1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2009 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.filter;
import javax.servlet.http.*;
import javax.servlet.*;
import com.netscape.certsrv.apps.*;
public class AdminRequestFilter implements Filter
{
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "Admin";
private FilterConfig config;
/* Create a new AdminRequestFilter */
public AdminRequestFilter() {}
public void init( FilterConfig filterConfig )
throws ServletException
{
this.config = filterConfig;
}
public void doFilter( ServletRequest request,
ServletResponse response,
FilterChain chain )
throws java.io.IOException,
ServletException
{
String filterName = getClass().getName();
String scheme = null;
int port = 0;
String request_port = null;
String param_https_port = null;
String msg = null;
String param_active = null;
// CMS.debug("Entering the admin filter");
param_active = config.getInitParameter( "active");
if( request instanceof HttpServletRequest ) {
HttpServletResponse resp = ( HttpServletResponse ) response;
// RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
if( ! scheme.equals( HTTPS_SCHEME ) ) {
msg = "The scheme MUST be '" + HTTPS_SCHEME
+ "', NOT '" + scheme + "'!";
CMS.debug( filterName + ": " + msg );
resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
request_port = Integer.toString( port );
// Always obtain the "https" port passed in as a parameter
param_https_port = config.getInitParameter( HTTPS_PORT );
if( param_https_port == null ) {
msg = "The <param-name> '" + HTTPS_PORT
+ "' </param-name> " + "MUST be specified in 'web.xml'!";
CMS.debug( filterName + ": " + msg );
resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
return;
}
// Compare the request and param "https" ports
if( ! param_https_port.equals( request_port ) ) {
String uri = ((HttpServletRequest) request).getRequestURI();
msg = "Use HTTPS port '" + param_https_port
+ "' instead of '" + request_port
+ "' when performing " + HTTPS_ROLE + " tasks!";
CMS.debug( filterName + ": " + msg );
CMS.debug( filterName + ": uri is " + uri);
if ((param_active != null) &&(param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
return;
}
}
}
// CMS.debug("Exiting the admin filter");
chain.doFilter( request, response );
}
public void destroy()
{
}
}
|
