Java > Open Source Codes > org > roller > presentation > tags > SecureTag


1 package org.roller.presentation.tags;
2
3 import javax.servlet.ServletContext ;
4 import javax.servlet.http.HttpServletRequest ;
5 import javax.servlet.http.HttpServletResponse ;
6 import javax.servlet.jsp.JspException ;
7 import javax.servlet.jsp.tagext.BodyTagSupport ;
8 import org.apache.commons.logging.Log;
9 import org.apache.commons.logging.LogFactory;
10 import org.roller.config.RollerConfig;
11 import org.roller.presentation.RollerContext;
12 import org.roller.presentation.util.SslUtil;
13
14 /**
15  * This tag library is designed to be used on a JSP to switch HTTP -> HTTPS
16  * protocols and vise versa.
17  *
18  * If you want to force the page to be viewed in SSL, then you would do
19  * something like this: <br />
20  * <br />
21  *
22  * <pre>
23  * &lt;tag:secure /&gt;
24  * or
25  * &lt;tag:secure mode=&quot;secured&quot; /&gt;
26  * </pre>
27  *
28  * If you want the force the page to be viewed in over standard http, then you
29  * would do something like: <br />
30  *
31  * <pre>
32  * &lt;tag:secure mode=&quot;unsecured&quot; /&gt;
33  * </pre>
34  *
35  * @jsp.tag name="secure" bodycontent="empty"
36  * @author <a HREF="mailto:jon.lipsky@xesoft.com">Jon Lipsky</a>
37  *
38  * Contributed by:
39  * XEsoft GmbH Oskar-Messter-Strasse 18 85737 Ismaning, Germany
40  * http://www.xesoft.com
41  */
42 public class SecureTag extends BodyTagSupport
43 {
44     private static Log mLogger =
45         LogFactory.getFactory().getInstance(SecureTag.class);
46
47     //~ Static fields/initializers
48 // =============================================
49 public static final String MODE_SECURED = "secured";
50     public static final String MODE_UNSECURED = "unsecured";
51     public static final String MODE_EITHER = "either";
52     //~ Instance fields
53 // ========================================================
54 private Log log = LogFactory.getLog(SecureTag.class);
55     protected String TAG_NAME = "Secure";
56     private String mode = MODE_SECURED;
57     private String httpPort = null;
58     private String httpsPort = null;
59     private String httpsHeaderName = null;
60     private String httpsHeaderValue = null;
61
62     //~ Methods
63 // ================================================================
64 /**
65      * Sets the mode attribute. This is included in the tld file.
66      *
67      * @jsp.attribute description="The mode attribute (secure | unsecured)"
68      * required="false" rtexprvalue="true"
69      */
70     public void setMode(String aMode)
71     {
72         mode = aMode;
73     }
74
75     public int doStartTag() throws JspException
76     {
77         // get the port numbers
78 ServletContext ctx = pageContext.getServletContext();
79         httpPort = RollerConfig.getProperty("securelogin.http.port");
80         if (httpPort == null)
81         {
82             httpPort = SslUtil.STD_HTTP_PORT;
83         }
84         httpsPort = RollerConfig.getProperty("securelogin.https.port");
85         if (httpsPort == null)
86         {
87             httpsPort = SslUtil.STD_HTTPS_PORT;
88         }
89         httpsHeaderName = RollerConfig.getProperty("securelogin.https.headername");
90         httpsHeaderValue = RollerConfig.getProperty("securelogin.https.headervalue");
91         return SKIP_BODY;
92     }
93
94     public int doAfterBody() throws JspException
95     {
96         return SKIP_BODY;
97     }
98
99     public int doEndTag() throws JspException
100     {
101         HttpServletRequest req = (HttpServletRequest )pageContext.getRequest();
102         if (mode.equalsIgnoreCase(MODE_SECURED))
103         {
104             if (!isSecure((HttpServletRequest )pageContext.getRequest()))
105             {
106                 String vQueryString = req.getQueryString();
107                 String vPageUrl = req.getRequestURI();
108                 String vServer = req.getServerName();
109                 StringBuffer vRedirect = new StringBuffer ("");
110                 vRedirect.append("https://");
111                 if (httpsPort == null || httpsPort.trim().length()==0
112                         || httpsPort.equals(SslUtil.STD_HTTPS_PORT))
113                 {
114                     vRedirect.append(vServer + vPageUrl);
115                 }
116                 else
117                 {
118                     vRedirect.append(vServer + ":" + httpsPort + vPageUrl);
119                 }
120                 if (vQueryString != null)
121                 {
122                     vRedirect.append("?");
123                     vRedirect.append(vQueryString);
124                 }
125                 if (log.isDebugEnabled())
126                 {
127                     log.debug("attempting to redirect to: " + vRedirect);
128                 }
129                 try
130                 {
131                     ((HttpServletResponse ) pageContext.getResponse())
132                                     .sendRedirect(vRedirect.toString());
133                     return SKIP_PAGE;
134                 }
135                 catch (Exception exc2)
136                 {
137                     mLogger.error(exc2);
138                     throw new JspException (exc2);
139                 }
140             }
141         }
142         else if (mode.equalsIgnoreCase(MODE_UNSECURED))
143         {
144             if (isSecure((HttpServletRequest )pageContext.getRequest()))
145             {
146                 String vQueryString = req.getQueryString();
147                 String vPageUrl = req.getRequestURI();
148                 String vServer = req.getServerName();
149                 StringBuffer vRedirect = new StringBuffer ("");
150                 vRedirect.append("http://");
151                 if (!httpPort.equals(SslUtil.STD_HTTP_PORT))
152                 {
153                     vRedirect.append(vServer + ":" + httpPort + vPageUrl);
154                 }
155                 else
156                 {
157                     vRedirect.append(vServer + vPageUrl);
158                 }
159                 if (vQueryString != null)
160                 {
161                     vRedirect.append("?");
162                     vRedirect.append(vQueryString);
163                 }
164                 try
165                 {
166                     ((HttpServletResponse ) pageContext.getResponse())
167                                     .sendRedirect(vRedirect.toString());
168                     return SKIP_PAGE;
169                 }
170                 catch (Exception exc2)
171                 {
172                     throw new JspException (exc2.getMessage());
173                 }
174             }
175         }
176         else if (mode.equalsIgnoreCase(MODE_EITHER))
177         {
178             return EVAL_PAGE;
179         }
180         else
181         {
182             throw new JspException ("Illegal value for the attribute mode: "
183                             + mode);
184         }
185         return EVAL_PAGE;
186     }
187     
188     /**
189      * Test for HTTPS connection by using request.isSecure() or,
190      * if httpsHeaderName is set, test for reqest header instead.
191      * If httpsHeaderValue is also set, test for that specific value.
192      */
193     private boolean isSecure(HttpServletRequest request)
194     {
195         boolean secure = false;
196         if (httpsHeaderName == null)
197         {
198             secure = request.isSecure();
199         }
200         else
201         {
202             String headerValue = request.getHeader(httpsHeaderName);
203             if (headerValue != null && headerValue.trim().length() > 0)
204             {
205                 secure = httpsHeaderValue==null || httpsHeaderValue.equals(headerValue);
206             }
207         }
208         mLogger.debug("Connection secure="+secure);
209         return secure;
210     }
211 }

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags