cryptedurlwebrequestcodingstrategy.java

Wicket一个开发Java Web应用程序框架。它使得开发web应用程序变得容易而轻松。 Wicket利用一个POJO data beans组件使得它可以与任何持久层技术相结合。

	 * Try to shorten the querystring without loosing information. Note: WebRequestWithCryptedUrl
	 * must implement exactly the opposite logic.
	 * 
	 * @param queryString
	 *            The original query string
	 * @return The shortened querystring
	 */
	protected CharSequence shortenUrl(CharSequence queryString)
	{
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.BEHAVIOR_ID_PARAMETER_NAME + "=", "1*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IRedirectListener", "2*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IFormSubmitListener", "3*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IOnChangeListener", "4*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=ILinkListener", "5*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=", "6*");
		queryString = Strings.replaceAll(queryString,
				WebRequestCodingStrategy.BOOKMARKABLE_PAGE_PARAMETER_NAME + "=", "7*");

		// For debugging only: determine possibilities to further shorten
		// the query string
		if (log.isDebugEnabled())
		{
			// Every word with at least 3 letters
			Pattern words = Pattern.compile("\\w\\w\\w+");
			Matcher matcher = words.matcher(queryString);
			while (matcher.find())
			{
				CharSequence word = queryString.subSequence(matcher.start(), matcher.end());
				log.debug("URL pattern NOT shortened: '" + word + "' - '" + queryString + "'");
			}
		}

		return queryString;
	}

	/**
	 * In case the query string has been shortened prior to encryption, than rebuild (lengthen) the
	 * query string now. Note: This implementation must exactly match the reverse one implemented in
	 * WebResponseWithCryptedUrl.
	 * 
	 * @param queryString
	 *            The URL's query string
	 * @return The lengthened query string
	 */
	protected String rebuildUrl(CharSequence queryString)
	{
		queryString = Strings.replaceAll(queryString, "1*",
				WebRequestCodingStrategy.BEHAVIOR_ID_PARAMETER_NAME + "=");
		queryString = Strings.replaceAll(queryString, "2*",
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IRedirectListener");
		queryString = Strings.replaceAll(queryString, "3*",
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IFormSubmitListener");
		queryString = Strings.replaceAll(queryString, "4*",
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IOnChangeListener");
		queryString = Strings.replaceAll(queryString, "5*",
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=ILinkListener");
		queryString = Strings.replaceAll(queryString, "6*",
				WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=");
		queryString = Strings.replaceAll(queryString, "7*",
				WebRequestCodingStrategy.BOOKMARKABLE_PAGE_PARAMETER_NAME + "=");

		return queryString.toString();
	}

	/**
	 * IRequestCodingStrategy.decode(Request) requires a Request parameter and not a URL. Hence,
	 * based on the original URL and the decoded 'x' parameter a new Request object must be created
	 * to serve the default coding strategy as input for analyzing the URL.
	 */
	private static class DecodedUrlRequest extends Request
	{
		/** The original request */
		private final Request request;

		/** The new URL with the 'x' param decoded */
		private final String url;

		/**
		 * The new parameter map with the 'x' param removed and the 'new' one included
		 */
		private final Map parameterMap;

		/**
		 * Construct.
		 * 
		 * @param request
		 * @param url
		 * @param encodedParamReplacement
		 */
		public DecodedUrlRequest(final Request request, final String url,
				final String encodedParamReplacement)
		{
			this.request = request;

			// Create a copy of the original parameter map
			parameterMap = this.request.getParameterMap();

			// Remove the 'x' parameter which contains ALL the encoded params
			parameterMap.remove("x");
			String decodedParamReplacement = encodedParamReplacement;
			try
			{
				decodedParamReplacement = URLDecoder.decode(encodedParamReplacement, Application
						.get().getRequestCycleSettings().getResponseRequestEncoding());
			}
			catch (UnsupportedEncodingException ex)
			{
				log.error("error decoding url: " + encodedParamReplacement, ex);
			}

			// Add ALL of the params from the decoded 'x' param
			ValueMap params = new ValueMap();
			RequestUtils.decodeParameters(decodedParamReplacement, params);
			parameterMap.putAll(params);

			// Rebuild the URL with the 'x' param removed
			int pos1 = url.indexOf("?x=");
			if (pos1 == -1)
			{
				throw new WicketRuntimeException("Programming error: we should come here");
			}
			int pos2 = url.indexOf("&");

			AppendingStringBuffer urlBuf = new AppendingStringBuffer(url.length() +
					encodedParamReplacement.length());
			urlBuf.append(url.subSequence(0, pos1 + 1));
			urlBuf.append(encodedParamReplacement);
			if (pos2 != -1)
			{
				urlBuf.append(url.substring(pos2));
			}
			this.url = urlBuf.toString();
		}

		/**
		 * Delegate to the original request
		 * 
		 * @see org.apache.wicket.Request#getLocale()
		 */
		public Locale getLocale()
		{
			return request.getLocale();
		}

		/**
		 * @see org.apache.wicket.Request#getParameter(java.lang.String)
		 */
		public String getParameter(final String key)
		{
			if (key == null)
			{
				return null;
			}

			Object val = parameterMap.get(key);
			if (val == null)
			{
				return null;
			}
			else if (val instanceof String[])
			{
				String[] arrayVal = (String[])val;
				return arrayVal.length > 0 ? arrayVal[0] : null;
			}
			else if (val instanceof String)
			{
				return (String)val;
			}
			else
			{
				// never happens, just being defensive
				return val.toString();
			}
		}

		/**
		 * @see org.apache.wicket.Request#getParameterMap()
		 */
		public Map getParameterMap()
		{
			return parameterMap;
		}

		/**
		 * @see org.apache.wicket.Request#getParameters(java.lang.String)
		 */
		public String[] getParameters(final String key)
		{
			if (key == null)
			{
				return null;
			}

			Object val = parameterMap.get(key);
			if (val == null)
			{
				return null;
			}
			else if (val instanceof String[])
			{
				return (String[])val;
			}
			else if (val instanceof String)
			{
				return new String[] { (String)val };
			}
			else
			{
				// never happens, just being defensive
				return new String[] { val.toString() };
			}
		}

		/**
		 * @see org.apache.wicket.Request#getPath()
		 */
		public String getPath()
		{
			// Hasn't changed. We only encoded the querystring
			return request.getPath();
		}

		public String getRelativePathPrefixToContextRoot()
		{
			return request.getRelativePathPrefixToContextRoot();
		}

		public String getRelativePathPrefixToWicketHandler()
		{
			return request.getRelativePathPrefixToWicketHandler();
		}

		/**
		 * @see org.apache.wicket.Request#getURL()
		 */
		public String getURL()
		{
			return url;
		}
	}

	/**
	 * 
	 */
	public class HackAttackException extends WicketRuntimeException
	{
		private static final long serialVersionUID = 1L;

		/**
		 * Construct.
		 * 
		 * @param msg
		 */
		public HackAttackException(final String msg)
		{
			super(msg);
		}

		/**
		 * No stack trace. We won't tell the hackers about the internals of wicket
		 * 
		 * @see java.lang.Throwable#getStackTrace()
		 */
		public StackTraceElement[] getStackTrace()
		{
			return new StackTraceElement[0];
		}

		/**
		 * No additional information. We won't tell the hackers about the internals of wicket
		 * 
		 * @see java.lang.Throwable#toString()
		 */
		public String toString()
		{
			return getMessage();
		}
	}
}