1 package org.roller.presentation.filters; 2 3 import org.apache.commons.logging.Log; 4 import org.apache.commons.logging.LogFactory; 5 import org.roller.model.RefererManager; 6 import org.roller.presentation.RollerContext; 7 import org.roller.presentation.RollerRequest; 8 9 import java.io.IOException ; 10 11 import javax.servlet.Filter ; 12 import javax.servlet.FilterChain ; 13 import javax.servlet.FilterConfig ; 14 import javax.servlet.ServletException ; 15 import javax.servlet.ServletRequest ; 16 import javax.servlet.ServletResponse ; 17 import javax.servlet.http.HttpServletRequest ; 18 import javax.servlet.http.HttpServletResponse ; 19 20 21 22 30 public class RefererFilter implements Filter 31 { 32 private FilterConfig mFilterConfig = null; 33 private static Log mLogger = 34 LogFactory.getFactory().getInstance(RefererFilter.class); 35 36 39 public void destroy() 40 { 41 } 42 43 46 public void doFilter( 47 ServletRequest req, ServletResponse res, FilterChain chain) 48 throws IOException , ServletException 49 { 50 HttpServletRequest request = (HttpServletRequest )req; 51 boolean isRefSpammer = false; 52 try 53 { 54 RollerRequest rreq = RollerRequest.getRollerRequest(request); 55 RollerContext rctx = RollerContext.getRollerContext( 56 mFilterConfig.getServletContext()); 57 58 if ( rreq.getUser() != null ) 59 { 60 String userName = rreq.getUser().getUserName(); 61 62 String basePageUrlWWW = 64 rctx.getAbsoluteContextUrl(request)+"/page/"+userName; 65 String basePageUrl = basePageUrlWWW; 66 if ( basePageUrlWWW.startsWith("http://www.") ) 67 { 68 basePageUrl = "http://"+basePageUrlWWW.substring(11); 70 } 71 72 String baseCommentsUrlWWW = 74 rctx.getAbsoluteContextUrl(request)+"/comments/"+userName; 75 String baseCommentsUrl = baseCommentsUrlWWW; 76 if ( baseCommentsUrlWWW.startsWith("http://www.") ) 77 { 78 baseCommentsUrl= "http://"+baseCommentsUrlWWW.substring(11); 80 } 81 82 String referer = request.getHeader("Referer"); 85 if ( referer==null || 86 ( 87 !referer.startsWith( basePageUrl ) 88 && !referer.startsWith( basePageUrlWWW ) 89 && !referer.startsWith( baseCommentsUrl ) 90 && !referer.startsWith( baseCommentsUrlWWW ) 91 ) 92 ) 93 { 94 RefererManager refMgr = 95 rreq.getRoller().getRefererManager(); 96 isRefSpammer = refMgr.processRequest(rreq); 97 } 98 else 99 { 100 if (mLogger.isDebugEnabled()) 101 { 102 mLogger.debug("Ignoring referer="+referer); 103 } 104 } 105 } 106 } 107 catch (Exception e) 108 { 109 mLogger.error("Processing referer",e); 110 } 111 112 if (isRefSpammer) 113 { 114 HttpServletResponse response = (HttpServletResponse )res; 115 response.sendError(HttpServletResponse.SC_FORBIDDEN); 116 } 117 else 118 { 119 chain.doFilter(req, res); 120 } 121 } 122 123 126 public void init(FilterConfig filterConfig) throws ServletException 127 { 128 mFilterConfig = filterConfig; 129 } 130 } 131 | Popular Tags |