diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-21 00:46:26 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-21 00:46:26 +0000 |
commit | e4459d65fc1eb4369a50e377423e58fca27f9ec3 (patch) | |
tree | b3dc499893fce2779022a88c931aee41c789090d /pki/base/common/src/com/netscape/cms/servlet/filter | |
parent | 952d12037313e4fbc4abf4614e8cf6b5d6feb55a (diff) | |
download | pki-e4459d65fc1eb4369a50e377423e58fca27f9ec3.tar.gz pki-e4459d65fc1eb4369a50e377423e58fca27f9ec3.tar.xz pki-e4459d65fc1eb4369a50e377423e58fca27f9ec3.zip |
Bugzilla Bug #490489 - Configuration modifications are not replicated between
admins, agents, and end entities
Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports"
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@316 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/filter')
4 files changed, 411 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java new file mode 100644 index 000000000..1a94cb295 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -0,0 +1,101 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2009 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.filter; + +import javax.servlet.http.*; +import javax.servlet.*; +import com.netscape.certsrv.apps.*; + +public class AdminRequestFilter implements Filter +{ + private static final String HTTPS_SCHEME = "https"; + private static final String HTTPS_PORT = "https_port"; + private static final String HTTPS_ROLE = "Admin"; + + private FilterConfig config; + + /* Create a new AdminRequestFilter */ + public AdminRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { + this.config = filterConfig; + } + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { + String filterName = getClass().getName(); + + String scheme = null; + int port = 0; + + String request_port = null; + String param_https_port = null; + String msg = null; + + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; + + // RFC 1738: verify that scheme is "https" + scheme = request.getScheme(); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + return; + } + + // Always obtain an "https" port from request + port = request.getServerPort(); + request_port = Integer.toString( port ); + + // Always obtain the "https" port passed in as a parameter + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; + } + + // Compare the request and param "https" ports + if( ! param_https_port.equals( request_port ) ) { + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } + } + + chain.doFilter( request, response ); + } + + public void destroy() + { + } +} + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java new file mode 100644 index 000000000..542ca4232 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -0,0 +1,101 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2009 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.filter; + +import javax.servlet.http.*; +import javax.servlet.*; +import com.netscape.certsrv.apps.*; + +public class AgentRequestFilter implements Filter +{ + private static final String HTTPS_SCHEME = "https"; + private static final String HTTPS_PORT = "https_port"; + private static final String HTTPS_ROLE = "Agent"; + + private FilterConfig config; + + /* Create a new AgentRequestFilter */ + public AgentRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { + this.config = filterConfig; + } + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { + String filterName = getClass().getName(); + + String scheme = null; + int port = 0; + + String request_port = null; + String param_https_port = null; + String msg = null; + + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; + + // RFC 1738: verify that scheme is "https" + scheme = request.getScheme(); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + return; + } + + // Always obtain an "https" port from request + port = request.getServerPort(); + request_port = Integer.toString( port ); + + // Always obtain the "https" port passed in as a parameter + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; + } + + // Compare the request and param "https" ports + if( ! param_https_port.equals( request_port ) ) { + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } + } + + chain.doFilter( request, response ); + } + + public void destroy() + { + } +} + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java new file mode 100644 index 000000000..1f93e080f --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -0,0 +1,131 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2009 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.filter; + +import javax.servlet.http.*; +import javax.servlet.*; +import com.netscape.certsrv.apps.*; + +public class EERequestFilter implements Filter +{ + private static final String HTTP_SCHEME = "http"; + private static final String HTTP_PORT = "http_port"; + private static final String HTTP_ROLE = "EE"; + private static final String HTTPS_SCHEME = "https"; + private static final String HTTPS_PORT = "https_port"; + private static final String HTTPS_ROLE = "EE"; + + private FilterConfig config; + + /* Create a new EERequestFilter */ + public EERequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { + this.config = filterConfig; + } + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { + String filterName = getClass().getName(); + + String scheme = null; + int port = 0; + + String request_port = null; + String param_http_port = null; + String param_https_port = null; + String msg = null; + + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; + + // RFC 1738: verify that scheme is either "http" or "https" + scheme = request.getScheme(); + if( ( ! scheme.equals( HTTP_SCHEME ) ) && + ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + msg = "The scheme MUST be either '" + HTTP_SCHEME + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + return; + } + + // Always obtain either an "http" or an "https" port from request + port = request.getServerPort(); + request_port = Integer.toString( port ); + + // Always obtain the "http" port passed in as a parameter + param_http_port = config.getInitParameter( HTTP_PORT ); + if( param_http_port == null ) { + msg = "The <param-name> '" + HTTP_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; + } + + // Always obtain the "https" port passed in as a parameter + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; + } + + // If the scheme is "http", compare + // the request and param "http" ports; + // otherwise, if the scheme is "https", compare + // the request and param "https" ports + if( scheme.equals( HTTP_SCHEME ) ) { + if( ! param_http_port.equals( request_port ) ) { + msg = "Use HTTP port '" + param_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } + } else if( scheme.equals( HTTPS_SCHEME ) ) { + if( ! param_https_port.equals( request_port ) ) { + msg = "Use HTTPS port '" + param_https_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + return; + } + } + } + + chain.doFilter( request, response ); + } + + public void destroy() + { + } +} + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/PassThroughRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/PassThroughRequestFilter.java new file mode 100644 index 000000000..a47888442 --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/PassThroughRequestFilter.java @@ -0,0 +1,78 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2009 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.filter; + +import javax.servlet.http.*; +import javax.servlet.*; +import com.netscape.certsrv.apps.*; + +public class PassThroughRequestFilter implements Filter +{ + /* Create a new PassThroughRequestFilter */ + public PassThroughRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { + } + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { + // Simply pass-through this request without filtering it . . . + // + // NOTE: This "do-nothing" filter is ONLY provided since + // individual servlets can not be "excluded" from within + // the <url-pattern></url-pattern> parameters, thus + // disallowing the use of a '*' wildcard parameter + // on certain filters. + // + // Therefore, since servlets MUST be specified individually + // by such filters, this pass-through filter was created to + // contain those servlets which would otherwise simply be + // "excluded". Although this could also be accomplished + // by merely performing "exclusion by lack of inclusion", + // the existance of a pass-through filter allows the + // EXPLICIT identification of servlets which MUST NOT + // have any filters run against them. + // + + String filterName = getClass().getName(); + + String servlet = null; + String msg = null; + + if( request instanceof HttpServletRequest ) { + HttpServletRequest req = ( HttpServletRequest ) request; + + servlet = req.getServletPath(); + msg = "Excluding filtering on servlet called '" + servlet + "'!"; + CMS.debug( filterName + ": " + msg ); + } + + chain.doFilter( request, response ); + } + + public void destroy() + { + } +} + |