1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.mycore.frontend.filter;
20
21 import java.io.IOException;
22 import java.util.regex.Pattern;
23
24 import org.apache.logging.log4j.LogManager;
25 import org.apache.logging.log4j.Logger;
26 import org.mycore.common.config.MCRConfiguration2;
27
28 import jakarta.servlet.Filter;
29 import jakarta.servlet.FilterChain;
30 import jakarta.servlet.FilterConfig;
31 import jakarta.servlet.ServletException;
32 import jakarta.servlet.ServletRequest;
33 import jakarta.servlet.ServletResponse;
34 import jakarta.servlet.http.HttpServletRequest;
35 import jakarta.servlet.http.HttpSession;
36
37
38
39
40
41
42
43
44
45
46 public class MCRUserAgentFilter implements Filter {
47 private static Pattern agentPattern;
48
49 private static final Logger LOGGER = LogManager.getLogger(MCRUserAgentFilter.class);
50
51 @Override
52 public void init(final FilterConfig arg0) throws ServletException {
53 final String agentRegEx = MCRConfiguration2.getString("MCR.Filter.UserAgent")
54 .orElse("(bot|spider|crawler|mercator|slurp|seek|nagios|Java)");
55 agentPattern = Pattern.compile(agentRegEx);
56 }
57
58 @Override
59 public void destroy() {
60 }
61
62 @Override
63 public void doFilter(final ServletRequest sreq, final ServletResponse sres, final FilterChain chain)
64 throws IOException, ServletException {
65 final HttpServletRequest request = (HttpServletRequest) sreq;
66 final boolean newSession = request.getSession(false) == null;
67 chain.doFilter(sreq, sres);
68 final HttpSession session = request.getSession(false);
69 if (session != null && newSession) {
70 final String userAgent = request.getHeader("User-Agent");
71 if (userAgent != null) {
72 if (agentPattern.matcher(userAgent).find()) {
73 try {
74 LOGGER.info("Closing session: {} matches {}", userAgent, agentPattern);
75 session.invalidate();
76 } catch (IllegalStateException e) {
77 LOGGER.warn("Session was allready closed");
78 }
79 } else {
80 LOGGER.debug("{} does not match {}", userAgent, agentPattern);
81 }
82 } else {
83 LOGGER.warn("No User-Agent was send.");
84 }
85 }
86 }
87
88 }