in core/src/main/java/flex/messaging/MessageBrokerServlet.java [251:359]
public void service(HttpServletRequest req, HttpServletResponse res) {
if (log_errors) {
// Create a wrapper for the request object so we can save the body content
LoggingHttpServletRequestWrapper wrapper = new LoggingHttpServletRequestWrapper(req);
req = wrapper;
try {
// Read the body content
wrapper.doReadBody();
} catch (IOException ignore) {
// ignore, the wrapper will preserve what content we were able to read.
}
}
try {
// Update thread locals
broker.initThreadLocals();
// Set this first so it is in place for the session creation event. The
// current session is set by the FlexSession stuff right when it is available.
// The threadlocal FlexClient is set up during message deserialization in the
// MessageBrokerFilter.
FlexContext.setThreadLocalObjects(null, null, broker, req, res, getServletConfig());
HttpFlexSession fs = httpFlexSessionProvider.getOrCreateSession(req);
Principal principal;
if (FlexContext.isPerClientAuthentication()) {
principal = FlexContext.getUserPrincipal();
} else {
principal = fs.getUserPrincipal();
}
if (principal == null && req.getHeader("Authorization") != null) {
String encoded = req.getHeader("Authorization");
if (encoded.indexOf("Basic") > -1) {
encoded = encoded.substring(6); //Basic.length()+1
try {
((AuthenticationService) broker.getService(AuthenticationService.ID)).decodeAndLogin(encoded, broker.getLoginManager());
} catch (Exception e) {
if (Log.isDebug())
Log.getLogger(LogCategories.SECURITY).info("Authentication service could not decode and login: " + e.getMessage());
}
}
}
String contextPath = req.getContextPath();
String pathInfo = req.getPathInfo();
String endpointPath = req.getServletPath();
if (pathInfo != null)
endpointPath = endpointPath + pathInfo;
Endpoint endpoint;
try {
endpoint = broker.getEndpoint(endpointPath, contextPath);
} catch (MessageException me) {
if (Log.isInfo())
Log.getLogger(LogCategories.ENDPOINT_GENERAL).info("Received invalid request for endpoint path '{0}'.", new Object[]{endpointPath});
if (!res.isCommitted()) {
try {
res.sendError(HttpServletResponse.SC_NOT_FOUND);
} catch (IOException ignore) {
}
}
return;
}
try {
if (Log.isInfo()) {
Log.getLogger(LogCategories.ENDPOINT_GENERAL).info("Channel endpoint {0} received request.",
new Object[]{endpoint.getId()});
}
endpoint.service(req, res);
} catch (UnsupportedOperationException ue) {
if (Log.isInfo()) {
Log.getLogger(LogCategories.ENDPOINT_GENERAL).info("Channel endpoint {0} received request for an unsupported operation.",
new Object[]{endpoint.getId()},
ue);
}
if (!res.isCommitted()) {
try {
res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} catch (IOException ignore) {
}
}
}
} catch (Throwable t) {
// Final resort catch block as recommended by Fortify as a potential System info leak
try {
Log.getLogger(LogCategories.ENDPOINT_GENERAL).error("Unexpected error encountered in Message Broker servlet", t);
res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} catch (IOException ignore) {
// ignore
}
} finally {
if (log_errors) {
String info = (String) req.getAttribute(HTTPRequestLog.HTTP_ERROR_INFO);
if (info != null) {
// Log the HttpRequest data
System.out.println("Exception occurred while processing HTTP request: " + info + ", request details logged in " + HTTPRequestLog.getFileName());
HTTPRequestLog.outputRequest(info, req);
}
}
FlexContext.clearThreadLocalObjects();
}
}