diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/filter')
4 files changed, 211 insertions, 186 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java index 73f4e367c..bbfa4b399 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AdminRequestFilter implements Filter { +public class AdminRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Admin"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AdminRequestFilter */ - public AdminRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public AdminRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -58,32 +64,32 @@ public class AdminRequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the admin filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -91,30 +97,29 @@ public class AdminRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -123,9 +128,11 @@ public class AdminRequestFilter implements Filter { // CMS.debug("Exiting the admin filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java index c9c651b66..1ae44a646 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class AgentRequestFilter implements Filter { +public class AgentRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "Agent"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new AgentRequestFilter */ - public AgentRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public AgentRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -59,32 +65,32 @@ public class AgentRequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the agent filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -92,30 +98,29 @@ public class AgentRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -123,9 +128,11 @@ public class AgentRequestFilter implements Filter { } // CMS.debug("Exiting the Agent filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java index 023d20dd1..8b53c6c61 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java @@ -28,24 +28,30 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EEClientAuthRequestFilter implements Filter { +public class EEClientAuthRequestFilter implements Filter +{ private static final String HTTPS_SCHEME = "https"; private static final String HTTPS_PORT = "https_port"; private static final String HTTPS_ROLE = "EE Client Auth"; private static final String PROXY_PORT = "proxy_port"; private FilterConfig config; - + /* Create a new EEClientAuthRequestFilter */ - public EEClientAuthRequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public EEClientAuthRequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -58,32 +64,32 @@ public class EEClientAuthRequestFilter implements Filter { String param_proxy_port = null; // CMS.debug("Entering the EECA filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is "https" + // RFC 1738: verify that scheme is "https" scheme = request.getScheme(); - if (!scheme.equals(HTTPS_SCHEME)) { - msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '" - + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); + if( ! scheme.equals( HTTPS_SCHEME ) ) { + msg = "The scheme MUST be '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); return; } // Always obtain an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); return; } @@ -91,40 +97,41 @@ public class EEClientAuthRequestFilter implements Filter { boolean bad_port = false; // Compare the request and param "https" ports - if (!param_https_port.equals(request_port)) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } } } - // CMS.debug("exiting the EECA filter"); + // CMS.debug("exiting the EECA filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java index 2461f1a0b..f66cf0872 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java +++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java @@ -28,7 +28,8 @@ import javax.servlet.http.HttpServletResponse; import com.netscape.certsrv.apps.CMS; -public class EERequestFilter implements Filter { +public class EERequestFilter implements Filter +{ private static final String HTTP_SCHEME = "http"; private static final String HTTP_PORT = "http_port"; private static final String HTTP_ROLE = "EE"; @@ -39,17 +40,22 @@ public class EERequestFilter implements Filter { private static final String PROXY_HTTP_PORT = "proxy_http_port"; private FilterConfig config; - + /* Create a new EERequestFilter */ - public EERequestFilter() { - } - - public void init(FilterConfig filterConfig) throws ServletException { + public EERequestFilter() {} + + public void init( FilterConfig filterConfig ) + throws ServletException + { this.config = filterConfig; } - - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws java.io.IOException, ServletException { + + public void doFilter( ServletRequest request, + ServletResponse response, + FilterChain chain ) + throws java.io.IOException, + ServletException + { String filterName = getClass().getName(); String scheme = null; @@ -64,43 +70,45 @@ public class EERequestFilter implements Filter { String param_active = null; // CMS.debug("Entering the EE filter"); - param_active = config.getInitParameter("active"); + param_active = config.getInitParameter( "active"); - if (request instanceof HttpServletRequest) { - HttpServletResponse resp = (HttpServletResponse) response; + if( request instanceof HttpServletRequest ) { + HttpServletResponse resp = ( HttpServletResponse ) response; - // RFC 1738: verify that scheme is either "http" or "https" + // RFC 1738: verify that scheme is either "http" or "https" scheme = request.getScheme(); - if ((!scheme.equals(HTTP_SCHEME)) && (!scheme.equals(HTTPS_SCHEME))) { - msg = "The scheme MUST be either '" + HTTP_SCHEME + "' or '" - + HTTPS_SCHEME + "', NOT '" + scheme + "'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg); - return; + if( ( ! scheme.equals( HTTP_SCHEME ) ) && + ( ! scheme.equals( HTTPS_SCHEME ) ) ) { + msg = "The scheme MUST be either '" + HTTP_SCHEME + + "' or '" + HTTPS_SCHEME + + "', NOT '" + scheme + "'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg ); + return; } // Always obtain either an "http" or an "https" port from request port = request.getLocalPort(); - request_port = Integer.toString(port); + request_port = Integer.toString( port ); // Always obtain the "http" port passed in as a parameter - param_http_port = config.getInitParameter(HTTP_PORT); - if (param_http_port == null) { - msg = "The <param-name> '" + HTTP_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); - return; + param_http_port = config.getInitParameter( HTTP_PORT ); + if( param_http_port == null ) { + msg = "The <param-name> '" + HTTP_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; } // Always obtain the "https" port passed in as a parameter - param_https_port = config.getInitParameter(HTTPS_PORT); - if (param_https_port == null) { - msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> " - + "MUST be specified in 'web.xml'!"; - CMS.debug(filterName + ": " + msg); - resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg); - return; + param_https_port = config.getInitParameter( HTTPS_PORT ); + if( param_https_port == null ) { + msg = "The <param-name> '" + HTTPS_PORT + + "' </param-name> " + "MUST be specified in 'web.xml'!"; + CMS.debug( filterName + ": " + msg ); + resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg ); + return; } param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT); @@ -111,64 +119,58 @@ public class EERequestFilter implements Filter { // the request and param "http" ports; // otherwise, if the scheme is "https", compare // the request and param "https" ports - if (scheme.equals(HTTP_SCHEME)) { - if (!param_http_port.equals(request_port)) { + if( scheme.equals( HTTP_SCHEME ) ) { + if( ! param_http_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_http_port != null) { + if (param_proxy_http_port != null) { if (!param_proxy_http_port.equals(request_port)) { msg = "Use HTTP port '" + param_http_port - + "' or proxy port '" - + param_proxy_http_port + "' instead of '" - + request_port + "' when performing " - + HTTP_ROLE + " tasks!"; + + "' or proxy port '" + param_proxy_http_port + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTP port '" + param_http_port - + "' instead of '" + request_port - + "' when performing " + HTTP_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTP_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, - msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } } - } else if (scheme.equals(HTTPS_SCHEME)) { - if (!param_https_port.equals(request_port)) { + } else if( scheme.equals( HTTPS_SCHEME ) ) { + if( ! param_https_port.equals( request_port ) ) { String uri = ((HttpServletRequest) request).getRequestURI(); - if (param_proxy_port != null) { + if (param_proxy_port != null) { if (!param_proxy_port.equals(request_port)) { msg = "Use HTTPS port '" + param_https_port - + "' or proxy port '" + param_proxy_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE - + " tasks!"; + + "' or proxy port '" + param_proxy_port + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } } else { msg = "Use HTTPS port '" + param_https_port - + "' instead of '" + request_port - + "' when performing " + HTTPS_ROLE + " tasks!"; + + "' instead of '" + request_port + + "' when performing " + HTTPS_ROLE + " tasks!"; bad_port = true; } if (bad_port) { - CMS.debug(filterName + ": " + msg); - CMS.debug(filterName + ": uri is " + uri); - if ((param_active != null) - && (param_active.equals("false"))) { + CMS.debug( filterName + ": " + msg ); + CMS.debug( filterName + ": uri is " + uri); + if ((param_active != null) &&(param_active.equals("false"))) { CMS.debug("Filter is disabled .. continuing"); } else { - resp.sendError(HttpServletResponse.SC_NOT_FOUND, - msg); + resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg ); return; } } @@ -178,9 +180,11 @@ public class EERequestFilter implements Filter { } // CMS.debug("Exiting the EE filter"); - chain.doFilter(request, response); + chain.doFilter( request, response ); } - - public void destroy() { + + public void destroy() + { } } + |