View Javadoc
1   /*
2    * This file is part of ***  M y C o R e  ***
3    * See http://www.mycore.de/ for details.
4    *
5    * MyCoRe is free software: you can redistribute it and/or modify
6    * it under the terms of the GNU General Public License as published by
7    * the Free Software Foundation, either version 3 of the License, or
8    * (at your option) any later version.
9    *
10   * MyCoRe is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   * GNU General Public License for more details.
14   *
15   * You should have received a copy of the GNU General Public License
16   * along with MyCoRe.  If not, see <http://www.gnu.org/licenses/>.
17   */
18  
19  package org.mycore.frontend.filter;
20  
21  import java.io.IOException;
22  import java.util.regex.Pattern;
23  
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  import org.mycore.common.config.MCRConfiguration2;
27  
28  import jakarta.servlet.Filter;
29  import jakarta.servlet.FilterChain;
30  import jakarta.servlet.FilterConfig;
31  import jakarta.servlet.ServletException;
32  import jakarta.servlet.ServletRequest;
33  import jakarta.servlet.ServletResponse;
34  import jakarta.servlet.http.HttpServletRequest;
35  import jakarta.servlet.http.HttpSession;
36  
37  /**
38   * Automatically closes HttpSession of certain user agents.
39   * 
40   * If the <code>User-Agent</code> header matches a regular expression
41   * defined by the property <code>MCR.Filter.UserAgent</code>
42   * (default: "<code>(bot|spider|crawler|mercator|slurp|seek|nagios)</code>") the
43   * HTTP session is closed after the request.
44   * @author Thomas Scheffler (yagee)
45   */
46  public class MCRUserAgentFilter implements Filter {
47      private static Pattern agentPattern;
48  
49      private static final Logger LOGGER = LogManager.getLogger(MCRUserAgentFilter.class);
50  
51      @Override
52      public void init(final FilterConfig arg0) throws ServletException {
53          final String agentRegEx = MCRConfiguration2.getString("MCR.Filter.UserAgent")
54              .orElse("(bot|spider|crawler|mercator|slurp|seek|nagios|Java)");
55          agentPattern = Pattern.compile(agentRegEx);
56      }
57  
58      @Override
59      public void destroy() {
60      }
61  
62      @Override
63      public void doFilter(final ServletRequest sreq, final ServletResponse sres, final FilterChain chain)
64          throws IOException, ServletException {
65          final HttpServletRequest request = (HttpServletRequest) sreq;
66          final boolean newSession = request.getSession(false) == null;
67          chain.doFilter(sreq, sres);
68          final HttpSession session = request.getSession(false);
69          if (session != null && newSession) {
70              final String userAgent = request.getHeader("User-Agent");
71              if (userAgent != null) {
72                  if (agentPattern.matcher(userAgent).find()) {
73                      try {
74                          LOGGER.info("Closing session: {} matches {}", userAgent, agentPattern);
75                          session.invalidate();
76                      } catch (IllegalStateException e) {
77                          LOGGER.warn("Session was allready closed");
78                      }
79                  } else {
80                      LOGGER.debug("{} does not match {}", userAgent, agentPattern);
81                  }
82              } else {
83                  LOGGER.warn("No User-Agent was send.");
84              }
85          }
86      }
87  
88  }