/*
* Copyright 2015 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.uberfire.server;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.io.regex.AntPathMatcher;
import org.uberfire.java.nio.file.Path;
import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
public abstract class BaseFilteredServlet extends HttpServlet {
private static final Logger logger = LoggerFactory.getLogger(BaseFilteredServlet.class);
protected Collection<String> includes = new ArrayList<String>();
protected Collection<String> excludes = new ArrayList<String>();
@Override
public void init(final ServletConfig config) throws ServletException {
super.init(config);
final String _includes = config.getInitParameter("includes-path");
if (_includes != null && !_includes.trim().isEmpty()) {
includes.addAll(Arrays.asList(_includes.split(",")));
}
final String _excludes = config.getInitParameter("excludes-path");
if (_excludes != null && !_excludes.trim().isEmpty()) {
excludes.addAll(Arrays.asList(_excludes.split(",")));
}
}
protected boolean validateAccess(final URI uri,
final HttpServletResponse response) {
if (!AntPathMatcher.filter(includes,
excludes,
uri)) {
logger.error("Invalid credentials to path.");
try {
response.sendError(SC_FORBIDDEN);
} catch (Exception ex) {
logger.error(ex.getMessage(),
ex);
}
return false;
}
return true;
}
protected boolean validateAccess(final Path path,
final HttpServletResponse response) {
if (!AntPathMatcher.filter(includes,
excludes,
path)) {
logger.error("Invalid credentials to path.");
try {
response.sendError(SC_FORBIDDEN);
} catch (Exception ex) {
logger.error(ex.getMessage(),
ex);
}
return false;
}
return true;
}
}