A Filter used to specify an allowlist of allowed paths to the OFBiz application.
Requests that do not match any of the paths listed in allowedPaths are redirected to redirectPath, or an error code
is returned (the error code can be set in errorCode, the default value is 403).
If forceRedirectAll is set to Y then allowedPaths is ignored and all requests are redirected to redirectPath; note
that forceRedirectAll is ignored if redirectPath is not set.
- forceRedirectAll: when set to Y, and redirectPath is set, then redirects all traffic to redirectPath
- allowedPaths: a colon separated list of URL or URI that are allowed;
non matching request paths are redirected, or an error code is returned,
according to the setup of redirectPath and errorCode
- redirectPath: if the path requested is not in the allowedPaths, or forceRedirectAll is set to Y,
specifies the the path to which the request is redirected to;
- errorCode: the error code set in the response if the path requested is not in the allowedPaths
and redirectPath is not set; defaults to 403
Interaction with the context:
- for its internal logic (to avoid an infinite loop of redirections when forceRedirectAll is set) the filter sets
a session parameter (_FORCE_REDIRECT_=true) before the first redirection; the parameter is removed during the
second pass before the request is forwarded to the next filter in the chain
- the filter skips the check against the allowlist of allowed paths if a request attribute
with name _FORWARDED_FROM_SERVLET_ is present; this attribute is typically set by the ControlServlet to indicate
that the request path is safe and should not be checked again