📄 contextfilter.java
字号:
/* * $Id: ContextFilter.java 5744 2005-09-15 04:12:25Z jaz $ * * Copyright (c) 2003 The Open For Business Project - www.ofbiz.org * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * */package org.ofbiz.webapp.control;import java.io.IOException;import java.net.MalformedURLException;import java.net.URL;import java.util.ArrayList;import java.util.Collection;import java.util.Enumeration;import java.util.Iterator;import java.util.List;import java.util.Map;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpServletResponseWrapper;import org.ofbiz.base.container.ContainerLoader;import org.ofbiz.base.start.StartupException;import org.ofbiz.base.util.CachedClassLoader;import org.ofbiz.base.util.Debug;import org.ofbiz.base.util.StringUtil;import org.ofbiz.base.util.UtilHttp;import org.ofbiz.base.util.UtilValidate;import org.ofbiz.base.util.UtilObject;import org.ofbiz.entity.GenericDelegator;import org.ofbiz.security.Security;import org.ofbiz.security.SecurityConfigurationException;import org.ofbiz.security.SecurityFactory;import org.ofbiz.service.LocalDispatcher;import org.ofbiz.service.WebAppDispatcher;/** * ContextFilter - Restricts access to raw files and configures servlet objects. * * @author <a href="mailto:jaz@ofbiz.org">Andy Zeneski</a> * @version $Rev: 5744 $ * @since 2.2 */public class ContextFilter implements Filter { public static final String module = ContextFilter.class.getName(); public static final String CONTAINER_CONFIG = "limited-containers.xml"; public static final String FORWARDED_FROM_SERVLET = "_FORWARDED_FROM_SERVLET_"; protected ClassLoader localCachedClassLoader = null; protected FilterConfig config = null; protected boolean debug = false; /** * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ public void init(FilterConfig config) throws ServletException { this.config = config; // puts all init-parameters in ServletContext attributes for easier parameterization without code changes this.putAllInitParametersInAttributes(); // initialize the cached class loader for this application ClassLoader loader = Thread.currentThread().getContextClassLoader(); localCachedClassLoader = new CachedClassLoader(loader, (String) config.getServletContext().getAttribute("webSiteId")); // set debug this.debug = "true".equalsIgnoreCase(config.getInitParameter("debug")); if (!debug) { debug = Debug.verboseOn(); } // load the containers getContainers(); // check the serverId getServerId(); // initialize the delegator getDelegator(); // initialize security getSecurity(); // initialize the services dispatcher getDispatcher(); // this will speed up the initial sessionId generation new java.security.SecureRandom().nextLong(); } /** * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponseWrapper wrapper = new HttpServletResponseWrapper((HttpServletResponse) response); // Debug.logInfo("Running ContextFilter.doFilter", module); // ----- Servlet Object Setup ----- // set the cached class loader for more speedy running in this thread Thread.currentThread().setContextClassLoader(localCachedClassLoader); // set the webSiteId in the session httpRequest.getSession().setAttribute("webSiteId", config.getServletContext().getAttribute("webSiteId")); // set the ServletContext in the request for future use request.setAttribute("servletContext", config.getServletContext()); // set the filesystem path of context root. request.setAttribute("_CONTEXT_ROOT_", config.getServletContext().getRealPath("/")); // set the server root url StringBuffer serverRootUrl = UtilHttp.getServerRootUrl(httpRequest); request.setAttribute("_SERVER_ROOT_URL_", serverRootUrl.toString()); // request attributes from redirect call String reqAttrMapHex = (String) httpRequest.getSession().getAttribute("_REQ_ATTR_MAP_"); if (UtilValidate.isNotEmpty(reqAttrMapHex)) { byte[] reqAttrMapBytes = StringUtil.fromHexString(reqAttrMapHex); Map reqAttrMap = (Map) UtilObject.getObject(reqAttrMapBytes); if (reqAttrMap != null) { Iterator i = reqAttrMap.keySet().iterator(); while (i.hasNext()) { String key = (String) i.next(); request.setAttribute(key, reqAttrMap.get(key)); } } httpRequest.getSession().removeAttribute("_REQ_ATTR_MAP_"); } // ----- Context Security ----- // check if we are disabled String disableSecurity = config.getInitParameter("disableContextSecurity"); if (disableSecurity != null && "Y".equals(disableSecurity)) { chain.doFilter(request, response); return; } // check if we are told to redirect everthing String redirectAllTo = config.getInitParameter("forceRedirectAll"); if (redirectAllTo != null && redirectAllTo.length() > 0) { // little trick here so we don't loop on ourself if (httpRequest.getSession().getAttribute("_FORCE_REDIRECT_") == null) { httpRequest.getSession().setAttribute("_FORCE_REDIRECT_", "true"); Debug.logWarning("Redirecting user to: " + redirectAllTo, module); if (!redirectAllTo.toLowerCase().startsWith("http")) { redirectAllTo = httpRequest.getContextPath() + redirectAllTo; } wrapper.sendRedirect(redirectAllTo); return; } else { httpRequest.getSession().removeAttribute("_FORCE_REDIRECT_"); chain.doFilter(request, response); return; } } // test to see if we have come through the control servlet already, if not do the processing if (request.getAttribute(ContextFilter.FORWARDED_FROM_SERVLET) == null) { // Debug.logInfo("In ContextFilter.doFilter, FORWARDED_FROM_SERVLET is NOT set", module); String allowedPath = config.getInitParameter("allowedPaths"); String redirectPath = config.getInitParameter("redirectPath"); String errorCode = config.getInitParameter("errorCode"); List allowList = StringUtil.split(allowedPath, ":"); allowList.add("/"); // No path is allowed. allowList.add(""); // No path is allowed.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -