source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java@ 25536

Last change on this file since 25536 was 25536, checked in by sjm84, 12 years ago

A fix for the jsessionid problem
  • Property svn:executable set to *
File size: 11.3 KB
Line 
1package org.greenstone.gsdl3.core;
2
3import java.io.IOException;
4import java.util.ArrayList;
5import java.util.HashMap;
6import java.util.Map;
7
8import javax.servlet.Filter;
9import javax.servlet.FilterChain;
10import javax.servlet.FilterConfig;
11import javax.servlet.ServletException;
12import javax.servlet.ServletRequest;
13import javax.servlet.ServletResponse;
14import javax.servlet.http.HttpServletRequest;
15import javax.servlet.http.HttpServletRequestWrapper;
16
17import org.apache.log4j.Logger;
18import org.greenstone.gsdl3.util.GSParams;
19import org.greenstone.gsdl3.util.GSXML;
20import org.greenstone.gsdl3.util.UserContext;
21import org.greenstone.gsdl3.action.DocumentAction;
22import org.w3c.dom.Document;
23import org.w3c.dom.Element;
24import org.w3c.dom.NodeList;
25
26public class URLFilter implements Filter
27{
28 private FilterConfig _filterConfig = null;
29 private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
30
31 //Restricted URLs
32 protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
33
34 protected static final ArrayList<String> _restrictedURLs;
35 static
36 {
37 ArrayList<String> restrictedURLs = new ArrayList<String>();
38 restrictedURLs.add(SITECONFIG_URL);
39 _restrictedURLs = restrictedURLs;
40 }
41
42 public void init(FilterConfig filterConfig) throws ServletException
43 {
44 this._filterConfig = filterConfig;
45 }
46
47 public void destroy()
48 {
49 this._filterConfig = null;
50 }
51
52 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
53 {
54 if (request instanceof HttpServletRequest)
55 {
56 HttpServletRequest hRequest = ((HttpServletRequest) request);
57 GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
58
59 String url = hRequest.getRequestURI().toString();
60
61 if (isURLRestricted(url))
62 {
63 response.getWriter().println("Access to this page is forbidden.");
64 return;
65 }
66
67 if (url.contains("/index/assoc/"))
68 {
69 String dir = null;
70 int dirStart = url.indexOf("/index/assoc/") + "/index/assoc/".length();
71 int dirEnd = -1;
72 if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
73 {
74 dirEnd = url.indexOf("/", dirStart);
75 }
76 if (dirEnd != -1)
77 {
78 dir = url.substring(dirStart, dirEnd);
79 }
80 if (dir == null)
81 {
82 return;
83 }
84
85 String collection = null;
86 int colStart = url.indexOf("/collect/") + "/collect/".length();
87 int colEnd = -1;
88 if (colStart < url.length() && url.indexOf("/", colStart) != -1)
89 {
90 colEnd = url.indexOf("/", colStart);
91 }
92 if (colEnd != -1)
93 {
94 collection = url.substring(colStart, colEnd);
95 }
96 if (collection == null)
97 {
98 return;
99 }
100
101 MessageRouter gsRouter = (MessageRouter) request.getServletContext().getAttribute("GSRouter");
102 if (gsRouter == null)
103 {
104 _logger.error("Receptionist is null, stopping filter");
105 return;
106 }
107
108 Document gsDoc = (Document) request.getServletContext().getAttribute("GSDocument");
109 if (gsDoc == null)
110 {
111 _logger.error("Document is null, stopping filter");
112 return;
113 }
114
115 Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
116 Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/DocumentMetadataRetrieve", new UserContext());
117 metaMessage.appendChild(metaRequest);
118
119 Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
120 metaRequest.appendChild(paramList);
121
122 Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
123 paramList.appendChild(param);
124
125 param.setAttribute(GSXML.NAME_ATT, "metadata");
126 param.setAttribute(GSXML.VALUE_ATT, "contains");
127
128 Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
129 metaRequest.appendChild(docList);
130
131 Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
132 docList.appendChild(doc);
133
134 doc.setAttribute(GSXML.NODE_ID_ATT, dir);
135
136 Element metaResponse = (Element) gsRouter.process(metaMessage);
137
138 NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
139 if (metadataList.getLength() == 0)
140 {
141 _logger.error("Could not find the document related to this url");
142 }
143 else
144 {
145 Element metadata = (Element) metadataList.item(0);
146 String document = metadata.getTextContent();
147
148 //Get the security info for this collection
149 Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
150 Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
151 securityMessage.appendChild(securityRequest);
152 if (document != null && !document.equals(""))
153 {
154 securityRequest.setAttribute(GSXML.NODE_OID, document);
155 }
156
157 Element securityResponse = (Element) GSXML.getChildByTagName(gsRouter.process(securityMessage), GSXML.RESPONSE_ELEM);
158 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
159
160 if (!groups.contains(""))
161 {
162 boolean found = false;
163 for (String group : groups)
164 {
165 if (((HttpServletRequest) request).isUserInRole(group))
166 {
167 found = true;
168 break;
169 }
170 }
171
172 if (!found)
173 {
174 return;
175 }
176 }
177 }
178 }
179 else
180 {
181 int index;
182 if((index = url.indexOf(";jsessionid")) != -1)
183 {
184 url = url.substring(0, index);
185 }
186 String[] segments = url.split("/");
187 for (int i = 0; i < segments.length; i++)
188 {
189 String[] additionalParameters = null;
190 String[] defaultParamValues = null;
191
192 //COLLECTION
193 if (segments[i].equals("collection") && (i + 1) < segments.length)
194 {
195 gRequest.setParameter(GSParams.COLLECTION, segments[i + 1]);
196 }
197 //DOCUMENT
198 else if (segments[i].equals("document") && (i + 1) < segments.length)
199 {
200 gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
201
202 additionalParameters = new String[] { GSParams.ACTION, GSParams.DOCUMENT_TYPE };
203 defaultParamValues = new String[] { "d", "hierarchy" };
204 }
205 //PAGE
206 else if (segments[i].equals("page") && (i + 1) < segments.length)
207 {
208 gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
209
210 additionalParameters = new String[] { GSParams.ACTION };
211 defaultParamValues = new String[] { "p" };
212 }
213 //ADMIN
214 else if (segments[i].equals("admin") && (i + 1) < segments.length)
215 {
216 String pageName = segments[i + 1];
217
218 gRequest.setParameter("s1.authpage", pageName);
219
220 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
221 defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
222 }
223 //BROWSE
224 else if (segments[i].equals("browse") && (i + 1) < segments.length)
225 {
226 String cl = "";
227 for (int j = 1; (i + j) < segments.length; j++)
228 {
229 if (!segments[i + j].matches("^(CL|cl)?\\d+$"))
230 {
231 break;
232 }
233
234 if (j > 1)
235 {
236 cl += ".";
237 }
238
239 cl += segments[i + j].replace("CL", "").replace("cl", "");
240 }
241
242 gRequest.setParameter("cl", "CL" + cl);
243
244 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
245 defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
246 }
247 //QUERY
248 else if (segments[i].equals("search"))
249 {
250 String serviceName = "";
251 if ((i + 1) < segments.length)
252 {
253 serviceName = segments[i + 1];
254 gRequest.setParameter("s", serviceName);
255
256 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
257 defaultParamValues = new String[] { "q", "", "d" };
258 }
259 if((i + 2) < segments.length)
260 {
261 System.err.println("HUH??");
262 if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
263 {
264 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.index", "s1.startPage" };
265 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
266
267 gRequest.setParameter("s1.query", segments[i + 2]);
268 }
269 else if (serviceName.equals("FieldQuery"))
270 {
271 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.startPage" };
272 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
273
274 gRequest.setParameter("s1.fqv", segments[i + 2]);
275 }
276 else if (serviceName.equals("AdvancedFieldQuery"))
277 {
278 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.fqk", "s1.startPage" };
279 defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "0", "1" };
280
281 gRequest.setParameter("s1.fqv", segments[i + 2]);
282 }
283 }
284 }
285 if (additionalParameters != null)
286 {
287 for (int j = 0; j < additionalParameters.length; j++)
288 {
289 if (gRequest.getParameter(additionalParameters[j]) == null)
290 {
291 gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
292 }
293 }
294 }
295 }
296 }
297
298 chain.doFilter(gRequest, response);
299 }
300 else
301 {
302 //Will this ever happen?
303 System.err.println("The request was not an HttpServletRequest");
304 }
305 }
306
307 private boolean isURLRestricted(String url)
308 {
309 for (String restrictedURL : _restrictedURLs)
310 {
311 if (url.matches(".*" + restrictedURL + ".*"))
312 {
313 return true;
314 }
315 }
316
317 return false;
318 }
319
320 private class GSHttpServletRequestWrapper extends HttpServletRequestWrapper
321 {
322 private HashMap<String, String[]> _newParams = new HashMap<String, String[]>();
323
324 public GSHttpServletRequestWrapper(ServletRequest request)
325 {
326 super((HttpServletRequest) request);
327 }
328
329 public void setParameter(String paramName, String[] paramValues)
330 {
331 _newParams.put(paramName, paramValues);
332 }
333
334 public void setParameter(String paramName, String paramValue)
335 {
336 _newParams.put(paramName, new String[] { paramValue });
337 }
338
339 public String getParameter(String paramName)
340 {
341 if (super.getParameter(paramName) != null)
342 {
343 return super.getParameter(paramName);
344 }
345 else
346 {
347 if (_newParams.get(paramName) != null && _newParams.get(paramName)[0] != null)
348 {
349 return _newParams.get(paramName)[0];
350 }
351 return null;
352 }
353 }
354
355 public String[] getParameterValues(String paramName)
356 {
357 if (super.getParameterValues(paramName) != null)
358 {
359 return super.getParameterValues(paramName);
360 }
361 else
362 {
363 return _newParams.get(paramName);
364 }
365 }
366
367 public Map<String, String[]> getParameterMap()
368 {
369 HashMap<String, String[]> returnMap = new HashMap<String, String[]>();
370 returnMap.putAll(super.getParameterMap());
371 returnMap.putAll(_newParams);
372 return returnMap;
373 }
374 }
375}
Note: See TracBrowser for help on using the repository browser.