struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Struts Wiki] Update of "SecureStrutsLinkTool" by MichaelJouravlev
Date Thu, 16 Feb 2006 23:15:58 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.

The following page has been changed by MichaelJouravlev:
http://wiki.apache.org/struts/SecureStrutsLinkTool

The comment on the change is:
Orphaned; just a big chunk of code.

------------------------------------------------------------------------------
- July 29, 2003
+ deleted
  
- SecureStrutsLinkTool is a substitute for StrutsLinkTool intended for those who use the SSL
Extensions with Struts 1.1.  Simply switch class names in toolbox.xml and you're set.
- 
- [http://sslext.sourceforge.net More info on Struts SSL Extensions]
- 
- Any comments are welcome on the Velocity Developer's List <velocity-dev@jakarta.apache.org>.
- 
- Marinó A. Jónsson
- 
- ----
- {{{ 
- { { { 
- 
- package org.apache.velocity.tools.struts;
- 
- import javax.servlet.*;
- import javax.servlet.http.*;
- 
- import org.apache.velocity.app.Velocity;
- import org.apache.velocity.tools.view.tools.LinkTool;
- import org.apache.velocity.tools.struts.StrutsUtils;
- 
- import org.apache.struts.config.ForwardConfig;
- import org.apache.struts.config.ModuleConfig;
- import org.apache.struts.action.SecurePlugIn;
- import org.apache.struts.config.SecureActionConfig;
- import org.apache.struts.Globals;
- 
- /**
- {{{ * <p>Title: SecureStrutsLinkTool</p> 
-  * <p>Description: Tool to be able to use Struts SSL Extensions with Velocity</p>

-  * <p>It has the same interface as StrutsLinkTool and can function as a substitute
if Struts 1.1 and SSL Ext are installed. </p> 
-  * @author Marinó A. Jónsson 
-  * @version 1.0 
-  */ }}}
- public class SecureStrutsLinkTool
- {{{    extends LinkTool { 
- 
-     private static final String HTTP = "http"; 
-     private static final String HTTPS = "https"; 
-     private static final String STD_HTTP_PORT = "80"; 
-     private static final String STD_HTTPS_PORT = "443"; 
- 
-     /** 
-      * <p>Returns a copy of the link with the given action name 
-      * converted into a server-relative URI reference. This method 
-      * does not check if the specified action really is defined. 
-      * This method will overwrite any previous URI reference settings 
-      * but will copy the query string.</p> 
-      * 
-      * @param action an action path as defined in struts-config.xml 
-      * 
-      * @return a new instance of StrutsLinkTool 
-      */ 
-     public SecureStrutsLinkTool setAction(String action) { 
-         String link = StrutsUtils.getActionMappingURL(application, request, action); 
-         return (SecureStrutsLinkTool) copyWith(this.computeURL(request, application, link));

-     } 
- 
-     /** 
-      * <p>Returns a copy of the link with the given global forward name 
-      * converted into a server-relative URI reference. If the parameter 
-      * does not map to an existing global forward name, <code>null</code> 
-      * is returned. This method will overwrite any previous URI reference 
-      * settings but will copy the query string.</p> 
-      * 
-      * @param forward a global forward name as defined in struts-config.xml 
-      * 
-      * @return a new instance of StrutsLinkTool 
-      */ 
-     public SecureStrutsLinkTool setForward(String forward) { 
- 
-         ForwardConfig fc = StrutsUtils.getForwardConfig(forward, request, application);

- 
-         if (fc == null) { 
-             Velocity.warn("In method setForward(" + forward + 
-                           "): Parameter does not map to a valid forward."); 
-             return null; 
-         } 
- 
-         StringBuffer url = new StringBuffer(); 
-         if (fc.getPath().startsWith("/")) { 
-             url.append(request.getContextPath()); 
-             url.append(StrutsUtils.getForwardURL(request, fc)); 
-         } 
-         else { 
-             url.append(fc.getPath()); 
-         } 
- 
-         return (SecureStrutsLinkTool) copyWith(this.computeURL(request, application, url.toString()));

-     } 
- 
-     public static String computeURL(HttpServletRequest request, ServletContext app, String
link) { 
- 
-         StringBuffer url = new StringBuffer(link); 
- 
-         String contextPath = request.getContextPath(); 
- 
-         if (SecurePlugIn.getAppSslExtEnable(app) && 
-             url.toString().startsWith(contextPath)) { 
- 
-             // Initialize the scheme and ports we are using 
-             String usingScheme = request.getScheme(); 
-             String usingPort = String.valueOf(request.getServerPort()); 
- 
-             // Get the servlet context relative link URL 
-             String linkString = url.toString().substring(contextPath.length()); 
- 
-             // See if link references an action somewhere in our app 
-             SecureActionConfig secureConfig = getActionConfig(request, app, linkString);

- 
-             // If link is an action, find the desired port and scheme 
-             if (secureConfig != null && 
-                 !SecureActionConfig.ANY.equalsIgnoreCase(secureConfig.getSecure())) { 
- 
-                 String desiredScheme = Boolean.valueOf(secureConfig.getSecure()).booleanValue()
? 
-                     HTTPS : HTTP; 
-                 String desiredPort = Boolean.valueOf(secureConfig.getSecure()).booleanValue()
? 
-                     SecurePlugIn.getAppHttpsPort(app) : SecurePlugIn.getAppHttpPort(app);

- 
-                 // If scheme and port we are using do not match the ones we want 
-                 if ( (!desiredScheme.equals(usingScheme) || !desiredPort.equals(usingPort)))
{ 
-                     url.insert(0, startNewUrlString(request, desiredScheme, desiredPort));

- 
-                     // This is a hack to help us overcome the problem that some 
-                     // older browsers do not share sessions between http & https 
-                     if (url.toString().indexOf(";jsessionid=") < 0) { 
-                         // Add the session identifier 
-                         url = new StringBuffer(StrutsUtils.toEncoded(url.toString(), 
-                             request.getSession().getId())); 
-                     } 
-                 } 
-             } 
-         } 
-         return url.toString(); 
-     } 
- 
-     /** 
-      * Finds the configuration definition for the specified action link 
-      * @param pageContext the current page context. 
-      * @param linkString The action we are searching for, specified as a link. (i.e. may
include "..") 
-      * @return The SecureActionConfig object entry for this action, or null if not found

-      */ 
-     private static SecureActionConfig getActionConfig(HttpServletRequest request, ServletContext
app, String linkString) { 
- 
-         ModuleConfig moduleConfig = StrutsUtils.selectModule(linkString, app); 
- 
-         // Strip off the subapp path, if any 
-         linkString = linkString.substring(moduleConfig.getPrefix().length()); 
- 
-         // Use our servlet mapping, if one is specified 
-         String servletMapping = (String) app.getAttribute(Globals.SERVLET_KEY); 
- 
-         int starIndex = servletMapping != null ? servletMapping.indexOf('*') : -1; 
-         if (starIndex == -1) { 
-             return null; 
-         } // No servlet mapping or no usable pattern defined, short circuit 
- 
-         String prefix = servletMapping.substring(0, starIndex); 
-         String suffix = servletMapping.substring(starIndex + 1); 
- 
-         // Strip off the jsessionid, if any 
-         int jsession = linkString.indexOf(";jsessionid="); 
-         if (jsession >= 0) { 
-             linkString = linkString.substring(0, jsession); 
-         } 
- 
-         // Strip off the anchor, if any 
-         int anchor = linkString.indexOf("#"); 
-         if (anchor >= 0) { 
-             linkString = linkString.substring(0, anchor); 
-         } 
- 
-         // Strip off the query string, if any 
-         int question = linkString.indexOf("?"); 
-         if (question >= 0) { 
-             linkString = linkString.substring(0, question); 
-         } 
- 
-         // Unable to establish this link as an action, short circuit 
-         if (! (linkString.startsWith(prefix) && linkString.endsWith(suffix))) {

-             return null; 
-         } 
- 
-         // Chop off prefix and suffix 
-         linkString = linkString.substring(prefix.length()); 
-         linkString = linkString.substring(0, linkString.length() - suffix.length()); 
-         if (!linkString.startsWith("/")) { 
-             linkString = "/" + linkString; 
-         } 
- 
-         SecureActionConfig secureConfig = (SecureActionConfig) moduleConfig.findActionConfig(linkString);

- 
-         return secureConfig; 
-     } 
- 
-     /** 
-      * Builds the protocol, server name, and port portion of the new URL 
-      * @param request The current request 
-      * @param desiredScheme  The scheme (http or https) to be used in the new URL 
-      * @param desiredPort The port number to be used in th enew URL 
-      * @return The new URL as a StringBuffer 
-      */ 
-     private static StringBuffer startNewUrlString(HttpServletRequest request, 
-                                                   String desiredScheme, 
-                                                   String desiredPort) { 
-         StringBuffer url = new StringBuffer(); 
-         String serverName = request.getServerName(); 
-         url.append(desiredScheme).append("://").append(serverName); 
- 
-         if ( (HTTP.equals(desiredScheme) && !STD_HTTP_PORT.equals(desiredPort))
|| 
-             (HTTPS.equals(desiredScheme) && !STD_HTTPS_PORT.equals(desiredPort)))
{ 
-             url.append(":").append(desiredPort); 
-         } 
- 
-         return url; 
-     } }}}
- }
- 
- {{{ } } } 
-  }}}
- 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message