diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java | 87 |
1 files changed, 40 insertions, 47 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 8b53c6c61..023d20dd1 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter -{ +public class EEClientAuthRequestFilter implements Filter { private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() {} - - public void init( FilterConfig filterConfig ) - throws ServletException - { + public EEClientAuthRequestFilter() { + } + + public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } - - public void doFilter( ServletRequest request, - ServletResponse response, - FilterChain chain ) - throws java.io.IOException, - ServletException - { + + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws java.io.IOException, ServletException { String filterName = getClass().getName(); String scheme = null; @@ -64,32 +58,32 @@ public class EEClientAuthRequestFilter implements Filter String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter( "active"); + param_active = config.getInitParameter("active"); - if( request instanceof HttpServletRequest ) { - HttpServletResponse resp = ( HttpServletResponse ) response; + if (request instanceof HttpServletRequest) { + HttpServletResponse resp = (HttpServletResponse) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if( ! scheme.equals( HTTPS_SCHEME ) ) { - msg = "The scheme MUST be '" + HTTPS_SCHEME - + "', NOT '" + scheme + "'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + if (!scheme.equals(HTTPS_SCHEME)) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" + + scheme + "'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString( port ); + request_port = Integer.toString(port); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter( HTTPS_PORT ); - if( param_https_port == null ) { - msg = "The <param-name> '" + HTTPS_PORT - + "' </param-name> " + "MUST be specified in 'web.xml'!"; - CMS.debug( filterName + ": " + msg ); - resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + param_https_port = config.getInitParameter(HTTPS_PORT); + if (param_https_port == null) { + msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " + + "MUST be specified in 'web.xml'!"; + CMS.debug(filterName + ": " + msg); + resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); return; } @@ -97,41 +91,40 @@ public class EEClientAuthRequestFilter implements Filter boolean bad_port = false; // Compare the request and param "https" ports - if( ! param_https_port.equals( request_port ) ) { + if (!param_https_port.equals(request_port)) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug( filterName + ": " + msg ); - CMS.debug( filterName + ": uri is " + uri); - if ((param_active != null) &&(param_active.equals("false"))) { + CMS.debug(filterName + ": " + msg); + CMS.debug(filterName + ": uri is " + uri); + if ((param_active != null) + && (param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter( request, response ); + chain.doFilter(request, response); } - - public void destroy() - { + + public void destroy() { } } - |