kgrz/perimeterx.java

## perimeterx.java
// Current implementation, which won't have feedback loop closed with PX, and
// allows for false positives
class PXFilter implements Filter {
    private PerimeterX enforcer;

    public void init() {
        PXConfiguration pxConfiguration = PXConfiguration.builder()
            .build();
        enforcer = new PerimeterX(pxConfiguration);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ctx = enforcer.pxVerify(request, new HttpServletResponseWrapper((HttpServletResponse) servletResponse));
        // This isBlockingEnabled is a boolean that we compute based on various
        // config flags we used internally, and this is the one that allows us to be
        // more agile in turning off the functionality
        boolean isRiskScoreHigher = ctx.getRiskScore() > config.getAsInt("pxThreshold");
        if (isBlockingEnabled && isRiskScoreHigher) {
            // This servletResponse might have additional data prefilled, or
            // perhaps uses other JSON response formats that fit our clients
            // (old ones which we can't update & new ones which we can update
            // the clients to handle the new responses)
            servletResponse.setStatus(429);
            return;
        }
    }
}


// What we are looking at:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    if (!isBlockingEnabled) {
        return
    }

    ctx = enforcer.pxVerify(request, new HttpServletResponseWrapper((HttpServletResponse) servletResponse));
    // I'm not sure if the detection threshold can be configured in the config
    // directly. This example assumes it can't be
    riskScoreThreshold = config.getAsInt("pxThreshold");

    // sendChallenge takes theshold as param
    if (ctx.shouldSendChallenge(riskScoreThreshold)) {
        // response content type is already set to JSON, which we want to prefer
        servletResponse.setStatus(200);
        servletResponse.getWriter().println(ctx.challengeBody());
        // this would add the necessary telemetry on your side that the user got
        // sent the challenge
        ctx.challengeSent();
        return;
    }

    // block fn takes the threshold as parameter
    if (ctx.shouldBlock(riskScoreThreshold)) {
        servletResponse.setStatus(429);
        // this would add the necessary telemetry on your side that the user got
        // fully blocked
        ctx.blocked();
        return;
    }

    // run the rest of our filters
}
	// Current implementation, which won't have feedback loop closed with PX, and
	// allows for false positives
	class PXFilter implements Filter {
	private PerimeterX enforcer;

	public void init() {
	PXConfiguration pxConfiguration = PXConfiguration.builder()
	.build();
	enforcer = new PerimeterX(pxConfiguration);
	}

	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
	ctx = enforcer.pxVerify(request, new HttpServletResponseWrapper((HttpServletResponse) servletResponse));
	// This isBlockingEnabled is a boolean that we compute based on various
	// config flags we used internally, and this is the one that allows us to be
	// more agile in turning off the functionality
	boolean isRiskScoreHigher = ctx.getRiskScore() > config.getAsInt("pxThreshold");
	if (isBlockingEnabled && isRiskScoreHigher) {
	// This servletResponse might have additional data prefilled, or
	// perhaps uses other JSON response formats that fit our clients
	// (old ones which we can't update & new ones which we can update
	// the clients to handle the new responses)
	servletResponse.setStatus(429);
	return;
	}
	}
	}


	// What we are looking at:
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
	if (!isBlockingEnabled) {
	return
	}

	ctx = enforcer.pxVerify(request, new HttpServletResponseWrapper((HttpServletResponse) servletResponse));
	// I'm not sure if the detection threshold can be configured in the config
	// directly. This example assumes it can't be
	riskScoreThreshold = config.getAsInt("pxThreshold");

	// sendChallenge takes theshold as param
	if (ctx.shouldSendChallenge(riskScoreThreshold)) {
	// response content type is already set to JSON, which we want to prefer
	servletResponse.setStatus(200);
	servletResponse.getWriter().println(ctx.challengeBody());
	// this would add the necessary telemetry on your side that the user got
	// sent the challenge
	ctx.challengeSent();
	return;
	}

	// block fn takes the threshold as parameter
	if (ctx.shouldBlock(riskScoreThreshold)) {
	servletResponse.setStatus(429);
	// this would add the necessary telemetry on your side that the user got
	// fully blocked
	ctx.blocked();
	return;
	}

	// run the rest of our filters
	}