source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java@ 25267

Last change on this file since 25267 was 25267, checked in by sjm84, 12 years ago

Adding a URL filter that can be used to have RESTful URLs, this will also prevent access to restricted files but this is currently incomplete
  • Property svn:executable set to *
File size: 9.6 KB
Line 
1package org.greenstone.gsdl3.core;
2
3import java.io.IOException;
4import java.util.ArrayList;
5import java.util.HashMap;
6import java.util.Map;
7
8import javax.servlet.Filter;
9import javax.servlet.FilterChain;
10import javax.servlet.FilterConfig;
11import javax.servlet.ServletException;
12import javax.servlet.ServletRequest;
13import javax.servlet.ServletResponse;
14import javax.servlet.http.HttpServletRequest;
15import javax.servlet.http.HttpServletRequestWrapper;
16
17import org.apache.log4j.Logger;
18import org.greenstone.gsdl3.util.GSParams;
19import org.greenstone.gsdl3.util.GSXML;
20import org.greenstone.gsdl3.util.UserContext;
21import org.w3c.dom.Document;
22import org.w3c.dom.Element;
23
24public class URLFilter implements Filter
25{
26 private FilterConfig _filterConfig = null;
27 private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
28
29 //Restricted URLs
30 protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
31
32 protected static final ArrayList<String> _restrictedURLs;
33 static
34 {
35 ArrayList<String> restrictedURLs = new ArrayList<String>();
36 restrictedURLs.add(SITECONFIG_URL);
37 _restrictedURLs = restrictedURLs;
38 }
39
40 public void init(FilterConfig filterConfig) throws ServletException
41 {
42 this._filterConfig = filterConfig;
43 }
44
45 public void destroy()
46 {
47 this._filterConfig = null;
48 }
49
50 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
51 {
52 if (request instanceof HttpServletRequest)
53 {
54 HttpServletRequest hRequest = ((HttpServletRequest) request);
55 GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
56
57 String url = hRequest.getRequestURI().toString();
58
59 if(isURLRestricted(url))
60 {
61 response.getWriter().println("Access to this page is forbidden.");
62 return;
63 }
64
65 if (url.contains("/index/assoc/"))
66 {
67 String dir = null;
68 int dirStart = url.indexOf("/index/assoc/") + "/index/assoc/".length();
69 int dirEnd = -1;
70 if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
71 {
72 dirEnd = url.indexOf("/", dirStart);
73 }
74 if (dirEnd != -1)
75 {
76 dir = url.substring(dirStart, dirEnd);
77 }
78 if (dir == null)
79 {
80 return;
81 }
82
83 String collection = null;
84 int colStart = url.indexOf("/collect/") + "/collect/".length();
85 int colEnd = -1;
86 if (colStart < url.length() && url.indexOf("/", colStart) != -1)
87 {
88 colEnd = url.indexOf("/", colStart);
89 }
90 if (colEnd != -1)
91 {
92 collection = url.substring(colStart, colEnd);
93 }
94 if (collection == null)
95 {
96 return;
97 }
98
99 MessageRouter gsRouter = (MessageRouter) request.getServletContext().getAttribute("GSRouter");
100 if (gsRouter == null)
101 {
102 _logger.error("Receptionist is null, stopping filter");
103 return;
104 }
105
106 Document gsDoc = (Document) request.getServletContext().getAttribute("GSDocument");
107 if (gsDoc == null)
108 {
109 _logger.error("Document is null, stopping filter");
110 return;
111 }
112
113 Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
114 Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/DocumentMetadataRetrieve", new UserContext());
115 metaMessage.appendChild(metaRequest);
116
117 Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
118 metaRequest.appendChild(paramList);
119
120 Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
121 paramList.appendChild(param);
122
123 param.setAttribute(GSXML.NAME_ATT, "metadata");
124 param.setAttribute(GSXML.VALUE_ATT, "contains");
125
126 Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
127 metaRequest.appendChild(docList);
128
129 Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
130 docList.appendChild(doc);
131
132 doc.setAttribute(GSXML.NODE_ID_ATT, dir);
133
134 Element metaResponse = (Element) gsRouter.process(metaMessage);
135 //GSXML.printXMLNode(metaResponse, true);
136 }
137 else
138 {
139 String[] segments = url.split("/");
140 for (int i = 0; i < segments.length; i++)
141 {
142 String[] additionalParameters = null;
143 String[] defaultParamValues = null;
144
145 //COLLECTION
146 if (segments[i].equals("collection") && (i + 1) < segments.length)
147 {
148 gRequest.setParameter(GSParams.COLLECTION, segments[i + 1]);
149 }
150 //DOCUMENT
151 else if (segments[i].equals("document") && (i + 1) < segments.length)
152 {
153 gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
154
155 additionalParameters = new String[] { GSParams.ACTION, GSParams.DOCUMENT_TYPE, GSParams.EXPAND_DOCUMENT };
156 defaultParamValues = new String[] { "d", "hierarchy", "1" };
157 }
158 //PAGE
159 else if (segments[i].equals("page") && (i + 1) < segments.length)
160 {
161 gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
162
163 additionalParameters = new String[] { GSParams.ACTION };
164 defaultParamValues = new String[] { "p" };
165 }
166 //ADMIN
167 else if (segments[i].equals("admin") && (i + 1) < segments.length)
168 {
169 String pageName = segments[i + 1];
170
171 gRequest.setParameter("s1.authpage", pageName);
172
173 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
174 defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
175 }
176 //BROWSE
177 else if (segments[i].equals("browse") && (i + 1) < segments.length)
178 {
179 String cl = "";
180 for (int j = 1; (i + j) < segments.length; j++)
181 {
182 if (!segments[i + j].matches("^\\d+$"))
183 {
184 break;
185 }
186
187 if (j > 1)
188 {
189 cl += ".";
190 }
191
192 cl += segments[i + j];
193 }
194
195 gRequest.setParameter("cl", "CL" + cl);
196
197 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
198 defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
199 }
200 //QUERY
201 else if (segments[i].equals("query"))
202 {
203 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
204 defaultParamValues = new String[] { "q", "", "rd" };
205 }
206 //SERVICE
207 else if (segments[i].equals("service") && (i + 1) < segments.length)
208 {
209 String serviceName = segments[i + 1];
210 gRequest.setParameter(GSParams.SERVICE, serviceName);
211
212 if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
213 {
214 additionalParameters = new String[] { "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.index", "s1.startPage" };
215 defaultParamValues = new String[] { "100", "20", "Sec", "rank", "ZZ", "1" };
216
217 if ((i + 2) < segments.length)
218 {
219 gRequest.setParameter("s1.query", segments[i + 2]);
220 }
221 }
222 else if (serviceName.equals("FieldQuery"))
223 {
224 additionalParameters = new String[] { "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.startPage" };
225 defaultParamValues = new String[] { "100", "20", "Sec", "rank", "ZZ", "1" };
226
227 if ((i + 2) < segments.length)
228 {
229 gRequest.setParameter("s1.fqv", segments[i + 2]);
230 }
231 }
232 else if (serviceName.equals("AdvancedFieldQuery"))
233 {
234 additionalParameters = new String[] { "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.fqk", "s1.startPage" };
235 defaultParamValues = new String[] { "100", "20", "Sec", "rank", "ZZ", "0", "1" };
236
237 if ((i + 2) < segments.length)
238 {
239 gRequest.setParameter("s1.fqv", segments[i + 2]);
240 }
241 }
242 }
243
244 if (additionalParameters != null)
245 {
246 for (int j = 0; j < additionalParameters.length; j++)
247 {
248 if (gRequest.getParameter(additionalParameters[j]) == null)
249 {
250 gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
251 }
252 }
253 }
254 }
255 }
256
257 chain.doFilter(gRequest, response);
258 }
259 else
260 {
261 //Will this ever happen?
262 System.err.println("The request was not an HttpServletRequest");
263 }
264 }
265
266 private boolean isURLRestricted(String url)
267 {
268 for(String restrictedURL : _restrictedURLs)
269 {
270 if(url.matches(".*" + restrictedURL + ".*"))
271 {
272 return true;
273 }
274 }
275
276 return false;
277 }
278
279 private class GSHttpServletRequestWrapper extends HttpServletRequestWrapper
280 {
281 private HashMap<String, String[]> _newParams = new HashMap<String, String[]>();
282
283 public GSHttpServletRequestWrapper(ServletRequest request)
284 {
285 super((HttpServletRequest) request);
286 }
287
288 public void setParameter(String paramName, String[] paramValues)
289 {
290 _newParams.put(paramName, paramValues);
291 }
292
293 public void setParameter(String paramName, String paramValue)
294 {
295 _newParams.put(paramName, new String[] { paramValue });
296 }
297
298 public String getParameter(String paramName)
299 {
300 if (_newParams.containsKey(paramName))
301 {
302 return _newParams.get(paramName)[0];
303 }
304 else
305 {
306 return super.getParameter(paramName);
307 }
308 }
309
310 public String[] getParameterValues(String paramName)
311 {
312 if (_newParams.containsKey(paramName))
313 {
314 return _newParams.get(paramName);
315 }
316 else
317 {
318 return super.getParameterValues(paramName);
319 }
320 }
321
322 public Map<String, String[]> getParameterMap()
323 {
324 HashMap<String, String[]> returnMap = new HashMap<String, String[]>();
325 returnMap.putAll(super.getParameterMap());
326 returnMap.putAll(_newParams);
327 return returnMap;
328 }
329 }
330}
Note: See TracBrowser for help on using the repository browser.