KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > invocation > http > servlet > ReadOnlyAccessFilter


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.invocation.http.servlet;
23
24 import java.io.IOException JavaDoc;
25 import java.io.ObjectInputStream JavaDoc;
26 import java.lang.reflect.Method JavaDoc;
27 import java.security.Principal JavaDoc;
28 import java.util.Map JavaDoc;
29 import javax.management.MBeanServer JavaDoc;
30 import javax.management.ObjectName JavaDoc;
31 import javax.servlet.Filter JavaDoc;
32 import javax.servlet.FilterChain JavaDoc;
33 import javax.servlet.FilterConfig JavaDoc;
34 import javax.servlet.ServletException JavaDoc;
35 import javax.servlet.ServletInputStream JavaDoc;
36 import javax.servlet.ServletRequest JavaDoc;
37 import javax.servlet.ServletResponse JavaDoc;
38 import javax.servlet.http.HttpServletRequest JavaDoc;
39
40 import org.jboss.invocation.MarshalledInvocation;
41 import org.jboss.logging.Logger;
42 import org.jboss.mx.util.MBeanServerLocator;
43
44 /** A serlvet filter that enforces read-only access to a single context
45  * given by the readOnlyContext init-parameter.
46  *
47  * @author Scott.Stark@jboss.org
48  * @version $Revision: 37459 $
49  */
50 public class ReadOnlyAccessFilter implements Filter JavaDoc
51 {
52    private static Logger log = Logger.getLogger(ReadOnlyAccessFilter.class);
53    private FilterConfig JavaDoc filterConfig = null;
54    private String JavaDoc readOnlyContext;
55    private Map JavaDoc namingMethodMap;
56
57    /** Init method for this filter
58     */
59    public void init(FilterConfig JavaDoc filterConfig)
60       throws ServletException JavaDoc
61    {
62       this.filterConfig = filterConfig;
63       if (filterConfig != null)
64       {
65          readOnlyContext = filterConfig.getInitParameter("readOnlyContext");
66          String JavaDoc invokerName = filterConfig.getInitParameter("invokerName");
67          try
68          {
69             // Get the Naming interface method map from the invoker
70 MBeanServer JavaDoc mbeanServer = MBeanServerLocator.locateJBoss();
71             ObjectName JavaDoc mbean = new ObjectName JavaDoc(invokerName);
72             namingMethodMap = (Map JavaDoc) mbeanServer.getAttribute(mbean, "MethodMap");
73          }
74          catch(Exception JavaDoc e)
75          {
76             log.error("Failed to init ReadOnlyAccessFilter", e);
77             throw new ServletException JavaDoc("Failed to init ReadOnlyAccessFilter", e);
78          }
79       }
80    }
81
82    /** Intercept requests and validate that requests to the NamingService
83     *
84     * @param request The servlet request we are processing
85     * @param result The servlet response we are creating
86     * @param chain The filter chain we are processing
87     *
88     * @exception IOException if an input/output error occurs
89     * @exception ServletException if a servlet error occurs
90     */
91    public void doFilter(ServletRequest JavaDoc request, ServletResponse JavaDoc response,
92       FilterChain JavaDoc chain)
93       throws IOException JavaDoc, ServletException JavaDoc
94    {
95       HttpServletRequest JavaDoc httpRequest = (HttpServletRequest JavaDoc) request;
96       Principal JavaDoc user = httpRequest.getUserPrincipal();
97       // If there was a read-only context specified validate access
98 if( user == null && readOnlyContext != null )
99       {
100          // Extract the invocation
101 ServletInputStream JavaDoc sis = request.getInputStream();
102          ObjectInputStream JavaDoc ois = new ObjectInputStream JavaDoc(sis);
103          MarshalledInvocation mi = null;
104          try
105          {
106             mi = (MarshalledInvocation) ois.readObject();
107          }
108          catch(ClassNotFoundException JavaDoc e)
109          {
110             throw new ServletException JavaDoc("Failed to read MarshalledInvocation", e);
111          }
112          request.setAttribute("MarshalledInvocation", mi);
113          /* Get the invocation method. If there is no method then this must
114             be an invocation on an mbean other than our invoker so let it go
115          */
116          mi.setMethodMap(namingMethodMap);
117          Method JavaDoc m = mi.getMethod();
118          if( m != null )
119             validateAccess(m, mi);
120       }
121
122       chain.doFilter(request, response);
123    }
124
125    public void destroy()
126    {
127    }
128
129    /** Return a String representation of the filter
130     */
131    public String JavaDoc toString()
132    {
133       if (filterConfig == null)
134          return ("NamingAccessFilter()");
135       StringBuffer JavaDoc sb = new StringBuffer JavaDoc("NamingAccessFilter(");
136       sb.append(filterConfig);
137       sb.append(")");
138       return sb.toString();
139    }
140
141    private void validateAccess(Method JavaDoc m, MarshalledInvocation mi)
142       throws ServletException JavaDoc
143    {
144       boolean trace = log.isTraceEnabled();
145       if( trace )
146          log.trace("Checking against readOnlyContext: "+readOnlyContext);
147       String JavaDoc methodName = m.getName();
148       if( methodName.equals("lookup") == false )
149          throw new ServletException JavaDoc("Only lookups against "+readOnlyContext+" are allowed");
150       // Validate this is a lookup under readOnlyContext
151 Object JavaDoc[] args = mi.getArguments();
152       Object JavaDoc arg = args.length > 0 ? args[0] : "";
153       String JavaDoc name;
154       if( arg instanceof String JavaDoc )
155          name = (String JavaDoc) arg;
156       else
157          name = arg.toString();
158       if( trace )
159          log.trace("Checking lookup("+name+") against: "+readOnlyContext);
160       if( name.startsWith(readOnlyContext) == false )
161          throw new ServletException JavaDoc("Lookup("+name+") is not under: "+readOnlyContext);
162    }
163 }
164
Popular Tags