1 package org.roller.presentation.tags; 2 3 import javax.servlet.ServletContext ; 4 import javax.servlet.http.HttpServletRequest ; 5 import javax.servlet.http.HttpServletResponse ; 6 import javax.servlet.jsp.JspException ; 7 import javax.servlet.jsp.tagext.BodyTagSupport ; 8 import org.apache.commons.logging.Log; 9 import org.apache.commons.logging.LogFactory; 10 import org.roller.config.RollerConfig; 11 import org.roller.presentation.RollerContext; 12 import org.roller.presentation.util.SslUtil; 13 14 42 public class SecureTag extends BodyTagSupport 43 { 44 private static Log mLogger = 45 LogFactory.getFactory().getInstance(SecureTag.class); 46 47 public static final String MODE_SECURED = "secured"; 50 public static final String MODE_UNSECURED = "unsecured"; 51 public static final String MODE_EITHER = "either"; 52 private Log log = LogFactory.getLog(SecureTag.class); 55 protected String TAG_NAME = "Secure"; 56 private String mode = MODE_SECURED; 57 private String httpPort = null; 58 private String httpsPort = null; 59 private String httpsHeaderName = null; 60 private String httpsHeaderValue = null; 61 62 70 public void setMode(String aMode) 71 { 72 mode = aMode; 73 } 74 75 public int doStartTag() throws JspException 76 { 77 ServletContext ctx = pageContext.getServletContext(); 79 httpPort = RollerConfig.getProperty("securelogin.http.port"); 80 if (httpPort == null) 81 { 82 httpPort = SslUtil.STD_HTTP_PORT; 83 } 84 httpsPort = RollerConfig.getProperty("securelogin.https.port"); 85 if (httpsPort == null) 86 { 87 httpsPort = SslUtil.STD_HTTPS_PORT; 88 } 89 httpsHeaderName = RollerConfig.getProperty("securelogin.https.headername"); 90 httpsHeaderValue = RollerConfig.getProperty("securelogin.https.headervalue"); 91 return SKIP_BODY; 92 } 93 94 public int doAfterBody() throws JspException 95 { 96 return SKIP_BODY; 97 } 98 99 public int doEndTag() throws JspException 100 { 101 HttpServletRequest req = (HttpServletRequest )pageContext.getRequest(); 102 if (mode.equalsIgnoreCase(MODE_SECURED)) 103 { 104 if (!isSecure((HttpServletRequest )pageContext.getRequest())) 105 { 106 String vQueryString = req.getQueryString(); 107 String vPageUrl = req.getRequestURI(); 108 String vServer = req.getServerName(); 109 StringBuffer vRedirect = new StringBuffer (""); 110 vRedirect.append("https://"); 111 if (httpsPort == null || httpsPort.trim().length()==0 112 || httpsPort.equals(SslUtil.STD_HTTPS_PORT)) 113 { 114 vRedirect.append(vServer + vPageUrl); 115 } 116 else 117 { 118 vRedirect.append(vServer + ":" + httpsPort + vPageUrl); 119 } 120 if (vQueryString != null) 121 { 122 vRedirect.append("?"); 123 vRedirect.append(vQueryString); 124 } 125 if (log.isDebugEnabled()) 126 { 127 log.debug("attempting to redirect to: " + vRedirect); 128 } 129 try 130 { 131 ((HttpServletResponse ) pageContext.getResponse()) 132 .sendRedirect(vRedirect.toString()); 133 return SKIP_PAGE; 134 } 135 catch (Exception exc2) 136 { 137 mLogger.error(exc2); 138 throw new JspException (exc2); 139 } 140 } 141 } 142 else if (mode.equalsIgnoreCase(MODE_UNSECURED)) 143 { 144 if (isSecure((HttpServletRequest )pageContext.getRequest())) 145 { 146 String vQueryString = req.getQueryString(); 147 String vPageUrl = req.getRequestURI(); 148 String vServer = req.getServerName(); 149 StringBuffer vRedirect = new StringBuffer (""); 150 vRedirect.append("http://"); 151 if (!httpPort.equals(SslUtil.STD_HTTP_PORT)) 152 { 153 vRedirect.append(vServer + ":" + httpPort + vPageUrl); 154 } 155 else 156 { 157 vRedirect.append(vServer + vPageUrl); 158 } 159 if (vQueryString != null) 160 { 161 vRedirect.append("?"); 162 vRedirect.append(vQueryString); 163 } 164 try 165 { 166 ((HttpServletResponse ) pageContext.getResponse()) 167 .sendRedirect(vRedirect.toString()); 168 return SKIP_PAGE; 169 } 170 catch (Exception exc2) 171 { 172 throw new JspException (exc2.getMessage()); 173 } 174 } 175 } 176 else if (mode.equalsIgnoreCase(MODE_EITHER)) 177 { 178 return EVAL_PAGE; 179 } 180 else 181 { 182 throw new JspException ("Illegal value for the attribute mode: " 183 + mode); 184 } 185 return EVAL_PAGE; 186 } 187 188 193 private boolean isSecure(HttpServletRequest request) 194 { 195 boolean secure = false; 196 if (httpsHeaderName == null) 197 { 198 secure = request.isSecure(); 199 } 200 else 201 { 202 String headerValue = request.getHeader(httpsHeaderName); 203 if (headerValue != null && headerValue.trim().length() > 0) 204 { 205 secure = httpsHeaderValue==null || httpsHeaderValue.equals(headerValue); 206 } 207 } 208 mLogger.debug("Connection secure="+secure); 209 return secure; 210 } 211 } | Popular Tags |