Filter


1   /* ====================================================================
2    * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3    *
4    * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5    *
6    * Redistribution and use in source and binary forms, with or without
7    * modification, are permitted provided that the following conditions
8    * are met:
9    *
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   *
13   * 2. Redistributions in binary form must reproduce the above copyright
14   *    notice, this list of conditions and the following disclaimer in
15   *    the documentation and/or other materials provided with the
16   *    distribution.
17   *
18   * 3. The end-user documentation included with the redistribution,
19   *    if any, must include the following acknowledgment:
20   *       "This product includes software developed by Jcorporate Ltd.
21   *        (http://www.jcorporate.com/)."
22   *    Alternately, this acknowledgment may appear in the software itself,
23   *    if and wherever such third-party acknowledgments normally appear.
24   *
25   * 4. "Jcorporate" and product names such as "Expresso" must
26   *    not be used to endorse or promote products derived from this
27   *    software without prior written permission. For written permission,
28   *    please contact info@jcorporate.com.
29   *
30   * 5. Products derived from this software may not be called "Expresso",
31   *    or other Jcorporate product names; nor may "Expresso" or other
32   *    Jcorporate product names appear in their name, without prior
33   *    written permission of Jcorporate Ltd.
34   *
35   * 6. No product derived from this software may compete in the same
36   *    market space, i.e. framework, without prior written permission
37   *    of Jcorporate Ltd. For written permission, please contact
38   *    partners@jcorporate.com.
39   *
40   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43   * DISCLAIMED.  IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44   * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45   * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46   * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51   * SUCH DAMAGE.
52   * ====================================================================
53   *
54   * This software consists of voluntary contributions made by many
55   * individuals on behalf of the Jcorporate Ltd. Contributions back
56   * to the project(s) are encouraged when you make modifications.
57   * Please send them to support@jcorporate.com. For more information
58   * on Jcorporate Ltd. and its products, please see
59   * <http://www.jcorporate.com/>.
60   *
61   * Portions of this software are based upon other open source
62   * products and are subject to their respective licenses.
63   */
64  
65  package com.jcorporate.expresso.core.security.filters;
66  
67  
68  /**
69   * This is the base class for all filters.  The purpose of the filter mechanism
70   * is to remove possibly harmful html code that could be injected into dynamic
71   * html code by a hacker.  The resulting code may steal users passwords from clients
72   * and do other bad things to their machines.  Expresso implements transparent
73   * filtering by automatically filtering all string content from databases and
74   * input parameters.
75   * <p/>
76   * <H4>How to Create your own character-set filter</H4><p>
77   * <p/>
78   * 1 - Derive a class from Filter. The name of the class should be the name of the
79   * characterset you're using.   If the characterset's name includes hyphens, substitute
80   * underscores ('_') for the hyphens in naming your filter.<p>
81   * <p/>
82   * 2 - Create two arrays,  one contains the characters that are special control
83   * characters and should be taken care of.  The second array contains the strings
84   * that will be substituted whenever one of the control characters is encountered
85   * (in standardMethod)<p>
86   * <p/>
87   * 3 - In your default constructor, pass those two arrays to the constructor of the
88   * base Filter Class<p>
89   * <p/>
90   * For a working example see
91   *
92   * @author Michael Rimov
93   * @see com.jcorporate.expresso.core.security.filters.ISO_8859_1
94   */
95  public class Filter {
96  
97      int maxReplaceLength = 0;
98      FilterTree parseTree = null;
99      FilterTree stripTree = null;
100 
101     /**
102      *
103      */
104     public Filter() {
105         throw new InstantiationError  ("Base Class of Filter(<no arguments>) should never be called.");
106     } /* Filter() */
107 
108     /**
109      * Constructor that fills that creates and fills the replacementList.  The key of
110      * specialChars[i] maps to replacementStrings[i].  Thw two arrays must be of
111      * equal size.
112      *
113      * @param specialChars       - the array of special character Strings we need to filter.
114      * @param replacementStrings - the array of strings the special characters map
115      *                           to
116      * @throws IllegalArgumentException if specialChars.length()
117      *                                  != replacementStrings.length()
118      */
119     public Filter(String  [] specialChars, String  [] replacementStrings)
120             throws IllegalArgumentException   {
121         parseTree = new FilterTree();
122         stripTree = new FilterTree();
123 
124         try {
125             if (specialChars.length != replacementStrings.length) {
126                 throw new IllegalArgumentException  ("sepcialChars.length must be the" +
127                         " same as replacementChars.length");
128             }
129             for (int i = 0; i < specialChars.length; i++) {
130                 parseTree.addFilterString(specialChars[i],
131                         replacementStrings[i]);
132 
133                 //Filter all replacement strings by themselves.
134                 parseTree.addFilterString(replacementStrings[i],
135                         replacementStrings[i]);
136                 stripTree.addFilterString(specialChars[i], (""));
137             }
138         } catch (Exception   e) {
139             throw new IllegalArgumentException  ("Error Instantiating Filter: " +
140                     e.getMessage());
141         }
142     } /* Filter(char, String) */
143 
144     /**
145      * rawFilter actually doesn't do anything  its simply
146      * returns an exact copy of the original.  This has to be used
147      * for things like content management issues
148      *
149      * @param data The String to scan.
150      * @return The filtered string
151      */
152     public String   rawFilter(String   data) {
153         return (data);
154     } /* rawFilter(String) */
155 
156     /**
157      * This filter HTML encodes all special characters defined by the replacement
158      * list.  If a particular character doesn't exist in the map, then the chracter
159      * is passed appended into the result set.
160      * <p/>
161      * If it does exist, then the value the special character maps to is appended
162      * into the list instead.
163      *
164      * @param data The string to encode.
165      * @return The filtered string
166      */
167     public String   standardFilter(String   data) {
168         return parseTree.replaceFilter(data.toCharArray());
169     } /* standardFilter(String) */
170 
171     /**
172      * This filter strips out all special characters defined by the replacement
173      * list.  If a particular character doesn't exist in the map, then the chracter
174      * is passed appended into the result set.
175      * <p/>
176      * If it does exist, then a space is appended to the string
177      *
178      * @param data The string to scan.
179      * @return The filtered string
180      */
181     public String   stripFilter(String   data) {
182         return stripTree.replaceFilter(data.toCharArray());
183     } /* stripFilter(String) */
184 
185 } /* Filter */
186
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags