source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java@ 33058

Last change on this file since 33058 was 33058, checked in by kjdon, 5 years ago

assocfilepath might have multiple directories, so make sure we get them all
  • Property svn:executable set to *
File size: 17.2 KB
Line 
1package org.greenstone.gsdl3.core;
2
3import java.io.File;
4import java.io.IOException;
5import java.util.ArrayList;
6import java.util.Arrays;
7import java.util.HashMap;
8import java.util.Map;
9
10import javax.servlet.Filter;
11import javax.servlet.FilterChain;
12import javax.servlet.FilterConfig;
13import javax.servlet.ServletContext;
14import javax.servlet.ServletException;
15import javax.servlet.ServletOutputStream;
16import javax.servlet.ServletRequest;
17import javax.servlet.ServletResponse;
18import javax.servlet.http.HttpSession;
19import javax.servlet.http.HttpServletRequest;
20import javax.servlet.http.HttpServletRequestWrapper;
21import javax.servlet.http.HttpServletResponse;
22
23import org.apache.commons.io.FileUtils;
24import org.apache.commons.lang3.StringUtils;
25
26import org.apache.log4j.Logger;
27import org.greenstone.gsdl3.util.GSParams;
28import org.greenstone.gsdl3.util.GSXML;
29import org.greenstone.gsdl3.util.UserContext;
30import org.greenstone.gsdl3.util.XMLConverter;
31import org.greenstone.gsdl3.service.Authentication;
32import org.w3c.dom.Document;
33import org.w3c.dom.Element;
34import org.w3c.dom.NodeList;
35
36public class URLFilter implements Filter
37{
38 private FilterConfig _filterConfig = null;
39 private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());
40
41 //Restricted URLs
42 protected static final String SITECONFIG_URL = "sites/[^/]+/siteConfig.xml";
43 protected static final String USERS_DB_URL = "etc/usersDB/.*";
44 protected static final ArrayList<String> _restrictedURLs;
45 static
46 {
47 ArrayList<String> restrictedURLs = new ArrayList<String>();
48 restrictedURLs.add(SITECONFIG_URL);
49 restrictedURLs.add(USERS_DB_URL);
50 _restrictedURLs = restrictedURLs;
51 }
52
53 //Constants
54 protected static final String DOCUMENT_PATH = "document";
55 protected static final String COLLECTION_PATH = "collection";
56 protected static final String GROUP_PATH = "group";
57 protected static final String PAGE_PATH = "page";
58 protected static final String SYSTEM_PATH = "system";
59 protected static final String BROWSE_PATH = "browse";
60 protected static final String SEARCH_PATH = "search";
61
62 protected static final String METADATA_RETRIEVAL_SERVICE = "DocumentMetadataRetrieve";
63 protected static final String ASSOCIATED_FILE_PATH = "/index/assoc/";
64 protected static final String COLLECTION_FILE_PATH = "/collect/";
65 protected static final String INTERFACE_PATH = "/interfaces/";
66
67 protected static final String SYSTEM_SUBACTION_CONFIGURE = "configure";
68 protected static final String SYSTEM_SUBACTION_RECONFIGURE = "reconfigure";
69 protected static final String SYSTEM_SUBACTION_ACTIVATE = "activate";
70 protected static final String SYSTEM_SUBACTION_DEACTIVATE = "deactivate";
71
72 public void init(FilterConfig filterConfig) throws ServletException
73 {
74 this._filterConfig = filterConfig;
75 }
76
77 public void destroy()
78 {
79 this._filterConfig = null;
80 }
81
82 @SuppressWarnings("deprecation")
83 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
84 {
85 if (request instanceof HttpServletRequest)
86 {
87 HttpServletRequest hRequest = ((HttpServletRequest) request);
88 HttpSession hSession = hRequest.getSession();
89 ServletContext context = hSession.getServletContext();
90
91 GSHttpServletRequestWrapper gRequest = new GSHttpServletRequestWrapper(hRequest);
92
93 // this is the part before the ?
94 String url = hRequest.getRequestURI().toString();
95
96 if (isURLRestricted(url))
97 {
98 response.getWriter().println("Access to this page is forbidden.");
99 return;
100 }
101
102 //If the user is trying to access a collection file we need to run a security check
103 if (url.contains(ASSOCIATED_FILE_PATH))
104 {
105 String dir = null;
106 int dirStart = url.indexOf(ASSOCIATED_FILE_PATH) + ASSOCIATED_FILE_PATH.length();
107 int dirEnd = -1;
108 if (dirStart < url.length() && url.indexOf("/", dirStart) != -1)
109 {
110 //dirEnd = url.indexOf("/", dirStart);
111 // assocfilepath might have more than one folder in it
112 dirEnd = url.lastIndexOf("/");
113 }
114 if (dirEnd != -1)
115 {
116 dir = url.substring(dirStart, dirEnd);
117 }
118 if (dir == null)
119 {
120 return;
121 }
122
123 String collection = null;
124 int colStart = url.indexOf(COLLECTION_FILE_PATH) + COLLECTION_FILE_PATH.length();
125 int colEnd = -1;
126 if (colStart < url.length() && url.indexOf("/", colStart) != -1)
127 {
128 colEnd = url.indexOf("/", colStart);
129 }
130 if (colEnd != -1)
131 {
132 collection = url.substring(colStart, colEnd);
133 }
134 if (collection == null)
135 {
136 return;
137 }
138
139 MessageRouter gsRouter = (MessageRouter) context.getAttribute("GSRouter");
140
141 if (gsRouter == null)
142 {
143 _logger.error("Receptionist is null, stopping filter");
144 return;
145 }
146
147 Document gsDoc = XMLConverter.newDOM();
148
149 Element metaMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
150 Element metaRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_PROCESS, collection + "/" + METADATA_RETRIEVAL_SERVICE, new UserContext());
151 metaMessage.appendChild(metaRequest);
152
153 Element paramList = gsDoc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
154 metaRequest.appendChild(paramList);
155
156 Element param = gsDoc.createElement(GSXML.PARAM_ELEM);
157 paramList.appendChild(param);
158
159 param.setAttribute(GSXML.NAME_ATT, "metadata");
160 param.setAttribute(GSXML.VALUE_ATT, "contains");
161
162 Element docList = gsDoc.createElement(GSXML.DOC_NODE_ELEM + GSXML.LIST_MODIFIER);
163 metaRequest.appendChild(docList);
164
165 Element doc = gsDoc.createElement(GSXML.DOC_NODE_ELEM);
166 docList.appendChild(doc);
167
168 doc.setAttribute(GSXML.NODE_ID_ATT, dir);
169
170 Element metaResponse = (Element) gsRouter.process(metaMessage);
171
172 NodeList metadataList = metaResponse.getElementsByTagName(GSXML.METADATA_ELEM);
173 if (metadataList.getLength() == 0)
174 {
175 _logger.error("Could not find the document related to this url");
176 }
177 else
178 {
179 Element metadata = (Element) metadataList.item(0);
180 String document = metadata.getTextContent();
181
182 //Get the security info for this collection
183 Element securityMessage = gsDoc.createElement(GSXML.MESSAGE_ELEM);
184 Element securityRequest = GSXML.createBasicRequest(gsDoc, GSXML.REQUEST_TYPE_SECURITY, collection, new UserContext());
185 securityMessage.appendChild(securityRequest);
186 if (document != null && !document.equals(""))
187 {
188 securityRequest.setAttribute(GSXML.NODE_OID, document);
189 }
190
191 Element securityResponse = (Element) GSXML.getChildByTagName(gsRouter.process(securityMessage), GSXML.RESPONSE_ELEM);
192 ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
193 _logger.debug("security response = "+XMLConverter.getPrettyString(securityResponse));
194
195 if (!groups.contains(""))
196 {
197 boolean found = false;
198 for (String group : groups)
199 {
200 if (((HttpServletRequest) request).isUserInRole(group))
201 {
202 found = true;
203 break;
204 }
205 }
206
207 if (!found)
208 {
209 // this just returns nothing to the browser - get no error or anything, just an empty document
210 // can we return an error page??
211 String new_url = context.getContextPath()+"/"+ context.getAttribute("LibraryName")+"?a=p&sa=error&c="+collection+"&ec=wrong_group";
212 ((HttpServletResponse)response).sendRedirect(new_url);
213 return;
214 }
215 }
216 // if got here have no groups.
217 // do we have human verify thing?
218 boolean human_verify = false;
219
220 if (!securityResponse.getAttribute("humanVerify").equals("")) {
221 // have we already done the test?
222 String hmvf_response = gRequest.getParameter("hmvf");
223 // hmvf param will be set by form
224 if (hmvf_response != null) {
225 if (!securityResponse.getAttribute("siteKey").equals("")) {
226 String recaptcha_response = gRequest.getParameter("g-recaptcha-response");
227 String secret_key = securityResponse.getAttribute("secretKey");
228 int result = Authentication.verifyRecaptcha(secret_key, recaptcha_response);
229 _logger.debug("recaptcha result code = "+result);
230 if (result == Authentication.NO_ERROR) {
231 _logger.debug("RECAPTCHA SUCCESS, hopefully going to the document");
232
233 } else {
234 _logger.error("something went wrong with recaptcha, error="+result);
235 _logger.error(Authentication.getErrorKey(result));
236 // display error page
237 String new_url = context.getContextPath()+"/"+ context.getAttribute("LibraryName")+"?a=p&sa=error&c="+collection+"&ec=recap_fail";
238 ((HttpServletResponse)response).sendRedirect(new_url);
239
240 return;
241 }
242 }
243
244 } else {
245 // hmvf param is not set - we haven't shown them the form yet
246 // we need to display the verify page
247 String new_url = context.getContextPath()+"/"+ context.getAttribute("LibraryName")+"?a=p&sa=verify&c="+collection+"&url="+url;
248 ((HttpServletResponse)response).sendRedirect(new_url);
249 return;
250 }
251 }
252 }
253 }
254 else if (url.contains(INTERFACE_PATH))
255 {
256 String fileURL = url.replaceFirst(context.getContextPath(), "");
257 File requestedFile = new File(context.getRealPath(fileURL));
258
259 if (!requestedFile.exists())
260 {
261 int interfaceNameStart = fileURL.indexOf(INTERFACE_PATH) + INTERFACE_PATH.length();
262 int interfaceNameEnd = fileURL.indexOf("/", interfaceNameStart);
263 String interfaceName = fileURL.substring(interfaceNameStart, interfaceNameEnd);
264 String interfacesDir = fileURL.substring(0, interfaceNameStart);
265 File interfaceConfigFile = new File(context.getRealPath(interfacesDir + interfaceName + "/interfaceConfig.xml"));
266
267 if (interfaceConfigFile.exists())
268 {
269 Document interfaceConfigDoc = XMLConverter.getDOM(interfaceConfigFile);
270
271 String baseInterface = interfaceConfigDoc.getDocumentElement().getAttribute("baseInterface");
272 if (baseInterface.length() > 0)
273 {
274 File baseInterfaceFile = new File(context.getRealPath(fileURL.replace("/" + interfaceName + "/", "/" + baseInterface + "/")));
275 if (baseInterfaceFile.exists())
276 {
277 ServletOutputStream out = response.getOutputStream();
278 out.write(FileUtils.readFileToByteArray(baseInterfaceFile));
279 out.flush();
280 out.close();
281 return;
282 }
283 }
284 }
285 }
286 }
287 else
288 {
289 ArrayList<String> keywords = new ArrayList<String>();
290 keywords.add(PAGE_PATH);
291 keywords.add(BROWSE_PATH);
292 keywords.add(SEARCH_PATH);
293 keywords.add(DOCUMENT_PATH);
294 //If we have a jsessionid on the end of our URL we want to ignore it
295 int index;
296 if ((index = url.indexOf(";jsessionid")) != -1)
297 {
298 url = url.substring(0, index);
299 }
300 String[] segments = url.split("/");
301 for (int i = 0; i < segments.length; i++)
302 {
303 String[] additionalParameters = null;
304 String[] defaultParamValues = null;
305 //COLLECTION
306 if (segments[i].equals(COLLECTION_PATH) && (i + 1) < segments.length) {
307 int j=i+1;
308 while(j+1 < segments.length && !keywords.contains(segments[j+1])) {
309 j++;
310 }
311
312 if (j>i+1) {
313 // we had a group part
314 String [] groups = Arrays.copyOfRange(segments, i+1, j);
315 String group = StringUtils.join(groups, "/");
316 gRequest.setParameter(GSParams.GROUP, group);
317 }
318 gRequest.setParameter(GSParams.COLLECTION, segments[j]);
319 }
320 // GROUP
321 else if(segments[i].equals(GROUP_PATH) && (i + 1) < segments.length)
322 {
323 // assume for now, no other path parts for group links
324 int j= segments.length - 1;
325 String group;
326 if (j==i+1) {
327 group = segments[j];
328 } else {
329 String [] groups = Arrays.copyOfRange(segments, i+1, j+1);
330 group = StringUtils.join(groups, "/");
331 }
332 gRequest.setParameter(GSParams.GROUP, group);
333 gRequest.setParameter(GSParams.ACTION, "p");
334 gRequest.setParameter(GSParams.SUBACTION, "home");
335
336 }
337 //DOCUMENT
338 else if (segments[i].equals(DOCUMENT_PATH) && (i + 1) < segments.length)
339 {
340 gRequest.setParameter(GSParams.DOCUMENT, segments[i + 1]);
341
342 additionalParameters = new String[] { GSParams.ACTION };
343 defaultParamValues = new String[] { "d" };
344 if ((i+2) < segments.length && segments[i+2].equals("print")) {
345 gRequest.setParameter(GSParams.SUBACTION, "print");
346 gRequest.setParameter("ed", "1");
347
348 }
349
350 }
351 //PAGE
352 else if (segments[i].equals(PAGE_PATH) && (i + 1) < segments.length)
353 {
354 gRequest.setParameter(GSParams.SUBACTION, segments[i + 1]);
355
356 additionalParameters = new String[] { GSParams.ACTION };
357 defaultParamValues = new String[] { "p" };
358 }
359 //SYSTEM
360 else if (segments[i].equals(SYSTEM_PATH) && (i + 1) < segments.length)
361 {
362 String sa = segments[i + 1];
363 if (sa.equals(SYSTEM_SUBACTION_CONFIGURE) || sa.equals(SYSTEM_SUBACTION_RECONFIGURE))
364 {
365 sa = "c";
366 }
367 else if (sa.equals(SYSTEM_SUBACTION_ACTIVATE))
368 {
369 sa = "a";
370 }
371 else if (sa.equals(SYSTEM_SUBACTION_DEACTIVATE))
372 {
373 sa = "d";
374 }
375
376 if (sa.equals("c") && (i + 2) < segments.length)
377 {
378 gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
379 }
380
381 if (sa.equals("a") && (i + 2) < segments.length)
382 {
383 gRequest.setParameter(GSParams.SYSTEM_MODULE_TYPE, "collection");
384 gRequest.setParameter(GSParams.SYSTEM_MODULE_NAME, segments[i + 2]);
385 }
386
387 if (sa.equals("d") && (i + 2) < segments.length)
388 {
389 gRequest.setParameter(GSParams.SYSTEM_CLUSTER, segments[i + 2]);
390 }
391
392 gRequest.setParameter(GSParams.SUBACTION, sa);
393
394 additionalParameters = new String[] { GSParams.ACTION };
395 defaultParamValues = new String[] { "s" };
396 }
397 //ADMIN
398 else if (segments[i].equals("admin") && (i + 1) < segments.length)
399 {
400 String pageName = segments[i + 1];
401
402 gRequest.setParameter("s1.authpage", pageName);
403
404 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SUBACTION, GSParams.SERVICE };
405 defaultParamValues = new String[] { "g", "r", "authen", "Authentication" };
406 }
407 //BROWSE
408 else if (segments[i].equals(BROWSE_PATH) && (i + 1) < segments.length)
409 {
410 String cl = "";
411 for (int j = 1; (i + j) < segments.length; j++)
412 {
413 String currentSegment = segments[i + j].replace("CL", "").replace("cl", "");
414 if (currentSegment.contains("."))
415 {
416 String[] subsegments = currentSegment.split("\\.");
417 for (String subsegment : subsegments)
418 {
419 subsegment = subsegment.replace("CL", "").replace("cl", "");
420
421 if (cl.length() > 0)
422 {
423 cl += ".";
424 }
425
426 if (subsegment.length() > 0)
427 {
428 cl += subsegment;
429 }
430 }
431 continue;
432 }
433 if (!currentSegment.matches("^(CL|cl)?\\d+$"))
434 {
435 continue;
436 }
437
438 if (cl.length() > 0)
439 {
440 cl += ".";
441 }
442
443 cl += currentSegment;
444 }
445
446 gRequest.setParameter("cl", "CL" + cl);
447
448 additionalParameters = new String[] { GSParams.ACTION, GSParams.REQUEST_TYPE, GSParams.SERVICE };
449 defaultParamValues = new String[] { "b", "s", "ClassifierBrowse" };
450 }
451 //QUERY
452 else if (segments[i].equals(SEARCH_PATH))
453 {
454 String serviceName = "";
455 if ((i + 1) < segments.length)
456 {
457 serviceName = segments[i + 1];
458 gRequest.setParameter("s", serviceName);
459
460 additionalParameters = new String[] { GSParams.ACTION, GSParams.SUBACTION, GSParams.REQUEST_TYPE };
461 defaultParamValues = new String[] { "q", "", "d" };
462 }
463 if ((i + 2) < segments.length)
464 {
465 if (serviceName.equals("TextQuery") || serviceName.equals("RawQuery"))
466 {
467
468 gRequest.setParameter("s1.query", segments[i + 2]);
469 }
470 else if (serviceName.equals("FieldQuery"))
471 {
472 gRequest.setParameter("s1.fqv", segments[i + 2]);
473 }
474 else if (serviceName.equals("AdvancedFieldQuery"))
475 {
476 gRequest.setParameter("s1.fqv", segments[i + 2]);
477 }
478 }
479 }
480 if (additionalParameters != null)
481 {
482 for (int j = 0; j < additionalParameters.length; j++)
483 {
484 if (gRequest.getParameter(additionalParameters[j]) == null)
485 {
486 gRequest.setParameter(additionalParameters[j], defaultParamValues[j]);
487 }
488 }
489 }
490 }
491 }
492
493 chain.doFilter(gRequest, response);
494 }
495 else
496 {
497 //Will this ever happen?
498 System.err.println("The request was not an HttpServletRequest");
499 }
500 }
501
502 private boolean isURLRestricted(String url)
503 {
504 for (String restrictedURL : _restrictedURLs)
505 {
506 if (url.matches(".*" + restrictedURL + ".*"))
507 {
508 return true;
509 }
510 }
511
512 return false;
513 }
514
515}
Note: See TracBrowser for help on using the repository browser.