KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > killingar > actions > PathActionSupport


1 /* Copyright 2000-2005 Anders Hovmöller
2  *
3  * The person or persons who have associated their work with
4  * this document (the "Dedicator") hereby dedicate the entire
5  * copyright in the work of authorship identified below (the
6  * "Work") to the public domain.
7  *
8  * Dedicator makes this dedication for the benefit of the
9  * public at large and to the detriment of Dedicator's heirs
10  * and successors. Dedicator intends this dedication to be an
11  * overt act of relinquishment in perpetuity of all present
12  * and future rights under copyright law, whether vested or
13  * contingent, in the Work. Dedicator understands that such
14  * relinquishment of all rights includes the relinquishment of
15  * all rights to enforce (by lawsuit or otherwise) those
16  * copyrights in the Work.
17  *
18  * Dedicator recognizes that, once placed in the public
19  * domain, the Work may be freely reproduced, distributed,
20  * transmitted, used, modified, built upon, or otherwise
21  * exploited by anyone for any purpose, commercial or non-
22  * commercial, and in any way, including by methods that have
23  * not yet been invented or conceived.
24  */
25
26 package net.killingar.actions;
27
28 import java.util.Properties JavaDoc;
29
30 public class PathActionSupport extends ActionSupport
31 {
32     // Types ---------------------------------------------------------
33
34     // Attributes ----------------------------------------------------
35 String JavaDoc path;
36     String JavaDoc realPath;
37
38     String JavaDoc[] permittedPaths;
39     String JavaDoc permittedPathsConcat;
40
41     // getters
42 public String JavaDoc getPath() { return path; }
43     public String JavaDoc getRealPath() { return realPath; }
44
45     // setters
46
47     // Implementation
48 public String JavaDoc execute() throws Exception JavaDoc
49     {
50         try
51         {
52             javax.servlet.http.HttpServletRequest JavaDoc req = webwork.action.ServletActionContext.getRequest();
53
54             boolean isInclude = false;
55             String JavaDoc uri;
56
57             uri = (String JavaDoc) req.getAttribute("javax.servlet.include.request_uri");
58             if (uri != null)
59                 isInclude = true;
60             else
61                 uri = req.getRequestURI();
62
63             StringBuffer JavaDoc cb = new StringBuffer JavaDoc();
64             String JavaDoc servletPath;
65
66             if (isInclude)
67                 servletPath = (String JavaDoc) req.getAttribute("javax.servlet.include.servlet_path");
68             else
69                 servletPath = req.getServletPath();
70
71             if (servletPath != null)
72                 cb.append(servletPath);
73
74             String JavaDoc pathInfo;
75             if (isInclude)
76                 pathInfo = (String JavaDoc) req.getAttribute("javax.servlet.include.path_info");
77             else
78                 pathInfo = req.getPathInfo();
79
80             if (pathInfo != null)
81                 cb.append(pathInfo);
82
83             String JavaDoc relPath = cb.toString();
84
85             String JavaDoc path = req.getRealPath(relPath);
86
87             if (!new java.io.File JavaDoc(path).isDirectory())
88             {
89                 relPath = relPath.substring(0, relPath.lastIndexOf('/'));
90                 path = req.getRealPath(relPath);
91             }
92
93             this.path = relPath;
94             this.realPath = path;
95
96             // access control
97 if (permittedPaths == null)
98             {
99                 Properties JavaDoc p = net.killingar.Utils.getProperties();
100                 permittedPathsConcat = p.getProperty(getClass().getName()+".permittedPaths", "");
101                 permittedPaths = permittedPathsConcat.split(",");
102             }
103
104             boolean accessGranted = false;
105             relPath += "/";
106       for (int i = 0; i < permittedPaths.length; i++)
107             {
108                 if (relPath.matches(permittedPaths[i]))
109                 {
110                     accessGranted = true;
111                     break;
112                 }
113             }
114
115             if (!accessGranted)
116                 throw new Exception JavaDoc("access denied to path "+this.path+" ("+getClass().toString()+")");//+" (valid paths for class "+getClass().getName()+": "+permittedPathsConcat+")");
117 }
118         catch (Exception JavaDoc e)
119         {
120             addErrorMessage("getting paths failed, exception thrown ("+e.toString()+")");
121             e.printStackTrace();
122
123             return ERROR;
124         }
125
126         return super.execute();
127     }
128 }
129
Popular Tags