1 | package org.greenstone.gsdl3.core;
|
---|
2 |
|
---|
3 | import java.io.IOException;
|
---|
4 | import java.util.ArrayList;
|
---|
5 | import java.util.HashMap;
|
---|
6 | import java.util.Map;
|
---|
7 |
|
---|
8 | import javax.servlet.Filter;
|
---|
9 | import javax.servlet.FilterChain;
|
---|
10 | import javax.servlet.FilterConfig;
|
---|
11 | import javax.servlet.ServletException;
|
---|
12 | import javax.servlet.ServletRequest;
|
---|
13 | import javax.servlet.ServletResponse;
|
---|
14 | import javax.servlet.http.HttpServletRequest;
|
---|
15 | import javax.servlet.http.HttpServletRequestWrapper;
|
---|
16 |
|
---|
17 | import org.apache.log4j.Logger;
|
---|
18 | import org.greenstone.gsdl3.util.GSParams;
|
---|
19 | import org.greenstone.gsdl3.util.GSXML;
|
---|
20 | import org.greenstone.gsdl3.util.UserContext;
|
---|
21 | import org.w3c.dom.Document;
|
---|
22 | import org.w3c.dom.Element;
|
---|
23 | import org.w3c.dom.NodeList;
|
---|
24 |
|
---|
25 | public class URLFilter implements Filter
|
---|
26 | {
|
---|
27 | private FilterConfig _filterConfig = null;
|
---|
28 | private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
|
---|
29 |
|
---|
30 | //Restricted URLs
|
---|
31 | protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
|
---|
32 | protected static final String USERS_DB_URL = "sites/[^/]+/etc/usersDB/.*";
|
---|
33 | protected static final ArrayList<String> _restrictedURLs;
|
---|
34 | static
|
---|
35 | {
|
---|
36 | ArrayList<String> restrictedURLs = new ArrayList<String>();
|
---|
37 | restrictedURLs.add(SITECONFIG_URL);
|
---|
38 | restrictedURLs.add(USERS_DB_URL);
|
---|
39 | _restrictedURLs = restrictedURLs;
|
---|
40 | }
|
---|
41 |
|
---|
42 | //Constants
|
---|
43 | protected static final String DOCUMENT_PATH = "document";
|
---|
44 | protected static final String COLLECTION_PATH = "collection";
|
---|
45 | protected static final String PAGE_PATH = "page";
|
---|
46 | protected static final String SYSTEM_PATH = "system";
|
---|
47 |
|
---|
48 | protected static final String METADATA_RETRIEVAL_SERVICE = "DocumentMetadataRetrieve";
|
---|
49 | protected static final String ASSOCIATED_FILE_PATH = "/index/assoc/";
|
---|
50 | protected static final String COLLECTION_FILE_PATH = "/collect/";
|
---|
51 |
|
---|
52 | protected static final String SYSTEM_SUBACTION_CONFIGURE = "configure";
|
---|
53 | protected static final String SYSTEM_SUBACTION_RECONFIGURE = "reconfigure";
|
---|
54 | protected static final String SYSTEM_SUBACTION_ACTIVATE = "activate";
|
---|
55 | protected static final String SYSTEM_SUBACTION_DEACTIVATE = "deactivate";
|
---|
56 |
|
---|
57 | public void init(FilterConfig filterConfig) throws ServletException
|
---|
58 | {
|
---|
59 | this._filterConfig = filterConfig;
|
---|
60 | }
|
---|
61 |
|
---|
62 | public void destroy()
|
---|
63 | {
|
---|
64 | this._filterConfig = null;
|
---|
65 | }
|
---|
66 |
|
---|
67 | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
|
---|
68 | {
|
---|
69 | if (request instanceof HttpServletRequest)
|
---|
70 | {
|
---|
71 | HttpServletRequest hRequest = ((HttpServletRequest) request);
|
---|
72 | GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
|
---|
73 |
|
---|
74 | String url = hRequest.getRequestURI().toString();
|
---|
75 |
|
---|
76 | if (isURLRestricted(url))
|
---|
77 | {
|
---|
78 | response.getWriter().println("Access to this page is forbidden.");
|
---|
79 | return;
|
---|
80 | }
|
---|
81 |
|
---|
82 | //If the user is trying to access a collection file we need to run a security check
|
---|
83 | if (url.contains(ASSOCIATED_FILE_PATH))
|
---|
84 | {
|
---|
85 | String dir = null;
|
---|
86 | int dirStart = url.indexOf(ASSOCIATED_FILE_PATH) + ASSOCIATED_FILE_PATH.length();
|
---|
87 | int dirEnd = -1;
|
---|
88 | if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
|
---|
89 | {
|
---|
90 | dirEnd = url.indexOf("/", dirStart);
|
---|
91 | }
|
---|
92 | if (dirEnd != -1)
|
---|
93 | {
|
---|
94 | dir = url.substring(dirStart, dirEnd);
|
---|
95 | }
|
---|
96 | if (dir == null)
|
---|
97 | {
|
---|
98 | return;
|
---|
99 | }
|
---|
100 |
|
---|
101 | String collection = null;
|
---|
102 | int colStart = url.indexOf(COLLECTION_FILE_PATH) + COLLECTION_FILE_PATH.length();
|
---|
103 | int colEnd = -1;
|
---|
104 | if (colStart < url.length() && url.indexOf("/", colStart) != -1)
|
---|
105 | {
|
---|
106 | colEnd = url.indexOf("/", colStart);
|
---|
107 | }
|
---|
108 | if (colEnd != -1)
|
---|
109 | {
|
---|
110 | collection = url.substring(colStart, colEnd);
|
---|
111 | }
|
---|
112 | if (collection == null)
|
---|
113 | {
|
---|
114 | return;
|
---|
115 | }
|
---|
116 |
|
---|
117 | MessageRouter gsRouter = (MessageRouter) request.getServletContext().getAttribute("GSRouter");
|
---|
118 | if (gsRouter == null)
|
---|
119 | {
|
---|
120 | _logger.error("Receptionist is null, stopping filter");
|
---|
121 | return;
|
---|
122 | }
|
---|
123 |
|
---|
124 | Document gsDoc = (Document) request.getServletContext().getAttribute("GSDocument");
|
---|
125 | if (gsDoc == null)
|
---|
126 | {
|
---|
127 | _logger.error("Document is null, stopping filter");
|
---|
128 | return;
|
---|
129 | }
|
---|
130 |
|
---|
131 | Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
|
---|
132 | Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/" + METADATA_RETRIEVAL_SERVICE, new UserContext());
|
---|
133 | metaMessage.appendChild(metaRequest);
|
---|
134 |
|
---|
135 | Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
|
---|
136 | metaRequest.appendChild(paramList);
|
---|
137 |
|
---|
138 | Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
|
---|
139 | paramList.appendChild(param);
|
---|
140 |
|
---|
141 | param.setAttribute(GSXML.NAME_ATT, "metadata");
|
---|
142 | param.setAttribute(GSXML.VALUE_ATT, "contains");
|
---|
143 |
|
---|
144 | Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
|
---|
145 | metaRequest.appendChild(docList);
|
---|
146 |
|
---|
147 | Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
|
---|
148 | docList.appendChild(doc);
|
---|
149 |
|
---|
150 | doc.setAttribute(GSXML.NODE_ID_ATT, dir);
|
---|
151 |
|
---|
152 | Element metaResponse = (Element) gsRouter.process(metaMessage);
|
---|
153 |
|
---|
154 | NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
|
---|
155 | if (metadataList.getLength() == 0)
|
---|
156 | {
|
---|
157 | _logger.error("Could not find the document related to this url");
|
---|
158 | }
|
---|
159 | else
|
---|
160 | {
|
---|
161 | Element metadata = (Element) metadataList.item(0);
|
---|
162 | String document = metadata.getTextContent();
|
---|
163 |
|
---|
164 | //Get the security info for this collection
|
---|
165 | Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
|
---|
166 | Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
|
---|
167 | securityMessage.appendChild(securityRequest);
|
---|
168 | if (document != null && !document.equals(""))
|
---|
169 | {
|
---|
170 | securityRequest.setAttribute(GSXML.NODE_OID, document);
|
---|
171 | }
|
---|
172 |
|
---|
173 | Element securityResponse = (Element) GSXML.getChildByTagName(gsRouter.process(securityMessage), GSXML.RESPONSE_ELEM);
|
---|
174 | ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
|
---|
175 |
|
---|
176 | if (!groups.contains(""))
|
---|
177 | {
|
---|
178 | boolean found = false;
|
---|
179 | for (String group : groups)
|
---|
180 | {
|
---|
181 | if (((HttpServletRequest) request).isUserInRole(group))
|
---|
182 | {
|
---|
183 | found = true;
|
---|
184 | break;
|
---|
185 | }
|
---|
186 | }
|
---|
187 |
|
---|
188 | if (!found)
|
---|
189 | {
|
---|
190 | return;
|
---|
191 | }
|
---|
192 | }
|
---|
193 | }
|
---|
194 | }
|
---|
195 | else
|
---|
196 | {
|
---|
197 | //If we have a jsessionid on the end of our URL we want to ignore it
|
---|
198 | int index;
|
---|
199 | if ((index = url.indexOf(";jsessionid")) != -1)
|
---|
200 | {
|
---|
201 | url = url.substring(0, index);
|
---|
202 | }
|
---|
203 | String[] segments = url.split("/");
|
---|
204 | for (int i = 0; i < segments.length; i++)
|
---|
205 | {
|
---|
206 | String[] additionalParameters = null;
|
---|
207 | String[] defaultParamValues = null;
|
---|
208 |
|
---|
209 | //COLLECTION
|
---|
210 | if (segments[i].equals(COLLECTION_PATH) && (i + 1) < segments.length)
|
---|
211 | {
|
---|
212 | gRequest.setParameter(GSParams.COLLECTION, segments[i + 1]);
|
---|
213 | }
|
---|
214 | //DOCUMENT
|
---|
215 | else if (segments[i].equals(DOCUMENT_PATH) && (i + 1) < segments.length)
|
---|
216 | {
|
---|
217 | gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
|
---|
218 |
|
---|
219 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
220 | defaultParamValues = new String[] { "d" };
|
---|
221 | //additionalParameters = new String[] { GSParams.ACTION, GSParams.DOCUMENT_TYPE };
|
---|
222 | //defaultParamValues = new String[] { "d", "hierarchy" };
|
---|
223 | }
|
---|
224 | //PAGE
|
---|
225 | else if (segments[i].equals(PAGE_PATH) && (i + 1) < segments.length)
|
---|
226 | {
|
---|
227 | gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
|
---|
228 |
|
---|
229 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
230 | defaultParamValues = new String[] { "p" };
|
---|
231 | }
|
---|
232 | //SYSTEM
|
---|
233 | else if (segments[i].equals(SYSTEM_PATH) && (i + 1) < segments.length)
|
---|
234 | {
|
---|
235 | String sa = segments[i + 1];
|
---|
236 | if (sa.equals(SYSTEM_SUBACTION_CONFIGURE) || sa.equals(SYSTEM_SUBACTION_RECONFIGURE))
|
---|
237 | {
|
---|
238 | sa = "c";
|
---|
239 | }
|
---|
240 | else if (sa.equals(SYSTEM_SUBACTION_ACTIVATE))
|
---|
241 | {
|
---|
242 | sa = "a";
|
---|
243 | }
|
---|
244 | else if (sa.equals(SYSTEM_SUBACTION_DEACTIVATE))
|
---|
245 | {
|
---|
246 | sa = "d";
|
---|
247 | }
|
---|
248 |
|
---|
249 | if (sa.equals("c") && (i + 2) < segments.length)
|
---|
250 | {
|
---|
251 | gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
|
---|
252 | }
|
---|
253 |
|
---|
254 | if (sa.equals("a") && (i + 2) < segments.length)
|
---|
255 | {
|
---|
256 | gRequest.setParameter(GSParams.SYSTEM_MODULE_TYPE, "collection");
|
---|
257 | gRequest.setParameter(GSParams.SYSTEM_MODULE_NAME, segments[i + 2]);
|
---|
258 | }
|
---|
259 |
|
---|
260 | if (sa.equals("d") && (i + 2) < segments.length)
|
---|
261 | {
|
---|
262 | gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
|
---|
263 | }
|
---|
264 |
|
---|
265 | gRequest.setParameter(GSParams.SUBACTION, sa);
|
---|
266 |
|
---|
267 | additionalParameters = new String[] { GSParams.ACTION };
|
---|
268 | defaultParamValues = new String[] { "s" };
|
---|
269 | }
|
---|
270 | //ADMIN
|
---|
271 | else if (segments[i].equals("admin") && (i + 1) < segments.length)
|
---|
272 | {
|
---|
273 | String pageName = segments[i + 1];
|
---|
274 |
|
---|
275 | gRequest.setParameter("s1.authpage", pageName);
|
---|
276 |
|
---|
277 | additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
|
---|
278 | defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
|
---|
279 | }
|
---|
280 | //BROWSE
|
---|
281 | else if (segments[i].equals("browse") && (i + 1) < segments.length)
|
---|
282 | {
|
---|
283 | String cl = "";
|
---|
284 | for (int j = 1; (i + j) < segments.length; j++)
|
---|
285 | {
|
---|
286 | String currentSegment = segments[i + j].replace("CL", "").replace("cl", "");
|
---|
287 | if (currentSegment.contains("."))
|
---|
288 | {
|
---|
289 | String[] subsegments = currentSegment.split("\\.");
|
---|
290 | for (String subsegment : subsegments)
|
---|
291 | {
|
---|
292 | subsegment = subsegment.replace("CL", "").replace("cl", "");
|
---|
293 |
|
---|
294 | if (cl.length() > 0)
|
---|
295 | {
|
---|
296 | cl += ".";
|
---|
297 | }
|
---|
298 |
|
---|
299 | if (subsegment.length() > 0)
|
---|
300 | {
|
---|
301 | cl += subsegment;
|
---|
302 | }
|
---|
303 | }
|
---|
304 | continue;
|
---|
305 | }
|
---|
306 | if (!currentSegment.matches("^(CL|cl)?\\d+$"))
|
---|
307 | {
|
---|
308 | continue;
|
---|
309 | }
|
---|
310 |
|
---|
311 | if (cl.length() > 0)
|
---|
312 | {
|
---|
313 | cl += ".";
|
---|
314 | }
|
---|
315 |
|
---|
316 | cl += currentSegment;
|
---|
317 | }
|
---|
318 |
|
---|
319 | gRequest.setParameter("cl", "CL" + cl);
|
---|
320 |
|
---|
321 | additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
|
---|
322 | defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
|
---|
323 | }
|
---|
324 | //QUERY
|
---|
325 | else if (segments[i].equals("search"))
|
---|
326 | {
|
---|
327 | String serviceName = "";
|
---|
328 | if ((i + 1) < segments.length)
|
---|
329 | {
|
---|
330 | serviceName = segments[i + 1];
|
---|
331 | gRequest.setParameter("s", serviceName);
|
---|
332 |
|
---|
333 | additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
|
---|
334 | defaultParamValues = new String[] { "q", "", "d" };
|
---|
335 | }
|
---|
336 | if ((i + 2) < segments.length)
|
---|
337 | {
|
---|
338 | if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
|
---|
339 | {
|
---|
340 | additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.index", "s1.startPage" };
|
---|
341 | defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
|
---|
342 |
|
---|
343 | gRequest.setParameter("s1.query", segments[i + 2]);
|
---|
344 | }
|
---|
345 | else if (serviceName.equals("FieldQuery"))
|
---|
346 | {
|
---|
347 | additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.startPage" };
|
---|
348 | defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "1" };
|
---|
349 |
|
---|
350 | gRequest.setParameter("s1.fqv", segments[i + 2]);
|
---|
351 | }
|
---|
352 | else if (serviceName.equals("AdvancedFieldQuery"))
|
---|
353 | {
|
---|
354 | additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE, "s1.maxDocs", "s1.hitsPerPage", "s1.level", "s1.sortBy", "s1.fqf", "s1.fqk", "s1.startPage" };
|
---|
355 | defaultParamValues = new String[] { "q", "", "rd", "100", "20", "Sec", "rank", "ZZ", "0", "1" };
|
---|
356 |
|
---|
357 | gRequest.setParameter("s1.fqv", segments[i + 2]);
|
---|
358 | }
|
---|
359 | }
|
---|
360 | }
|
---|
361 | if (additionalParameters != null)
|
---|
362 | {
|
---|
363 | for (int j = 0; j < additionalParameters.length; j++)
|
---|
364 | {
|
---|
365 | if (gRequest.getParameter(additionalParameters[j]) == null)
|
---|
366 | {
|
---|
367 | gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
|
---|
368 | }
|
---|
369 | }
|
---|
370 | }
|
---|
371 | }
|
---|
372 | }
|
---|
373 |
|
---|
374 | chain.doFilter(gRequest, response);
|
---|
375 | }
|
---|
376 | else
|
---|
377 | {
|
---|
378 | //Will this ever happen?
|
---|
379 | System.err.println("The request was not an HttpServletRequest");
|
---|
380 | }
|
---|
381 | }
|
---|
382 |
|
---|
383 | private boolean isURLRestricted(String url)
|
---|
384 | {
|
---|
385 | for (String restrictedURL : _restrictedURLs)
|
---|
386 | {
|
---|
387 | if (url.matches(".*" + restrictedURL + ".*"))
|
---|
388 | {
|
---|
389 | return true;
|
---|
390 | }
|
---|
391 | }
|
---|
392 |
|
---|
393 | return false;
|
---|
394 | }
|
---|
395 |
|
---|
396 | private class GSHttpServletRequestWrapper extends HttpServletRequestWrapper
|
---|
397 | {
|
---|
398 | private HashMap<String, String[]> _newParams = new HashMap<String, String[]>();
|
---|
399 |
|
---|
400 | public GSHttpServletRequestWrapper(ServletRequest request)
|
---|
401 | {
|
---|
402 | super((HttpServletRequest) request);
|
---|
403 | }
|
---|
404 |
|
---|
405 | public void setParameter(String paramName, String[] paramValues)
|
---|
406 | {
|
---|
407 | _newParams.put(paramName, paramValues);
|
---|
408 | }
|
---|
409 |
|
---|
410 | public void setParameter(String paramName, String paramValue)
|
---|
411 | {
|
---|
412 | _newParams.put(paramName, new String[] { paramValue });
|
---|
413 | }
|
---|
414 |
|
---|
415 | public String getParameter(String paramName)
|
---|
416 | {
|
---|
417 | if (super.getParameter(paramName) != null)
|
---|
418 | {
|
---|
419 | return super.getParameter(paramName);
|
---|
420 | }
|
---|
421 | else
|
---|
422 | {
|
---|
423 | if (_newParams.get(paramName) != null && _newParams.get(paramName)[0] != null)
|
---|
424 | {
|
---|
425 | return _newParams.get(paramName)[0];
|
---|
426 | }
|
---|
427 | return null;
|
---|
428 | }
|
---|
429 | }
|
---|
430 |
|
---|
431 | public String[] getParameterValues(String paramName)
|
---|
432 | {
|
---|
433 | if (super.getParameterValues(paramName) != null)
|
---|
434 | {
|
---|
435 | return super.getParameterValues(paramName);
|
---|
436 | }
|
---|
437 | else
|
---|
438 | {
|
---|
439 | return _newParams.get(paramName);
|
---|
440 | }
|
---|
441 | }
|
---|
442 |
|
---|
443 | public Map<String, String[]> getParameterMap()
|
---|
444 | {
|
---|
445 | HashMap<String, String[]> returnMap = new HashMap<String, String[]>();
|
---|
446 | returnMap.putAll(super.getParameterMap());
|
---|
447 | returnMap.putAll(_newParams);
|
---|
448 | return returnMap;
|
---|
449 | }
|
---|
450 | }
|
---|
451 | } |
---|