source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java@ 25424

Last change on this file since 25424 was 25424, checked in by sjm84, 12 years ago

Added searching RESTful urls
  • Property svn:executable set to *
File size: 11.2 KB
Line 
1package org.greenstone.gsdl3.core;
2
3import java.io.IOException;
4import java.util.ArrayList;
5import java.util.HashMap;
6import java.util.Map;
7
8import javax.servlet.Filter;
9import javax.servlet.FilterChain;
10import javax.servlet.FilterConfig;
11import javax.servlet.ServletException;
12import javax.servlet.ServletRequest;
13import javax.servlet.ServletResponse;
14import javax.servlet.http.HttpServletRequest;
15import javax.servlet.http.HttpServletRequestWrapper;
16
17import org.apache.log4j.Logger;
18import org.greenstone.gsdl3.util.GSParams;
19import org.greenstone.gsdl3.util.GSXML;
20import org.greenstone.gsdl3.util.UserContext;
21import org.greenstone.gsdl3.action.DocumentAction;
22import org.w3c.dom.Document;
23import org.w3c.dom.Element;
24import org.w3c.dom.NodeList;
25
26public class URLFilter implements Filter
27{
28 private FilterConfig _filterConfig = null;
29 private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
30
31 //Restricted URLs
32 protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
33
34 protected static final ArrayList<String> _restrictedURLs;
35 static
36 {
37 ArrayList<String> restrictedURLs = new ArrayList<String>();
38 restrictedURLs.add(SITECONFIG_URL);
39 _restrictedURLs = restrictedURLs;
40 }
41
42 public void init(FilterConfig filterConfig) throws ServletException
43 {
44 this._filterConfig = filterConfig;
45 }
46
47 public void destroy()
48 {
49 this._filterConfig = null;
50 }
51
52 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
53 {
54 if (request instanceof HttpServletRequest)
55 {
56 HttpServletRequest hRequest = ((HttpServletRequest) request);
57 GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
58
59 String url = hRequest.getRequestURI().toString();
60
61 if (isURLRestricted(url))
62 {
63 response.getWriter().println("Access to this page is forbidden.");
64 return;
65 }
66
67 if (url.contains("/index/assoc/"))
68 {
69 String dir = null;
70 int dirStart = url.indexOf("/index/assoc/") + "/index/assoc/".length();
71 int dirEnd = -1;
72 if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
73 {
74 dirEnd = url.indexOf("/", dirStart);
75 }
76 if (dirEnd != -1)
77 {
78 dir = url.substring(dirStart, dirEnd);
79 }
80 if (dir == null)
81 {
82 return;
83 }
84
85 String collection = null;
86 int colStart = url.indexOf("/collect/") + "/collect/".length();
87 int colEnd = -1;
88 if (colStart < url.length() && url.indexOf("/", colStart) != -1)
89 {
90 colEnd = url.indexOf("/", colStart);
91 }
92 if (colEnd != -1)
93 {
94 collection = url.substring(colStart, colEnd);
95 }
96 if (collection == null)
97 {
98 return;
99 }
100
101 MessageRouter gsRouter = (MessageRouter) request.getServletContext().getAttribute("GSRouter");
102 if (gsRouter == null)
103 {
104 _logger.error("Receptionist is null, stopping filter");
105 return;
106 }
107
108 Document gsDoc = (Document) request.getServletContext().getAttribute("GSDocument");
109 if (gsDoc == null)
110 {
111 _logger.error("Document is null, stopping filter");
112 return;
113 }
114
115 Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
116 Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/DocumentMetadataRetrieve", new UserContext());
117 metaMessage.appendChild(metaRequest);
118
119 Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
120 metaRequest.appendChild(paramList);
121
122 Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
123 paramList.appendChild(param);
124
125 param.setAttribute(GSXML.NAME_ATT, "metadata");
126 param.setAttribute(GSXML.VALUE_ATT, "contains");
127
128 Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
129 metaRequest.appendChild(docList);
130
131 Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
132 docList.appendChild(doc);
133
134 doc.setAttribute(GSXML.NODE_ID_ATT, dir);
135
136 Element metaResponse = (Element) gsRouter.process(metaMessage);
137
138 NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
139 if (metadataList.getLength() == 0)
140 {
141 _logger.error("Could not find the document related to this url");
142 }
143 else
144 {
145 Element metadata = (Element) metadataList.item(0);
146 String document = metadata.getTextContent();
147
148 //Get the security info for this collection
149 Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
150 Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
151 securityMessage.appendChild(securityRequest);
152 if (document != null && !document.equals(""))
153 {
154 securityRequest.setAttribute(GSXML.NODE_OID, document);
155 }
156
157 Element securityResponse = (Element) GSXML.getChildByTagName(gsRouter.process(securityMessage), GSXML.RESPONSE_ELEM);
158 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
159
160 if (!groups.contains(""))
161 {
162 boolean found = false;
163 for (String group : groups)
164 {
165 if (((HttpServletRequest) request).isUserInRole(group))
166 {
167 found = true;
168 break;
169 }
170 }
171
172 if (!found)
173 {
174 return;
175 }
176 }
177 }
178 }
179 else
180 {
181 String[] segments = url.split("/");
182 for (int i = 0; i < segments.length; i++)
183 {
184 String[] additionalParameters = null;
185 String[] defaultParamValues = null;
186
187 //COLLECTION
188 if (segments[i].equals("collection") && (i + 1) < segments.length)
189 {
190 gRequest.setParameter(GSParams.COLLECTION, segments[i + 1]);
191 }
192 //DOCUMENT
193 else if (segments[i].equals("document") && (i + 1) < segments.length)
194 {
195 gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
196
197 additionalParameters = new String[] { GSParams.ACTION, GSParams.DOCUMENT_TYPE };
198 defaultParamValues = new String[] { "d", "hierarchy" };
199 }
200 //PAGE
201 else if (segments[i].equals("page") && (i + 1) < segments.length)
202 {
203 gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
204
205 additionalParameters = new String[] { GSParams.ACTION };
206 defaultParamValues = new String[] { "p" };
207 }
208 //ADMIN
209 else if (segments[i].equals("admin") && (i + 1) < segments.length)
210 {
211 String pageName = segments[i + 1];
212
213 gRequest.setParameter("s1.authpage", pageName);
214
215 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
216 defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
217 }
218 //BROWSE
219 else if (segments[i].equals("browse") && (i + 1) < segments.length)
220 {
221 String cl = "";
222 for (int j = 1; (i + j) < segments.length; j++)
223 {
224 if (!segments[i + j].matches("^(CL|cl)?\\d+$"))
225 {
226 break;
227 }
228
229 if (j > 1)
230 {
231 cl += ".";
232 }
233
234 cl += segments[i + j].replace("CL", "").replace("cl", "");
235 }
236
237 gRequest.setParameter("cl", "CL" + cl);
238
239 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
240 defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
241 }
242 //QUERY
243 else if (segments[i].equals("search"))
244 {
245 String serviceName = "";
246 if ((i + 1) < segments.length)
247 {
248 serviceName = segments[i + 1];
249 gRequest.setParameter("s", serviceName);
250
251 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
252 defaultParamValues = new String[] { "q", "", "d" };
253 }
254 if((i + 2) < segments.length)
255 {
256 System.err.println("HUH??");
257 if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
258 {
259 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.index", "s1.startPage" };
260 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
261
262 gRequest.setParameter("s1.query", segments[i + 2]);
263 }
264 else if (serviceName.equals("FieldQuery"))
265 {
266 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.startPage" };
267 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
268
269 gRequest.setParameter("s1.fqv", segments[i + 2]);
270 }
271 else if (serviceName.equals("AdvancedFieldQuery"))
272 {
273 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.fqk", "s1.startPage" };
274 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "0", "1" };
275
276 gRequest.setParameter("s1.fqv", segments[i + 2]);
277 }
278 }
279 }
280 if (additionalParameters != null)
281 {
282 for (int j = 0; j < additionalParameters.length; j++)
283 {
284 if (gRequest.getParameter(additionalParameters[j]) == null)
285 {
286 gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
287 }
288 }
289 }
290 }
291 }
292
293 chain.doFilter(gRequest, response);
294 }
295 else
296 {
297 //Will this ever happen?
298 System.err.println("The request was not an HttpServletRequest");
299 }
300 }
301
302 private boolean isURLRestricted(String url)
303 {
304 for (String restrictedURL : _restrictedURLs)
305 {
306 if (url.matches(".*" + restrictedURL + ".*"))
307 {
308 return true;
309 }
310 }
311
312 return false;
313 }
314
315 private class GSHttpServletRequestWrapper extends HttpServletRequestWrapper
316 {
317 private HashMap<String, String[]> _newParams = new HashMap<String, String[]>();
318
319 public GSHttpServletRequestWrapper(ServletRequest request)
320 {
321 super((HttpServletRequest) request);
322 }
323
324 public void setParameter(String paramName, String[] paramValues)
325 {
326 _newParams.put(paramName, paramValues);
327 }
328
329 public void setParameter(String paramName, String paramValue)
330 {
331 _newParams.put(paramName, new String[] { paramValue });
332 }
333
334 public String getParameter(String paramName)
335 {
336 if (super.getParameter(paramName) != null)
337 {
338 return super.getParameter(paramName);
339 }
340 else
341 {
342 if (_newParams.get(paramName) != null && _newParams.get(paramName)[0] != null)
343 {
344 return _newParams.get(paramName)[0];
345 }
346 return null;
347 }
348 }
349
350 public String[] getParameterValues(String paramName)
351 {
352 if (super.getParameterValues(paramName) != null)
353 {
354 return super.getParameterValues(paramName);
355 }
356 else
357 {
358 return _newParams.get(paramName);
359 }
360 }
361
362 public Map<String, String[]> getParameterMap()
363 {
364 HashMap<String, String[]> returnMap = new HashMap<String, String[]>();
365 returnMap.putAll(super.getParameterMap());
366 returnMap.putAll(_newParams);
367 return returnMap;
368 }
369 }
370}
Note: See TracBrowser for help on using the repository browser.