Class ServletUtils


  • public final class ServletUtils
    extends Object
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int ERR  
      static org.slf4j.Logger LOG  
    • Field Detail

      • LOG

        public static final org.slf4j.Logger LOG
    • Method Detail

      • getRequestTrace

        public static String getRequestTrace​(javax.servlet.http.HttpServletRequest req)
        Schreibt Request-Header raus
      • logRequestTrace

        public static void logRequestTrace​(javax.servlet.http.HttpServletRequest req,
                                           org.slf4j.Logger logger)
      • unwrapResponse

        public static javax.servlet.http.HttpServletResponse unwrapResponse​(javax.servlet.http.HttpServletResponse response)
        Unwraps the servlet response, removing CDI proxies and all ServletResponseWrapper, returning the raw unwrapped HTTP servlet response.
        Parameters:
        response - Response to unwrap.
        Returns:
        The unwrapped response.
      • getUrlParam

        public static String getUrlParam​(javax.servlet.http.HttpServletRequest req,
                                         int idx)
        Auslesen eines Parameter aus einer ServletUrl. Der Index gibt die Position an, begonnen wird bei 0. Aufbau der URL:
         web-app-url/servlet/param0/param1/...
         
        Parameters:
        req - HttpServletRequest mit Parameter
        idx - Index des Parameters
        Returns:
        Parameter aus HttpRequest. Wird kein Parameter gefunden wird null zurückgegeben.
      • getUrlIntParam

        public static int getUrlIntParam​(javax.servlet.http.HttpServletRequest req,
                                         int idx)
        Auslesen eines Int-Parameters aus einer ServletUrl. Weitere Informationen siehe ServletUtils#getParam(req, idx)
      • getIntParam

        public static int getIntParam​(String param)
      • parseForSingleParameters

        public static Map<String,​String> parseForSingleParameters​(javax.servlet.http.HttpServletRequest request,
                                                                        Long limit)
                                                                 throws org.apache.commons.fileupload.FileUploadException,
                                                                        IOException
        Assumes there are no file uploads. Reads all parameters from the request, including parameters from a multipart request. In case there are multiple values for a parameter key (eg. http://example.com?foo=bar&foo=baz), only one value is returned. Also handles the case of form encoded requests with different methods such as DELETE or PUT.
        Parameters:
        request - Request to be parsed
        limit - Limit in bytes for a multipart request. Set to 0 or null for no limit.
        Returns:
        A map of all request parameters, including form parameters from a multipart request.
        Throws:
        org.apache.commons.fileupload.FileUploadException - When the request is a multipart request and could not be parsed.
        IOException - When the body of the HTTP request could not be read.
      • parseForMultipleParameters

        public static Map<String,​List<String>> parseForMultipleParameters​(javax.servlet.http.HttpServletRequest request,
                                                                                Long limit)
                                                                         throws org.apache.commons.fileupload.FileUploadException,
                                                                                IOException
        Assumes there are no file uploads. Reads all parameters from the request, including parameters from a multipart request. Also handles the case of form encoded requests with different methods such as DELETE or PUT.
        Parameters:
        request - Request to be parsed
        limit - Limit in bytes for a multipart request. Set to 0 or null for no limit.
        Returns:
        A map of all request parameters, including form parameters from a multipart request.
        Throws:
        org.apache.commons.fileupload.FileUploadException - When the request is a multipart request and could not be parsed.
        IOException - When the body of the HTTP request could not be read.
      • readJSONFromPayLoad

        public static String readJSONFromPayLoad​(InputStream is)
        InputStream in einen String umwandeln.
        Parameters:
        is - InputStream
        Returns:
        JSON-String aus InputStream, im Fehlerfall wird null zurückgegeben.
      • setNoCacheHeaders

        public static final void setNoCacheHeaders​(javax.servlet.http.HttpServletResponse resp)
      • addRobotsTagHeader

        public static void addRobotsTagHeader​(javax.servlet.http.HttpServletResponse resp,
                                              String botName,
                                              ERobotsTag... tags)
        Adds a X-Robots-Tag header for all or one specific bot. See e.g. https://developers.google.com/search/docs/advanced/robots/robots_meta_tag for reference.
        Parameters:
        resp - Servlet response on which to set the header.
        botName - Name of the bot to which the robots tags should apply, such as googlebot, Bingbot, or Baiduspider. null or empty if they should apply to all robots.
        tags - Robots tag to set.
      • setRobotsTagHeader

        public static void setRobotsTagHeader​(javax.servlet.http.HttpServletResponse resp,
                                              String botName,
                                              ERobotsTag... tags)
        Sets the X-Robots-Tag header (overwriting all existing headers) for all or one specific bot. See e.g. https://developers.google.com/search/docs/advanced/robots/robots_meta_tag for reference.
        Parameters:
        resp - Servlet response on which to set the header.
        botName - Name of the bot to which the robots tags should apply, such as googlebot, Bingbot, or Baiduspider. null or empty if they should apply to all robots.
        tags - Robots tag to set.
      • setFormAccessControllHeaders

        public static final void setFormAccessControllHeaders​(javax.servlet.http.HttpServletResponse resp)
      • setFormAccessControllHeaders

        public static final void setFormAccessControllHeaders​(javax.servlet.http.HttpServletResponse resp,
                                                              String allowOrigin)
      • setAccessControlHeader

        public static final void setAccessControlHeader​(javax.servlet.http.HttpServletResponse resp)
        Sets the header Access-Control-Allow-Origin: *.
        Parameters:
        resp - Response to process.
      • setAccessControlHeader

        public static final void setAccessControlHeader​(javax.servlet.http.HttpServletResponse resp,
                                                        int deltaSeconds,
                                                        javax.servlet.http.HttpServletRequest req,
                                                        boolean allowCredentials,
                                                        Iterable<String> allowMethods,
                                                        Iterable<String> allowHeaders,
                                                        Iterable<String> exposeHeaders)
        Sets the various Access-Control-* headers on the given response.
        Parameters:
        resp - Response to process.
        deltaSeconds - The value for the Access-Control-Max-Age header, which indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. Set to a value less than 0 to not set this header.
        req - Origin to allow for the Access-Control-Allow-Origin header, uses the Origin header of the request.
        allowCredentials - When true, sets Access-Control-Allow-Credentials: true. It tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials) is include.
        allowMethods - HTTP methods for the Access-Control-Allow-Methods header, which specifies one or more methods allowed when accessing a resource in response to a preflight request.
        allowHeaders - Headers for the Access-Control-Allow-Headers header, which indicates which HTTP headers can be used during the actual request.
        exposeHeaders - Headers for the Access-Control-Expose-Headers header, which indicates which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
      • setAccessControlHeader

        public static final void setAccessControlHeader​(javax.servlet.http.HttpServletResponse resp,
                                                        int deltaSeconds,
                                                        String origin,
                                                        boolean allowCredentials,
                                                        Iterable<String> allowMethods,
                                                        Iterable<String> allowHeaders,
                                                        Iterable<String> exposeHeaders)
        Sets the various Access-Control-* headers on the given response.
        Parameters:
        resp - Response to process.
        deltaSeconds - The value for the Access-Control-Max-Age header, which indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. Set to a value less than 0 to not set this header.
        origin - Origin to allow for the Access-Control-Allow-Origin header. When empty or null, uses *.
        allowCredentials - When true, sets Access-Control-Allow-Credentials: true. It tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials) is include.
        allowMethods - HTTP methods for the Access-Control-Allow-Methods header, which specifies one or more methods allowed when accessing a resource in response to a preflight request.
        allowHeaders - Headers for the Access-Control-Allow-Headers header, which indicates which HTTP headers can be used during the actual request.
        exposeHeaders - Headers for the Access-Control-Expose-Headers header, which indicates which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
      • pn

        public static final String pn​(String... attribs)
        Returns:
        Die übergebene Attributkette in Punktnotation, bspw "attribs0.attribs1.attribs2".
      • pn2ul

        public static final String pn2ul​(String str)
        Returns:
        Der übergebene String, wobei Punkte('.') mit Unterstrichen('_') erstetzt werden.
      • ul2pn

        public static final String ul2pn​(String str)
        Returns:
        Der übergebene String, wobei Unterstriche('_') mit Punkten('.') erstetzt werden.
      • dateFormatter

        public static SimpleDateFormat dateFormatter()
        Returns:
        SimpleDateFormat auf Basis des Standardformats für Datumsangaben
      • checkForDate

        public static Object checkForDate​(Object value)
        Falls übergebener Wert kein Datums-String im erwarteten Format ist, wird der Original-Wert zurückgegeben, ansonsten das entsprechende java.util.Date.
      • setFormRobotsTags

        public static void setFormRobotsTags​(javax.servlet.http.HttpServletRequest req,
                                             javax.servlet.http.HttpServletResponse resp)
        Sets the noindex and nofollow tags when a security related parameter is present in the request (process ID , form request ID, form session ID, verify ID, verify workflow node ID, username).
        Parameters:
        req - Request that was made.
        resp - Response that is to be sent.s
      • addCspPolicy

        public static void addCspPolicy​(javax.servlet.http.HttpServletResponse res,
                                        String policy)
        Amends the Content-Security-Policy header with the given policy, preserving existing policies.
        Parameters:
        res - HTTP response to which to add the policy.
        policy - Policy to add.
      • addCspReportOnlyPolicy

        public static void addCspReportOnlyPolicy​(javax.servlet.http.HttpServletResponse res,
                                                  String policy)
        Amends the Content-Security-Policy-Report-Only header with the given policy, preserving existing policies.
        Parameters:
        res - HTTP response to which to add the policy.
        policy - Policy to add.