Package sonia.scm.util

Class HttpUtil

java.lang.Object
sonia.scm.util.HttpUtil
public final class HttpUtil extends Object
Util method for the http protocol.

  • Field Details

    • AUTHENTICATION_REALM

      public static final String AUTHENTICATION_REALM
      authentication realm for basic authentication
      See Also:

    • AUTHORIZATION_SCHEME_BASIC

      public static final String AUTHORIZATION_SCHEME_BASIC
      Basic authorization scheme
      Since:
      2.0.0
      See Also:

    • AUTHORIZATION_SCHEME_BEARER

      public static final String AUTHORIZATION_SCHEME_BEARER
      Bearer authorization scheme
      Since:
      2.0.0
      See Also:

    • ENCODING

      public static final String ENCODING
      See Also:

    • HEADER_AUTHORIZATION

      public static final String HEADER_AUTHORIZATION
      authorization header
      Since:
      2.0.0
      See Also:

    • HEADER_CONTENT_LENGTH

      public static final String HEADER_CONTENT_LENGTH
      content-length header
      Since:
      1.46
      See Also:

    • HEADER_LOCATION

      public static final String HEADER_LOCATION
      location header
      Since:
      1.43
      See Also:

    • HEADER_SCM_CLIENT

      public static final String HEADER_SCM_CLIENT
      header for identifying the scm-manager client
      Since:
      1.19
      See Also:

    • HEADER_USERAGENT

      public static final String HEADER_USERAGENT
      See Also:

    • HEADER_WWW_AUTHENTICATE

      public static final String HEADER_WWW_AUTHENTICATE
      authentication header
      See Also:

    • HEADER_X_FORWARDED_HOST

      public static final String HEADER_X_FORWARDED_HOST
      The original host requested by the client in the Host HTTP request header.
      Since:
      1.47
      See Also:

    • HEADER_X_FORWARDED_PORT

      public static final String HEADER_X_FORWARDED_PORT
      The original port requested by the client.
      Since:
      1.47
      See Also:

    • HEADER_X_FORWARDED_PROTO

      public static final String HEADER_X_FORWARDED_PROTO
      The original protocol (http or https) requested by the client.
      Since:
      1.47
      See Also:

    • PORT_HTTP

      public static final int PORT_HTTP
      Default http port
      Since:
      1.5
      See Also:

    • PORT_HTTPS

      public static final int PORT_HTTPS
      Default https port
      Since:
      1.5
      See Also:

    • SCHEME_HTTP

      public static final String SCHEME_HTTP
      Default http scheme
      Since:
      1.5
      See Also:

    • SCHEME_HTTPS

      public static final String SCHEME_HTTPS
      Default https scheme
      Since:
      1.5
      See Also:

    • SCM_CLIENT_WUI

      public static final String SCM_CLIENT_WUI
      Possible value of the X-SCM-Client http header. Identifies the scm-manager web interface.
      Since:
      1.19
      See Also:

    • SEPARATOR_HASH

      public static final String SEPARATOR_HASH
      Url hash separator
      Since:
      1.9
      See Also:

    • SEPARATOR_PARAMETER

      public static final String SEPARATOR_PARAMETER
      Url parameter separator
      Since:
      1.9
      See Also:

    • SEPARATOR_PARAMETERS

      public static final String SEPARATOR_PARAMETERS
      Url parameters separator
      Since:
      1.9
      See Also:

    • SEPARATOR_PARAMETER_VALUE

      public static final String SEPARATOR_PARAMETER_VALUE
      Url parameter value separator
      Since:
      1.9
      See Also:

    • SEPARATOR_PATH

      public static final String SEPARATOR_PATH
      Url folder separator
      Since:
      1.5
      See Also:

    • SEPARATOR_PORT

      public static final String SEPARATOR_PORT
      Url port separator
      Since:
      1.5
      See Also:

    • SEPARATOR_SCHEME

      public static final String SEPARATOR_SCHEME
      Url scheme separator
      Since:
      1.5
      See Also:

    • STATUS_UNAUTHORIZED_MESSAGE

      public static final String STATUS_UNAUTHORIZED_MESSAGE
      message for unauthorized request
      See Also:

  • Method Details

    • concatenate

      public static String concatenate(String... pathElements)
      Joins all path elements together separated by {@link #SEPARATOR_PATH}.
      Parameters:
      pathElements - path elements
      Returns:
      concatenated path
      Since:
      2.0.0

    • append

      public static String append(String uri, String suffix)
      Appends the suffix to given uri.
      Parameters:
      uri - uri
      suffix - suffix
      Returns:
      Since:
      1.9

    • appendHash

      public static String appendHash(String uri, String hash)
      Appends the hash to the given uri.
      Parameters:
      uri - uri
      hash - hash
      Returns:
      uri with hash
      Since:
      1.9

    • appendParameter

      public static String appendParameter(String uri, String name, String value)
      Appends the parameter to the given uri.
      Parameters:
      uri - uri
      name - parameter name
      value - parameter value
      Returns:
      uri with parameter
      Since:
      1.9

    • checkForCRLFInjection

      public static void checkForCRLFInjection(String parameter)
      Throws an IllegalArgumentException if the parameter contains illegal characters which could imply a CRLF injection attack. Note: the current implementation throws the IllegalArgumentException also if the parameter contains a "%". So you have to decode your parameters before the check,
      Parameters:
      parameter - value
      Since:
      1.28

    • createContentDispositionAttachmentHeader

      public static String createContentDispositionAttachmentHeader(String name)
      Creates the value for the content-disposition attachment header. The method creates the filename as specified in rfc6266.
      Parameters:
      name - attachment name
      Returns:
      value of content-disposition header
      Since:
      1.46
      See Also:

    • decode

      public static String decode(String value)
      Url decode.
      Parameters:
      value - value to decode
      Returns:
      decoded value
      Since:
      1.9

    • drainBody

      public static void drainBody(jakarta.servlet.http.HttpServletRequest request)
      Skips to complete body of a request.
      Parameters:
      request - http request
      Since:
      1.37

    • encode

      public static String encode(String value)
      Url encode.
      Parameters:
      value - value to encode
      Returns:
      encoded value
      Since:
      1.9

    • normalizeUrl

      public static String normalizeUrl(String url)
      Since:
      1.26

    • removeCRLFInjectionChars

      public static String removeCRLFInjectionChars(String parameter)
      Remove all chars from the given parameter, which could be used for CRLF injection attack. Note: the current implementation the "%" char is also removed from the source parameter.
      Parameters:
      parameter - value
      Returns:
      the parameter value without crlf chars
      Since:
      1.28

    • removeMatrixParameter

      public static String removeMatrixParameter(String uri)
      Remove matrix parameters from the given uri.
      Parameters:
      uri - uri
      Returns:
      uri without matrix parameter
      Since:
      1.10

    • sendUnauthorized

      public static void sendUnauthorized(jakarta.servlet.http.HttpServletResponse response) throws IOException
      Send an unauthorized header back to the client
      Parameters:
      response - - the http response
      Throws:
      IOException

    • sendUnauthorized

      public static void sendUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Send an unauthorized header back to the client
      Parameters:
      request - http request
      response - http response
      Throws:
      IOException

    • sendUnauthorized

      public static void sendUnauthorized(jakarta.servlet.http.HttpServletResponse response, String realmDescription) throws IOException
      Send an unauthorized header back to the client
      Parameters:
      response - - the http response
      realmDescription - - realm description
      Throws:
      IOException
      Since:
      1.36

    • sendUnauthorized

      public static void sendUnauthorized(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String realmDescription) throws IOException
      Send an unauthorized header back to the client
      Parameters:
      request - http request
      response - http response
      realmDescription - realm description
      Throws:
      IOException
      Since:
      1.19

    • userAgentStartsWith

      public static boolean userAgentStartsWith(jakarta.servlet.http.HttpServletRequest request, String userAgent)
      Returns true if the User-Agent header of the current request starts with the given string.
      Parameters:
      request - http request
      userAgent - string to test against the header
      Returns:
      true if the header starts with the given string
      Since:
      1.37

    • getCompleteUrl

      public static String getCompleteUrl(jakarta.servlet.http.HttpServletRequest request, String... pathSegments)
      Returns an absolute url with context path. The method creates the url from forwarding request headers, if they are available.
      Parameters:
      request - http client request
      pathSegments -
      Returns:
      absolute url with context path
      Since:
      1.16
      See Also:

    • getCompleteUrl

      public static String getCompleteUrl(ScmConfiguration configuration, String path)
      Return the complete url of the given path.
      Parameters:
      configuration - - main SCM-Manager configuration
      path - to get the url from
      Returns:
      the complete url of the given path
      Since:
      1.5

    • getHeader

      public static String getHeader(jakarta.servlet.http.HttpServletRequest request, String header, String defaultValue)

    • getPortFromUrl

      public static int getPortFromUrl(String url)

    • getServerPort

      public static int getServerPort(ScmConfiguration configuration, jakarta.servlet.http.HttpServletRequest request)

    • getStrippedURI

      public static String getStrippedURI(jakarta.servlet.http.HttpServletRequest request)
      Return the request uri without the context path.
      Parameters:
      request - - the http client request

    • getStrippedURI

      public static String getStrippedURI(jakarta.servlet.http.HttpServletRequest request, String uri)
      Returns the given uri without the context path.
      Parameters:
      request - - the http client request
      uri - - the uri to get the stripped uri from
      Returns:
      uri without context path

    • getUriWithoutEndSeperator

      public static String getUriWithoutEndSeperator(String uri)
      Returns the given uri without ending separator.
      Parameters:
      uri - - to strip ending separator
      Returns:
      the given uri without an ending separator
      Since:
      1.7

    • getHeaderOrGetParameter

      public static Optional<String> getHeaderOrGetParameter(jakarta.servlet.http.HttpServletRequest request, String parameter)
      Returns header value or query parameter if the request is a get request.
      Parameters:
      request - http request
      parameter - name of header/parameter
      Returns:
      header value or query parameter
      Since:
      2.0.0

    • getUriWithoutStartSeperator

      public static String getUriWithoutStartSeperator(String uri)
      Returns the given uri without leading separator.
      Parameters:
      uri - - to strip leading separator
      Since:
      1.7

    • isChunked

      public static boolean isChunked(jakarta.servlet.http.HttpServletRequest request)
      Returns true if the body of the request is chunked.
      Since:
      1.37

    • isForwarded

      public static boolean isForwarded(jakarta.servlet.http.HttpServletRequest request)
      Returns true if the request is forwarded by a reverse proxy. The method uses the X-Forwarded-Host header to identify a forwarded request.
      Parameters:
      request - servlet request
      Returns:
      true if the request is forwarded
      Since:
      1.47

    • isWUIRequest

      public static boolean isWUIRequest(jakarta.servlet.http.HttpServletRequest request)
      Returns true if the http request is send by the scm-manager web interface.
      Parameters:
      request - http request
      Returns:
      true if the request comes from the web interface.
      Since:
      1.19