1 22 package org.jboss.invocation.http.servlet; 23 24 import java.io.IOException ; 25 import java.io.ObjectInputStream ; 26 import java.lang.reflect.Method ; 27 import java.security.Principal ; 28 import java.util.Map ; 29 import javax.management.MBeanServer ; 30 import javax.management.ObjectName ; 31 import javax.servlet.Filter ; 32 import javax.servlet.FilterChain ; 33 import javax.servlet.FilterConfig ; 34 import javax.servlet.ServletException ; 35 import javax.servlet.ServletInputStream ; 36 import javax.servlet.ServletRequest ; 37 import javax.servlet.ServletResponse ; 38 import javax.servlet.http.HttpServletRequest ; 39 40 import org.jboss.invocation.MarshalledInvocation; 41 import org.jboss.logging.Logger; 42 import org.jboss.mx.util.MBeanServerLocator; 43 44 50 public class ReadOnlyAccessFilter implements Filter 51 { 52 private static Logger log = Logger.getLogger(ReadOnlyAccessFilter.class); 53 private FilterConfig filterConfig = null; 54 private String readOnlyContext; 55 private Map namingMethodMap; 56 57 59 public void init(FilterConfig filterConfig) 60 throws ServletException 61 { 62 this.filterConfig = filterConfig; 63 if (filterConfig != null) 64 { 65 readOnlyContext = filterConfig.getInitParameter("readOnlyContext"); 66 String invokerName = filterConfig.getInitParameter("invokerName"); 67 try 68 { 69 MBeanServer mbeanServer = MBeanServerLocator.locateJBoss(); 71 ObjectName mbean = new ObjectName (invokerName); 72 namingMethodMap = (Map ) mbeanServer.getAttribute(mbean, "MethodMap"); 73 } 74 catch(Exception e) 75 { 76 log.error("Failed to init ReadOnlyAccessFilter", e); 77 throw new ServletException ("Failed to init ReadOnlyAccessFilter", e); 78 } 79 } 80 } 81 82 91 public void doFilter(ServletRequest request, ServletResponse response, 92 FilterChain chain) 93 throws IOException , ServletException 94 { 95 HttpServletRequest httpRequest = (HttpServletRequest ) request; 96 Principal user = httpRequest.getUserPrincipal(); 97 if( user == null && readOnlyContext != null ) 99 { 100 ServletInputStream sis = request.getInputStream(); 102 ObjectInputStream ois = new ObjectInputStream (sis); 103 MarshalledInvocation mi = null; 104 try 105 { 106 mi = (MarshalledInvocation) ois.readObject(); 107 } 108 catch(ClassNotFoundException e) 109 { 110 throw new ServletException ("Failed to read MarshalledInvocation", e); 111 } 112 request.setAttribute("MarshalledInvocation", mi); 113 116 mi.setMethodMap(namingMethodMap); 117 Method m = mi.getMethod(); 118 if( m != null ) 119 validateAccess(m, mi); 120 } 121 122 chain.doFilter(request, response); 123 } 124 125 public void destroy() 126 { 127 } 128 129 131 public String toString() 132 { 133 if (filterConfig == null) 134 return ("NamingAccessFilter()"); 135 StringBuffer sb = new StringBuffer ("NamingAccessFilter("); 136 sb.append(filterConfig); 137 sb.append(")"); 138 return sb.toString(); 139 } 140 141 private void validateAccess(Method m, MarshalledInvocation mi) 142 throws ServletException 143 { 144 boolean trace = log.isTraceEnabled(); 145 if( trace ) 146 log.trace("Checking against readOnlyContext: "+readOnlyContext); 147 String methodName = m.getName(); 148 if( methodName.equals("lookup") == false ) 149 throw new ServletException ("Only lookups against "+readOnlyContext+" are allowed"); 150 Object [] args = mi.getArguments(); 152 Object arg = args.length > 0 ? args[0] : ""; 153 String name; 154 if( arg instanceof String ) 155 name = (String ) arg; 156 else 157 name = arg.toString(); 158 if( trace ) 159 log.trace("Checking lookup("+name+") against: "+readOnlyContext); 160 if( name.startsWith(readOnlyContext) == false ) 161 throw new ServletException ("Lookup("+name+") is not under: "+readOnlyContext); 162 } 163 } 164 | Popular Tags |