Class DataPreservationFilter

  • All Implemented Interfaces:
    Filter

    public class DataPreservationFilter
    extends Object
    implements Filter
    The DataPreservationFilter supports preserving POSTed data from a request that triggers a login redirect. The entity data from the request is preserved in the http session before redirecting to authentication. If a subsequent GET request is seen, that matched the original request path and there is preserved data, an empty self-submitting form is returned to the user-agent. Using a self-posting form for the last step, rather than just transforming the GET into a POST, ensures that user-agent is generating the POST. Using an empty self-posting form, rather than the original data, ensures that there is no opportunity for the data to be manipulated since preserving the original request and no data validation/manipulation is required within the filter. When this empty POST request is processed, the entity is replaced with the preserved data and the request flows through to the next filter.
     {
        "type": "DataPreservationFilter",
        "config": {
          "noJavaScriptMessage:   String              [OPTIONAL - the message to show when the user-agent does
                                                                  not support JavaScript. JavaScript is used to
                                                                  replay the preserved FORM data from the original
                                                                  POST that triggered a login redirect.
                                                                  Defaults to {@link #NO_JAVASCRIPT_MESSAGE_DEFAULT }
          "maxContentLength":     Integer             [OPTIONAL - determine how big a POST request, in bytes, based
                                                                  on the Content-Length header, that we are willing to
                                                                  preserve in this filter. Repeated requests to a route
                                                                  with this filter, that contain large payloads, that
                                                                  also trigger an authentication redirect, could use up
                                                                  a lot of memory/processing without some control over
                                                                  the maximum size we are willing to preserve.
                                                                  Defaults to {@link #MAX_CONTENT_LENGTH_DEFAULT }.]
        }
      }
     
     
    • Constructor Detail

      • DataPreservationFilter

        public DataPreservationFilter​(String noJavaScriptMessage,
                                      int maxContentLength,
                                      Randoms.UrlFriendlyRandomStringGenerator randomGenerator)
        Creates a new DataPreservationFilter.
        Parameters:
        noJavaScriptMessage - the message to show on the self-posting form when JavaScript is not enabled.
        maxContentLength - A request Content-Length header value must be less than or equal to this value to be seen as a valid request for preserving.
        randomGenerator - Source of random value used for marker values.
    • Method Detail

      • filter

        public Promise<Response,​NeverThrowsException> filter​(Context context,
                                                                   Request request,
                                                                   Handler next)
        Description copied from interface: Filter
        Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

        This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

        Specified by:
        filter in interface Filter
        Parameters:
        context - The request context.
        request - The request.
        next - The next filter or handler in the chain to handle the request.
        Returns:
        A Promise representing the response to be returned to the client.