1 package org
.argeo
.cms
.internal
.kernel
;
3 import java
.io
.IOException
;
4 import java
.security
.cert
.X509Certificate
;
5 import java
.util
.Enumeration
;
7 import javax
.servlet
.FilterChain
;
8 import javax
.servlet
.ServletException
;
9 import javax
.servlet
.http
.HttpServletRequest
;
10 import javax
.servlet
.http
.HttpServletResponse
;
11 import javax
.servlet
.http
.HttpSession
;
13 import org
.apache
.commons
.logging
.Log
;
14 import org
.apache
.commons
.logging
.LogFactory
;
15 import org
.argeo
.cms
.CmsException
;
16 import org
.argeo
.jcr
.ArgeoJcrConstants
;
17 import org
.eclipse
.equinox
.http
.servlet
.ExtendedHttpService
;
20 * Intercepts and enriches http access, mainly focusing on security and
24 class NodeHttp
implements KernelConstants
, ArgeoJcrConstants
{
25 private final static Log log
= LogFactory
.getLog(NodeHttp
.class);
28 private final RootFilter rootFilter
;
30 // private final DoSFilter dosFilter;
31 // private final QoSFilter qosFilter;
33 NodeHttp(ExtendedHttpService httpService
) {
34 rootFilter
= new RootFilter();
35 // dosFilter = new CustomDosFilter();
36 // qosFilter = new QoSFilter();
39 httpService
.registerFilter("/", rootFilter
, null, null);
40 } catch (Exception e
) {
41 throw new CmsException("Cannot register filters", e
);
45 public void destroy() {
48 /** Intercepts all requests. Authenticates. */
49 class RootFilter
extends HttpFilter
{
52 public void doFilter(HttpSession httpSession
,
53 HttpServletRequest request
, HttpServletResponse response
,
54 FilterChain filterChain
) throws IOException
, ServletException
{
55 if (log
.isTraceEnabled()) {
56 log
.trace(request
.getRequestURL().append(
57 request
.getQueryString() != null ?
"?"
58 + request
.getQueryString() : ""));
62 String servletPath
= request
.getServletPath();
65 X509Certificate clientCert
= extractCertificate(request
);
66 if (clientCert
!= null) {
68 // if (log.isDebugEnabled())
69 // log.debug(clientCert.getSubjectX500Principal().getName());
73 if (servletPath
.startsWith(PATH_DATA
)) {
74 filterChain
.doFilter(request
, response
);
78 // skip /ui (workbench) for the time being
79 if (servletPath
.startsWith(PATH_WORKBENCH
)) {
80 filterChain
.doFilter(request
, response
);
84 // redirect long RWT paths to anchor
85 String path
= request
.getRequestURI().substring(
86 servletPath
.length());
87 int pathLength
= path
.length();
88 if (pathLength
!= 0 && (path
.charAt(0) == '/')
89 && !servletPath
.endsWith("rwt-resources")
90 && !path
.startsWith(KernelConstants
.PATH_WORKBENCH
)
91 && path
.lastIndexOf('/') != 0) {
92 String newLocation
= request
.getServletPath() + "#" + path
;
93 response
.setHeader("Location", newLocation
);
94 response
.setStatus(HttpServletResponse
.SC_FOUND
);
99 filterChain
.doFilter(request
, response
);
103 private void logRequest(HttpServletRequest request
) {
104 log
.debug("contextPath=" + request
.getContextPath());
105 log
.debug("servletPath=" + request
.getServletPath());
106 log
.debug("requestURI=" + request
.getRequestURI());
107 log
.debug("queryString=" + request
.getQueryString());
108 StringBuilder buf
= new StringBuilder();
110 Enumeration
<String
> en
= request
.getHeaderNames();
111 while (en
.hasMoreElements()) {
112 String header
= en
.nextElement();
113 Enumeration
<String
> values
= request
.getHeaders(header
);
114 while (values
.hasMoreElements())
115 buf
.append(" " + header
+ ": " + values
.nextElement());
120 Enumeration
<String
> an
= request
.getAttributeNames();
121 while (an
.hasMoreElements()) {
122 String attr
= an
.nextElement();
123 Object value
= request
.getAttribute(attr
);
124 buf
.append(" " + attr
+ ": " + value
);
127 log
.debug("\n" + buf
);
130 private X509Certificate
extractCertificate(HttpServletRequest req
) {
131 X509Certificate
[] certs
= (X509Certificate
[]) req
132 .getAttribute("javax.servlet.request.X509Certificate");
133 if (null != certs
&& certs
.length
> 0) {
139 // class CustomDosFilter extends DoSFilter {
141 // protected String extractUserId(ServletRequest request) {
142 // HttpSession httpSession = ((HttpServletRequest) request)
144 // if (isSessionAuthenticated(httpSession)) {
145 // String userId = ((SecurityContext) httpSession
146 // .getAttribute(SPRING_SECURITY_CONTEXT_KEY))
147 // .getAuthentication().getName();
150 // return super.extractUserId(request);