SimbaESAPIConfiguration.java

/*
 * Copyright 2013-2017 Simba Open Source
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

package org.simbasecurity.core.service.validation;

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.reference.DefaultSecurityConfiguration;
import org.springframework.context.annotation.Configuration;

import java.io.*;

@Configuration
public class SimbaESAPIConfiguration extends DefaultSecurityConfiguration {

    static {
        ESAPI.override(new SimbaESAPIConfiguration());
    }

    /**
     * See super class, we added fallback to classpath
     */
    public InputStream getResourceStream(String filename) throws IOException {
        if (filename == null) {
            return null;
        }

        try {
            File f = getResourceFile(filename);
            if (f != null && f.exists()) {
                return new FileInputStream(f);
            }

            InputStream in = loadResourceFromClasspath(filename);
            if (in != null) {
                return in;
            }
        } catch (Exception ignored) {
        }

        throw new FileNotFoundException();
    }

    private InputStream loadResourceFromClasspath(String fileName) throws IllegalArgumentException {
        InputStream in = null;

		ClassLoader[] loaders = new ClassLoader[] { Thread.currentThread().getContextClassLoader(), ClassLoader.getSystemClassLoader(), getClass().getClassLoader() };
		
        for (ClassLoader currentLoader : loaders) {
            if (currentLoader != null) {
                try {
                    // try root
                    in = currentLoader.getResourceAsStream(fileName);

                    // try .esapi folder. Look here first for backward compatibility.
                    if (in == null) {
                        in = currentLoader.getResourceAsStream(".esapi/" + fileName);
                    }

                    // try esapi folder (new directory)
                    if (in == null) {
                        in = currentLoader.getResourceAsStream("esapi/" + fileName);
                    }

                    // try resources folder
                    if (in == null) {
                        in = currentLoader.getResourceAsStream("resources/" + fileName);
                    }

                    // now load the properties
                    if (in != null) {
                        return in;
                    }
                } catch (Exception e) {
                    in = null;
                }
            }
        }

        throw new IllegalArgumentException("Failed to load " + DEFAULT_RESOURCE_FILE + " as a classloader resource.");
    }

}