1 18 23 24 package org.apache.roller.ui.core.filters; 25 26 import java.io.IOException ; 27 import java.util.HashSet ; 28 import java.util.Iterator ; 29 import java.util.Set ; 30 import javax.servlet.Filter ; 31 import javax.servlet.FilterChain ; 32 import javax.servlet.FilterConfig ; 33 import javax.servlet.ServletException ; 34 import javax.servlet.ServletRequest ; 35 import javax.servlet.ServletResponse ; 36 import javax.servlet.http.HttpServletRequest ; 37 import javax.servlet.http.HttpServletResponse ; 38 import org.apache.commons.logging.Log; 39 import org.apache.commons.logging.LogFactory; 40 import org.apache.roller.config.RollerConfig; 41 42 43 51 public class SchemeEnforcementFilter implements Filter { 52 53 private static Log mLogger = 54 LogFactory.getLog(SchemeEnforcementFilter.class); 55 56 private FilterConfig filterConfig = null; 57 58 private boolean schemeEnforcementEnabled = false; 59 private boolean secureLoginEnabled = false; 60 private int httpPort = 80; 61 private int httpsPort = 443; 62 private String httpsHeaderName = null; 63 private String httpsHeaderValue = null; 64 65 private Set allowedUrls = new HashSet (); 66 67 68 76 public void doFilter(ServletRequest request, ServletResponse response, 77 FilterChain chain) 78 throws IOException , ServletException { 79 80 if(this.schemeEnforcementEnabled && this.secureLoginEnabled) { 81 82 HttpServletRequest req = (HttpServletRequest ) request; 83 HttpServletResponse res = (HttpServletResponse ) response; 84 85 mLogger.debug("checking path = "+req.getServletPath()); 86 87 if(!request.isSecure() && allowedUrls.contains(req.getServletPath())) { 88 String redirect = "https://"+req.getServerName(); 90 91 if(this.httpsPort != 443) 92 redirect += ":"+this.httpsPort; 93 94 redirect += req.getRequestURI(); 95 96 if(req.getQueryString() != null) 97 redirect += "?"+req.getQueryString(); 98 99 mLogger.debug("Redirecting to "+redirect); 100 res.sendRedirect(redirect); 101 return; 102 103 } else if(request.isSecure() && !allowedUrls.contains(req.getServletPath())) { 104 String redirect = "http://"+req.getServerName(); 106 107 if(this.httpPort != 80) 108 redirect += ":"+this.httpPort; 109 110 redirect += req.getRequestURI(); 111 112 if(req.getQueryString() != null) 113 redirect += "?"+req.getQueryString(); 114 115 mLogger.debug("Redirecting to "+redirect); 116 res.sendRedirect(redirect); 117 return; 118 } 119 } 120 121 chain.doFilter(request, response); 122 } 123 124 125 public void destroy() {} 126 127 128 133 public void init(FilterConfig filterConfig) { 134 this.filterConfig = filterConfig; 135 136 this.schemeEnforcementEnabled = 138 RollerConfig.getBooleanProperty("schemeenforcement.enabled"); 139 this.secureLoginEnabled = 140 RollerConfig.getBooleanProperty("securelogin.enabled"); 141 142 if(this.schemeEnforcementEnabled && this.secureLoginEnabled) { 143 String http_port = 145 RollerConfig.getProperty("securelogin.http.port"); 146 String https_port = 147 RollerConfig.getProperty("securelogin.https.port"); 148 149 try { 150 this.httpPort = Integer.parseInt(http_port); 151 this.httpsPort = Integer.parseInt(https_port); 152 } catch(NumberFormatException nfe) { 153 mLogger.warn("error with secure login ports", nfe); 155 } 156 157 String urls = 159 RollerConfig.getProperty("schemeenforcement.https.urls"); 160 String [] urlsArray = urls.split(","); 161 for(int i=0; i < urlsArray.length; i++) 162 this.allowedUrls.add(urlsArray[i]); 163 164 mLogger.info("Scheme enforcement = enabled"); 166 if(mLogger.isDebugEnabled()) { 167 mLogger.debug("allowed urls are:"); 168 for(Iterator it = this.allowedUrls.iterator(); it.hasNext();) 169 mLogger.debug(it.next()); 170 } 171 } 172 } 173 174 } 175 | Popular Tags |