Package de.xima.fc.web.common.utils
Class ServletUtils
- java.lang.Object
-
- de.xima.fc.web.common.utils.ServletUtils
-
public final class ServletUtils extends Object
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
addCspPolicy(javax.servlet.http.HttpServletResponse res, String policy)
Amends theContent-Security-Policy
header with the given policy, preserving existing policies.static void
addCspReportOnlyPolicy(javax.servlet.http.HttpServletResponse res, String policy)
Amends theContent-Security-Policy-Report-Only
header with the given policy, preserving existing policies.static void
addRobotsTagHeader(javax.servlet.http.HttpServletResponse resp, String botName, ERobotsTag... tags)
Adds aX-Robots-Tag
header for all or one specific bot.static Object
checkForDate(Object value)
Falls übergebener Wert kein Datums-String im erwarteten Format ist, wird der Original-Wert zurückgegeben, ansonsten das entsprechendejava.util.Date
.static SimpleDateFormat
dateFormatter()
static int
getIntParam(String param)
static String
getRequestTrace(javax.servlet.http.HttpServletRequest req)
Schreibt Request-Header rausstatic int
getUrlIntParam(javax.servlet.http.HttpServletRequest req, int idx)
Auslesen eines Int-Parameters aus einer ServletUrl.static String
getUrlParam(javax.servlet.http.HttpServletRequest req, int idx)
Auslesen eines Parameter aus einer ServletUrl.static void
logRequestTrace(javax.servlet.http.HttpServletRequest req, org.slf4j.Logger logger)
static Map<String,List<String>>
parseForMultipleParameters(javax.servlet.http.HttpServletRequest request, Long limit)
Assumes there are no file uploads.static Map<String,String>
parseForSingleParameters(javax.servlet.http.HttpServletRequest request, Long limit)
Assumes there are no file uploads.static String
pn(String... attribs)
static String
pn2ul(String str)
static String
readJSONFromPayLoad(InputStream is)
InputStream in einen String umwandeln.static void
setAccessControlHeader(javax.servlet.http.HttpServletResponse resp)
Sets the headerAccess-Control-Allow-Origin: *
.static void
setAccessControlHeader(javax.servlet.http.HttpServletResponse resp, int deltaSeconds, String origin, boolean allowCredentials, Iterable<String> allowMethods, Iterable<String> allowHeaders, Iterable<String> exposeHeaders)
Sets the variousAccess-Control-*
headers on the given response.static void
setAccessControlHeader(javax.servlet.http.HttpServletResponse resp, int deltaSeconds, javax.servlet.http.HttpServletRequest req, boolean allowCredentials, Iterable<String> allowMethods, Iterable<String> allowHeaders, Iterable<String> exposeHeaders)
Sets the variousAccess-Control-*
headers on the given response.static void
setDefaultEncodings(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
static void
setFormAccessControllHeaders(javax.servlet.http.HttpServletResponse resp)
static void
setFormAccessControllHeaders(javax.servlet.http.HttpServletResponse resp, String allowOrigin)
static void
setFormRobotsTags(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
Sets thenoindex
andnofollow
tags when a security related parameter is present in the request (process ID , form request ID, form session ID, verify ID, verify workflow node ID, username).static void
setNoCacheHeaders(javax.servlet.http.HttpServletResponse resp)
static void
setRobotsTagHeader(javax.servlet.http.HttpServletResponse resp, String botName, ERobotsTag... tags)
Sets theX-Robots-Tag
header (overwriting all existing headers) for all or one specific bot.static String
ul2pn(String str)
static javax.servlet.http.HttpServletResponse
unwrapResponse(javax.servlet.http.HttpServletResponse response)
Unwraps the servlet response, removing CDI proxies and allServletResponseWrapper
, returning the raw unwrapped HTTP servlet response.
-
-
-
Field Detail
-
LOG
public static final org.slf4j.Logger LOG
-
ERR
public static final int ERR
- See Also:
- Constant Field Values
-
-
Method Detail
-
getRequestTrace
public static String getRequestTrace(javax.servlet.http.HttpServletRequest req)
Schreibt Request-Header raus
-
logRequestTrace
public static void logRequestTrace(javax.servlet.http.HttpServletRequest req, org.slf4j.Logger logger)
-
unwrapResponse
public static javax.servlet.http.HttpServletResponse unwrapResponse(javax.servlet.http.HttpServletResponse response)
Unwraps the servlet response, removing CDI proxies and allServletResponseWrapper
, returning the raw unwrapped HTTP servlet response.- Parameters:
response
- Response to unwrap.- Returns:
- The unwrapped response.
-
getUrlParam
public static String getUrlParam(javax.servlet.http.HttpServletRequest req, int idx)
Auslesen eines Parameter aus einer ServletUrl. Der Index gibt die Position an, begonnen wird bei 0. Aufbau der URL:web-app-url/servlet/param0/param1/...
- Parameters:
req
- HttpServletRequest mit Parameteridx
- Index des Parameters- Returns:
- Parameter aus HttpRequest. Wird kein Parameter gefunden wird null zurückgegeben.
-
getUrlIntParam
public static int getUrlIntParam(javax.servlet.http.HttpServletRequest req, int idx)
Auslesen eines Int-Parameters aus einer ServletUrl. Weitere Informationen siehe ServletUtils#getParam(req, idx)
-
getIntParam
public static int getIntParam(String param)
-
parseForSingleParameters
public static Map<String,String> parseForSingleParameters(javax.servlet.http.HttpServletRequest request, Long limit) throws org.apache.commons.fileupload.FileUploadException, IOException
Assumes there are no file uploads. Reads all parameters from the request, including parameters from a multipart request. In case there are multiple values for a parameter key (eg.http://example.com?foo=bar&foo=baz
), only one value is returned. Also handles the case of form encoded requests with different methods such asDELETE
orPUT
.- Parameters:
request
- Request to be parsedlimit
- Limit in bytes for a multipart request. Set to0
ornull
for no limit.- Returns:
- A map of all request parameters, including form parameters from a multipart request.
- Throws:
org.apache.commons.fileupload.FileUploadException
- When the request is a multipart request and could not be parsed.IOException
- When the body of the HTTP request could not be read.
-
parseForMultipleParameters
public static Map<String,List<String>> parseForMultipleParameters(javax.servlet.http.HttpServletRequest request, Long limit) throws org.apache.commons.fileupload.FileUploadException, IOException
Assumes there are no file uploads. Reads all parameters from the request, including parameters from a multipart request. Also handles the case of form encoded requests with different methods such asDELETE
orPUT
.- Parameters:
request
- Request to be parsedlimit
- Limit in bytes for a multipart request. Set to0
ornull
for no limit.- Returns:
- A map of all request parameters, including form parameters from a multipart request.
- Throws:
org.apache.commons.fileupload.FileUploadException
- When the request is a multipart request and could not be parsed.IOException
- When the body of the HTTP request could not be read.
-
readJSONFromPayLoad
public static String readJSONFromPayLoad(InputStream is)
InputStream in einen String umwandeln.- Parameters:
is
- InputStream- Returns:
- JSON-String aus InputStream, im Fehlerfall wird null zurückgegeben.
-
setDefaultEncodings
public static final void setDefaultEncodings(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) throws UnsupportedEncodingException
- Throws:
UnsupportedEncodingException
-
setNoCacheHeaders
public static final void setNoCacheHeaders(javax.servlet.http.HttpServletResponse resp)
-
addRobotsTagHeader
public static void addRobotsTagHeader(javax.servlet.http.HttpServletResponse resp, String botName, ERobotsTag... tags)
Adds aX-Robots-Tag
header for all or one specific bot. See e.g. https://developers.google.com/search/docs/advanced/robots/robots_meta_tag for reference.- Parameters:
resp
- Servlet response on which to set the header.botName
- Name of the bot to which the robots tags should apply, such asgooglebot
,Bingbot
, orBaiduspider
.null
or empty if they should apply to all robots.tags
- Robots tag to set.
-
setRobotsTagHeader
public static void setRobotsTagHeader(javax.servlet.http.HttpServletResponse resp, String botName, ERobotsTag... tags)
Sets theX-Robots-Tag
header (overwriting all existing headers) for all or one specific bot. See e.g. https://developers.google.com/search/docs/advanced/robots/robots_meta_tag for reference.- Parameters:
resp
- Servlet response on which to set the header.botName
- Name of the bot to which the robots tags should apply, such asgooglebot
,Bingbot
, orBaiduspider
.null
or empty if they should apply to all robots.tags
- Robots tag to set.
-
setFormAccessControllHeaders
public static final void setFormAccessControllHeaders(javax.servlet.http.HttpServletResponse resp)
-
setFormAccessControllHeaders
public static final void setFormAccessControllHeaders(javax.servlet.http.HttpServletResponse resp, String allowOrigin)
-
setAccessControlHeader
public static final void setAccessControlHeader(javax.servlet.http.HttpServletResponse resp)
Sets the headerAccess-Control-Allow-Origin: *
.- Parameters:
resp
- Response to process.
-
setAccessControlHeader
public static final void setAccessControlHeader(javax.servlet.http.HttpServletResponse resp, int deltaSeconds, javax.servlet.http.HttpServletRequest req, boolean allowCredentials, Iterable<String> allowMethods, Iterable<String> allowHeaders, Iterable<String> exposeHeaders)
Sets the variousAccess-Control-*
headers on the given response.- Parameters:
resp
- Response to process.deltaSeconds
- The value for theAccess-Control-Max-Age
header, which indicates how long the results of a preflight request (that is the information contained in theAccess-Control-Allow-Methods
andAccess-Control-Allow-Headers
headers) can be cached. Set to a value less than 0 to not set this header.req
- Origin to allow for theAccess-Control-Allow-Origin
header, uses theOrigin
header of the request.allowCredentials
- When true, setsAccess-Control-Allow-Credentials: true
. It tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials
) isinclude
.allowMethods
- HTTP methods for theAccess-Control-Allow-Methods
header, which specifies one or more methods allowed when accessing a resource in response to a preflight request.allowHeaders
- Headers for theAccess-Control-Allow-Headers
header, which indicates which HTTP headers can be used during the actual request.exposeHeaders
- Headers for theAccess-Control-Expose-Headers
header, which indicates which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
-
setAccessControlHeader
public static final void setAccessControlHeader(javax.servlet.http.HttpServletResponse resp, int deltaSeconds, String origin, boolean allowCredentials, Iterable<String> allowMethods, Iterable<String> allowHeaders, Iterable<String> exposeHeaders)
Sets the variousAccess-Control-*
headers on the given response.- Parameters:
resp
- Response to process.deltaSeconds
- The value for theAccess-Control-Max-Age
header, which indicates how long the results of a preflight request (that is the information contained in theAccess-Control-Allow-Methods
andAccess-Control-Allow-Headers
headers) can be cached. Set to a value less than 0 to not set this header.origin
- Origin to allow for theAccess-Control-Allow-Origin
header. When empty ornull
, uses*
.allowCredentials
- When true, setsAccess-Control-Allow-Credentials: true
. It tells browsers whether to expose the response to the frontend JavaScript code when the request's credentials mode (Request.credentials
) isinclude
.allowMethods
- HTTP methods for theAccess-Control-Allow-Methods
header, which specifies one or more methods allowed when accessing a resource in response to a preflight request.allowHeaders
- Headers for theAccess-Control-Allow-Headers
header, which indicates which HTTP headers can be used during the actual request.exposeHeaders
- Headers for theAccess-Control-Expose-Headers
header, which indicates which response headers should be made available to scripts running in the browser, in response to a cross-origin request.
-
pn
public static final String pn(String... attribs)
- Returns:
- Die übergebene Attributkette in Punktnotation, bspw "attribs0.attribs1.attribs2".
-
pn2ul
public static final String pn2ul(String str)
- Returns:
- Der übergebene String, wobei Punkte('.') mit Unterstrichen('_') erstetzt werden.
-
ul2pn
public static final String ul2pn(String str)
- Returns:
- Der übergebene String, wobei Unterstriche('_') mit Punkten('.') erstetzt werden.
-
dateFormatter
public static SimpleDateFormat dateFormatter()
- Returns:
SimpleDateFormat
auf Basis des Standardformats für Datumsangaben
-
checkForDate
public static Object checkForDate(Object value)
Falls übergebener Wert kein Datums-String im erwarteten Format ist, wird der Original-Wert zurückgegeben, ansonsten das entsprechendejava.util.Date
.
-
setFormRobotsTags
public static void setFormRobotsTags(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
Sets thenoindex
andnofollow
tags when a security related parameter is present in the request (process ID , form request ID, form session ID, verify ID, verify workflow node ID, username).- Parameters:
req
- Request that was made.resp
- Response that is to be sent.s
-
addCspPolicy
public static void addCspPolicy(javax.servlet.http.HttpServletResponse res, String policy)
Amends theContent-Security-Policy
header with the given policy, preserving existing policies.- Parameters:
res
- HTTP response to which to add the policy.policy
- Policy to add.
-
addCspReportOnlyPolicy
public static void addCspReportOnlyPolicy(javax.servlet.http.HttpServletResponse res, String policy)
Amends theContent-Security-Policy-Report-Only
header with the given policy, preserving existing policies.- Parameters:
res
- HTTP response to which to add the policy.policy
- Policy to add.
-
-