URL path?
>>>
>>> Yes. Valves have access to Tomcat's internal request and
>>> response objects.
>>>
>>>> 2) Can a valve add an attribute to the request prior to
>>>> the servlet getting the request?
>>>
>>> Yes.
>>
>> Apologies for barging in. Does that mean that, at this point,
>> the request is still "mutable" ? (at the servlet filter level, it
>> isn't, as far as I know).
>
> Mostly, yes since a Valve has direct access to the internals.
>
> In a Filter you are limited to what you can do with
> HttpServletRequest. It isn't completely immutable (setAttribute(),
> setCharacterEncoding(), changeSessionId()) but you have a lot less
> scope for changing the request.
In both cases (Filter, Valve), it's possible to wrap the request
object (HttpServletRequest in the case of a Filter, (Tomcat) Request
in the case of a Valve) and basically change anything you want. There
are certainly things you can't do and expect everything to work -- for
example, disconnecting the input streams, etc. but many things are
possible including intercepting calls to the request methods, which is
of course the most interesting thing that you can do in general.
Tomcat does not include wrapper classes for its Request and Response
objects, but there are examples includes in a long-standing Bugzilla
issue[1] that anyone is welcome to use.
In general, I would say that anything that *can* be done in a Filter
*should* be done in a Filter (as opposed to a Valve). In the OP's
case, it might not be entirely possible if his operation needs to
affect the way that authentication is done, since that is typically
done (for container-based authentication) in Valves before any Filter
is called.
- -chris
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=45014
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYBOa/AAoJEBzwKT+lPKRY+GoQAKTCrNRDzJlo9ZVJW4KkaWXr
hdkBBfQDSIcfnuPXratMdz9WBpyXBVocdq+tqPuDCAhnsT+0hbND+hnHKGW07IZ2
Q5kfZZNc9t9WEMFWo/wUkdmlC55VMxGIRHfLplhbv6ldBv6/XB5JfgBUNUXVCmfq
GzFQ6Es5IG3/5iTD79RypYU2yZ38or4eNff6Os/MKOFajUFDKjnzlTGUa5hN8T7z
aNg7IKrFWgQhqFt8jBHLpTGJt28vNZ/kriEr47YbiO5MviC6mYi15fhdMEMaG0JT
RsNUhLlLuBuCscdElG93LYNDOL8MEwwR3gXRfpq2nfdW9cIY3w8xmgd+mY/VpaIj
DnULQ6Ghx7XD/kJWM4dSutRjPWKFKiaGO4kTnDwEPRLACr2O6YZlFzldrAWtbWpf
GTDtjssFcX7xD/tWjHzD37kfiCAnJjZTGBAEDQcdKwD0M9wLxqIzSaZqRewlTOKT
wjy76PnJE3HFUjRRAXh6iEBRFyb+J9En6i7jGPsplV0aLk6gQB3d8vH0Ggw2qUJz
uIFV5zuNacAqvEvIHb9wBAFxhUlGrftewQpGUK5ZaNjIpgcOeH5KphoAY8KcNKsO
SrcS/i6vS/Uxtiu9JaCk0zMdqIyc1rHHm/UigjjAg5chOvC1KlMeHRgrb7SVPx8z
9cSDZ3M+LFWXGKvyP/rx
=kP1+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by Mark Thomas <ma...@apache.org>.
On 14/10/2016 10:51, Andr Warnier (tomcat) wrote:
> On 14.10.2016 10:05, Mark Thomas wrote:
>> On 13/10/2016 16:04, Campbell, Lance wrote:
>>> Tomcat 8.0.38
>>>
>>> In my Eclipse development environment when particular servlet
>>> requests are made I want to simulate going through Shibboleth prior
>>> to Tomcat handling the request. I wanted to see if this will work.
>>>
>>> In Eclipse within each dynamic web application I would add a valve to
>>> the context.xml file.
>>>
>>> The valve would:
>>>
>>> 1) Check the URL request.
>>>
>>> 2) If the URL string matches a list then it will add particular
>>> name value pairs to the request.
>>>
>>> Example of a possible valve:
>>>
>>> <Valve className="my.valves.ShibbolethSimulationValve" />
>>>
>>>
>>> 1) Can a valve actually identify a particular URL path?
>>
>> Yes. Valves have access to Tomcat's internal request and response
>> objects.
>>
>>> 2) Can a valve add an attribute to the request prior to the
>>> servlet getting the request?
>>
>> Yes.
>
> Apologies for barging in. Does that mean that, at this point, the
> request is still "mutable" ? (at the servlet filter level, it isn't, as
> far as I know).
Mostly, yes since a Valve has direct access to the internals.
In a Filter you are limited to what you can do with HttpServletRequest.
It isn't completely immutable (setAttribute(), setCharacterEncoding(),
changeSessionId()) but you have a lot less scope for changing the request.
Mark
>
>>
>>> 3) If item #1 and #2 will work does anyone have some base code
>>> for a value that would get me started down the correct path?
>>
>> Have a look in the org.apache.catalina.valves package. SemaphoreValve
>> and CrawlerSessionManagerValve should give you an idea.
>>
>> Note that you can also do all of the above with a Filter that isn't
>> Tomcat specific and would, therefore, be usable with other containers as
>> well.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 14.10.2016 10:05, Mark Thomas wrote:
> On 13/10/2016 16:04, Campbell, Lance wrote:
>> Tomcat 8.0.38
>>
>> In my Eclipse development environment when particular servlet requests are made I want to simulate going through Shibboleth prior to Tomcat handling the request. I wanted to see if this will work.
>>
>> In Eclipse within each dynamic web application I would add a valve to the context.xml file.
>>
>> The valve would:
>>
>> 1) Check the URL request.
>>
>> 2) If the URL string matches a list then it will add particular name value pairs to the request.
>>
>> Example of a possible valve:
>>
>> <Valve className="my.valves.ShibbolethSimulationValve" />
>>
>>
>> 1) Can a valve actually identify a particular URL path?
>
> Yes. Valves have access to Tomcat's internal request and response objects.
>
>> 2) Can a valve add an attribute to the request prior to the servlet getting the request?
>
> Yes.
Apologies for barging in. Does that mean that, at this point, the request is still
"mutable" ? (at the servlet filter level, it isn't, as far as I know).
>
>> 3) If item #1 and #2 will work does anyone have some base code for a value that would get me started down the correct path?
>
> Have a look in the org.apache.catalina.valves package. SemaphoreValve
> and CrawlerSessionManagerValve should give you an idea.
>
> Note that you can also do all of the above with a Filter that isn't
> Tomcat specific and would, therefore, be usable with other containers as
> well.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: how to write a valve
Posted by Mark Thomas <ma...@apache.org>.
On 13/10/2016 16:04, Campbell, Lance wrote:
> Tomcat 8.0.38
>
> In my Eclipse development environment when particular servlet requests are made I want to simulate going through Shibboleth prior to Tomcat handling the request. I wanted to see if this will work.
>
> In Eclipse within each dynamic web application I would add a valve to the context.xml file.
>
> The valve would:
>
> 1) Check the URL request.
>
> 2) If the URL string matches a list then it will add particular name value pairs to the request.
>
> Example of a possible valve:
>
> <Valve className="my.valves.ShibbolethSimulationValve" />
>
>
> 1) Can a valve actually identify a particular URL path?
Yes. Valves have access to Tomcat's internal request and response objects.
> 2) Can a valve add an attribute to the request prior to the servlet getting the request?
Yes.
> 3) If item #1 and #2 will work does anyone have some base code for a value that would get me started down the correct path?
Have a look in the org.apache.catalina.valves package. SemaphoreValve
and CrawlerSessionManagerValve should give you an idea.
Note that you can also do all of the above with a Filter that isn't
Tomcat specific and would, therefore, be usable with other containers as
well.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org