Package org.forgerock.openig.filter
Class DataPreservationFilter
java.lang.Object
org.forgerock.openig.filter.DataPreservationFilter
- All Implemented Interfaces:
Filter
The
DataPreservationFilter supports preserving POSTed data from a request that triggers a login redirect.
The entity data from the request is preserved in the http session before redirecting to authentication. If a
subsequent GET request is seen, that matched the original request path and there is preserved data, an empty
self-submitting form is returned to the user-agent. Using a self-posting form for the last step, rather than just
transforming the GET into a POST, ensures that user-agent is generating the POST. Using an empty self-posting form,
rather than the original data, ensures that there is no opportunity for the data to be manipulated since preserving
the original request and no data validation/manipulation is required within the filter. When this empty POST request
is processed, the entity is replaced with the preserved data and the request flows through to the next filter.
{
"type": "DataPreservationFilter",
"config": {
"noJavaScriptMessage: String [OPTIONAL - the message to show when the user-agent does
not support JavaScript. JavaScript is used to
replay the preserved FORM data from the original
POST that triggered a login redirect.
Defaults to {@link #NO_JAVASCRIPT_MESSAGE_DEFAULT }
"maxContentLength": Integer [OPTIONAL - determine how big a POST request, in bytes, based
on the Content-Length header, that we are willing to
preserve in this filter. Repeated requests to a route
with this filter, that contain large payloads, that
also trigger an authentication redirect, could use up
a lot of memory/processing without some control over
the maximum size we are willing to preserve.
Defaults to {@link #MAX_CONTENT_LENGTH_DEFAULT }.]
"lifetime": Duration [OPTIONAL - determines how long a preserved POST item will survive
in the session, should more than one preservation be
occurring during the lifetime of a session. Defaults to
{@link #LIFETIME_DURATION_DEFAULT}.]
}
}
-
Nested Class Summary
Nested Classes -
Constructor Summary
ConstructorsConstructorDescriptionDataPreservationFilter(String noJavaScriptMessage, int maxContentLength, Randoms.UrlFriendlyRandomStringGenerator randomGenerator, Duration lifetime, Clock clock) Creates a newDataPreservationFilter. -
Method Summary
-
Constructor Details
-
DataPreservationFilter
public DataPreservationFilter(String noJavaScriptMessage, int maxContentLength, Randoms.UrlFriendlyRandomStringGenerator randomGenerator, Duration lifetime, Clock clock) Creates a newDataPreservationFilter.- Parameters:
noJavaScriptMessage- The message to show on the self-posting form when JavaScript is not enabled.maxContentLength- A request Content-Length header value must be less than or equal to this value to be seen as a valid request for preserving.randomGenerator- Source of random value used for marker values.lifetime- The amount of time stored data can stay in the session.clock- TheClockto use to when keeping track of data lifetimes.
-
-
Method Details
-
filter
public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next) Description copied from interface:FilterFilters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter callsnext.handle(context, request).This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to
next.handle(context, request)and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.
-