KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > roller > ui > core > filters > SchemeEnforcementFilter


1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. The ASF licenses this file to You
4 * under the Apache License, Version 2.0 (the "License"); you may not
5 * use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License. For additional information regarding
15 * copyright in this work, please see the NOTICE file in the top level
16 * directory of this distribution.
17 */
18 /*
19  * SchemeEnforcementFilter.java
20  *
21  * Created on September 16, 2005, 3:17 PM
22  */
23
24 package org.apache.roller.ui.core.filters;
25
26 import java.io.IOException JavaDoc;
27 import java.util.HashSet JavaDoc;
28 import java.util.Iterator JavaDoc;
29 import java.util.Set JavaDoc;
30 import javax.servlet.Filter JavaDoc;
31 import javax.servlet.FilterChain JavaDoc;
32 import javax.servlet.FilterConfig JavaDoc;
33 import javax.servlet.ServletException JavaDoc;
34 import javax.servlet.ServletRequest JavaDoc;
35 import javax.servlet.ServletResponse JavaDoc;
36 import javax.servlet.http.HttpServletRequest JavaDoc;
37 import javax.servlet.http.HttpServletResponse JavaDoc;
38 import org.apache.commons.logging.Log;
39 import org.apache.commons.logging.LogFactory;
40 import org.apache.roller.config.RollerConfig;
41
42
43 /**
44  * The SchemeEnforcementFilter is provided for Roller sites that enable secure
45  * logins and want to ensure that only login urls are used under https.
46  *
47  * @author Allen Gilliland
48  *
49  * @web.filter name="SchemeEnforcementFilter"
50  */
51 public class SchemeEnforcementFilter implements Filter JavaDoc {
52     
53     private static Log mLogger =
54             LogFactory.getLog(SchemeEnforcementFilter.class);
55     
56     private FilterConfig JavaDoc filterConfig = null;
57     
58     private boolean schemeEnforcementEnabled = false;
59     private boolean secureLoginEnabled = false;
60     private int httpPort = 80;
61     private int httpsPort = 443;
62     private String JavaDoc httpsHeaderName = null;
63     private String JavaDoc httpsHeaderValue = null;
64     
65     private Set JavaDoc allowedUrls = new HashSet JavaDoc();
66     
67     
68     /**
69      * Process filter.
70      *
71      * We'll take the incoming request and first determine if this is a
72      * secure request. If the request is secure then we'll see if it matches
73      * one of the allowed secure urls, if not then we will redirect back out
74      * of https.
75      */
76     public void doFilter(ServletRequest JavaDoc request, ServletResponse JavaDoc response,
77                         FilterChain JavaDoc chain)
78             throws IOException JavaDoc, ServletException JavaDoc {
79         
80         if(this.schemeEnforcementEnabled && this.secureLoginEnabled) {
81             
82             HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc) request;
83             HttpServletResponse JavaDoc res = (HttpServletResponse JavaDoc) response;
84             
85             mLogger.debug("checking path = "+req.getServletPath());
86             
87             if(!request.isSecure() && allowedUrls.contains(req.getServletPath())) {
88                 // http insecure request that should be over https
89 String JavaDoc redirect = "https://"+req.getServerName();
90                 
91                 if(this.httpsPort != 443)
92                     redirect += ":"+this.httpsPort;
93                 
94                 redirect += req.getRequestURI();
95                 
96                 if(req.getQueryString() != null)
97                     redirect += "?"+req.getQueryString();
98                 
99                 mLogger.debug("Redirecting to "+redirect);
100                 res.sendRedirect(redirect);
101                 return;
102                 
103             } else if(request.isSecure() && !allowedUrls.contains(req.getServletPath())) {
104                 // https secure request that should be over http
105 String JavaDoc redirect = "http://"+req.getServerName();
106                 
107                 if(this.httpPort != 80)
108                     redirect += ":"+this.httpPort;
109                 
110                 redirect += req.getRequestURI();
111                 
112                 if(req.getQueryString() != null)
113                     redirect += "?"+req.getQueryString();
114                 
115                 mLogger.debug("Redirecting to "+redirect);
116                 res.sendRedirect(redirect);
117                 return;
118             }
119         }
120         
121         chain.doFilter(request, response);
122     }
123     
124     
125     public void destroy() {}
126     
127     
128     /**
129      * Filter init.
130      *
131      * We are just collecting init properties which we'll use for each request.
132      */
133     public void init(FilterConfig JavaDoc filterConfig) {
134         this.filterConfig = filterConfig;
135         
136         // determine if we are doing scheme enforcement
137 this.schemeEnforcementEnabled =
138                 RollerConfig.getBooleanProperty("schemeenforcement.enabled");
139         this.secureLoginEnabled =
140                 RollerConfig.getBooleanProperty("securelogin.enabled");
141         
142         if(this.schemeEnforcementEnabled && this.secureLoginEnabled) {
143             // gather some more properties
144 String JavaDoc http_port =
145                     RollerConfig.getProperty("securelogin.http.port");
146             String JavaDoc https_port =
147                     RollerConfig.getProperty("securelogin.https.port");
148             
149             try {
150                 this.httpPort = Integer.parseInt(http_port);
151                 this.httpsPort = Integer.parseInt(https_port);
152             } catch(NumberFormatException JavaDoc nfe) {
153                 // ignored ... guess we'll have to use the defaults
154 mLogger.warn("error with secure login ports", nfe);
155             }
156             
157             // finally, construct our list of allowable https urls
158 String JavaDoc urls =
159                     RollerConfig.getProperty("schemeenforcement.https.urls");
160             String JavaDoc[] urlsArray = urls.split(",");
161             for(int i=0; i < urlsArray.length; i++)
162                 this.allowedUrls.add(urlsArray[i]);
163             
164             // some logging for the curious
165 mLogger.info("Scheme enforcement = enabled");
166             if(mLogger.isDebugEnabled()) {
167                 mLogger.debug("allowed urls are:");
168                 for(Iterator JavaDoc it = this.allowedUrls.iterator(); it.hasNext();)
169                     mLogger.debug(it.next());
170             }
171         }
172     }
173     
174 }
175
Popular Tags