bundles/org.apache.tomcat/src/org/apache/catalina/valves/RequestFilterValve.java - rap/org.apache.tomcat - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */


 package org.apache.catalina.valves;


 import java.io.IOException;
 import java.util.regex.Pattern;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;

 /**
  * Implementation of a Valve that performs filtering based on comparing the
  * appropriate request property (selected based on which subclass you choose
  * to configure into your Container's pipeline) against the regular expressions
  * configured for this Valve.
  * <p>
  * This valve is configured by setting the <code>allow</code> and/or
  * <code>deny</code> properties to a regular expressions (in the syntax
  * supported by {@link Pattern}) to which the appropriate request property will
  * be compared. Evaluation proceeds as follows:
  * <ul>
  * <li>The subclass extracts the request property to be filtered, and
  *     calls the common <code>process()</code> method.
  * <li>If there is a deny expression configured, the property will be compared
  *     to the expression. If a match is found, this request will be rejected
  *     with a "Forbidden" HTTP response.</li>
  * <li>If there is a allow expression configured, the property will be compared
  *     to each such expression.  If a match is found, this request will be
  *     allowed to pass through to the next Valve in the current pipeline.</li>
  * <li>If a deny expression was specified but no allow expression, allow this
  *     request to pass through (because none of the deny expressions matched
  *     it).
  * <li>The request will be rejected with a "Forbidden" HTTP response.</li>
  * </ul>
  * <p>
  * This Valve may be attached to any Container, depending on the granularity
  * of the filtering you wish to perform.
  *
  * @author Craig R. McClanahan
  * @version $Id: RequestFilterValve.java,v 1.1 2011/06/28 21:08:14 rherrmann Exp $
  */

 public abstract class RequestFilterValve
     extends ValveBase {

     //------------------------------------------------------ Constructor
     public RequestFilterValve() {
         super(true);
     }

     // ----------------------------------------------------- Class Variables


     /**
      * The descriptive information related to this implementation.
      */
     private static final String info =
         "org.apache.catalina.valves.RequestFilterValve/1.0";


     // ----------------------------------------------------- Instance Variables


     /**
      * The regular expression used to test for allowed requests.
      */
     protected Pattern allow = null;


     /**
      * The regular expression used to test for denied requests.
      */
     protected Pattern deny = null;


     // ------------------------------------------------------------- Properties


     /**
      * Return the regular expression used to test for allowed requests for this
      * Valve, if any; otherwise, return <code>null</code>.
      */
     public String getAllow() {
         if (allow == null) {
             return null;
         }
         return allow.toString();
     }


     /**
      * Set the regular expression used to test for allowed requests for this
      * Valve, if any.
      *
      * @param allow The new allow expression
      */
     public void setAllow(String allow) {
         if (allow == null || allow.length() == 0) {
             this.allow = null;
         } else {
             this.allow = Pattern.compile(allow);
         }
     }


     /**
      * Return the regular expression used to test for denied requests for this
      * Valve, if any; otherwise, return <code>null</code>.
      */
     public String getDeny() {
         if (deny == null) {
             return null;
         }
         return deny.toString();
     }


     /**
      * Set the regular expression used to test for denied requests for this
      * Valve, if any.
      *
      * @param deny The new deny expression
      */
     public void setDeny(String deny) {
         if (deny == null || deny.length() == 0) {
             this.deny = null;
         } else {
             this.deny = Pattern.compile(deny);
         }
     }


     /**
      * Return descriptive information about this Valve implementation.
      */
     @Override
     public String getInfo() {

         return (info);

     }


     // --------------------------------------------------------- Public Methods


     /**
      * Extract the desired request property, and pass it (along with the
      * specified request and response objects) to the protected
      * <code>process()</code> method to perform the actual filtering.
      * This method must be implemented by a concrete subclass.
      *
      * @param request The servlet request to be processed
      * @param response The servlet response to be created
      *
      * @exception IOException if an input/output error occurs
      * @exception ServletException if a servlet error occurs
      */
     @Override
     public abstract void invoke(Request request, Response response)
         throws IOException, ServletException;


     // ------------------------------------------------------ Protected Methods


     /**
      * Perform the filtering that has been configured for this Valve, matching
      * against the specified request property.
      *
      * @param property The request property on which to filter
      * @param request The servlet request to be processed
      * @param response The servlet response to be processed
      *
      * @exception IOException if an input/output error occurs
      * @exception ServletException if a servlet error occurs
      */
     protected void process(String property,
                            Request request, Response response)
         throws IOException, ServletException {

         // Check the deny patterns, if any
         if (deny != null && deny.matcher(property).matches()) {
             response.sendError(HttpServletResponse.SC_FORBIDDEN);
             return;
         }

         // Check the allow patterns, if any
         if (allow != null && allow.matcher(property).matches()) {
             getNext().invoke(request, response);
             return;
         }

         // Allow if denies specified but not allows
         if (deny != null && allow == null) {
             getNext().invoke(request, response);
             return;
         }

         // Deny this request
         response.sendError(HttpServletResponse.SC_FORBIDDEN);

     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/


	package org.apache.catalina.valves;


	import java.io.IOException;
	import java.util.regex.Pattern;

	import javax.servlet.ServletException;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.catalina.connector.Request;
	import org.apache.catalina.connector.Response;

	/**
	* Implementation of a Valve that performs filtering based on comparing the
	* appropriate request property (selected based on which subclass you choose
	* to configure into your Container's pipeline) against the regular expressions
	* configured for this Valve.
	* <p>
	* This valve is configured by setting the <code>allow</code> and/or
	* <code>deny</code> properties to a regular expressions (in the syntax
	* supported by {@link Pattern}) to which the appropriate request property will
	* be compared. Evaluation proceeds as follows:
	* <ul>
	* <li>The subclass extracts the request property to be filtered, and
	* calls the common <code>process()</code> method.
	* <li>If there is a deny expression configured, the property will be compared
	* to the expression. If a match is found, this request will be rejected
	* with a "Forbidden" HTTP response.</li>
	* <li>If there is a allow expression configured, the property will be compared
	* to each such expression. If a match is found, this request will be
	* allowed to pass through to the next Valve in the current pipeline.</li>
	* <li>If a deny expression was specified but no allow expression, allow this
	* request to pass through (because none of the deny expressions matched
	* it).
	* <li>The request will be rejected with a "Forbidden" HTTP response.</li>
	* </ul>
	* <p>
	* This Valve may be attached to any Container, depending on the granularity
	* of the filtering you wish to perform.
	*
	* @author Craig R. McClanahan
	* @version $Id: RequestFilterValve.java,v 1.1 2011/06/28 21:08:14 rherrmann Exp $
	*/

	public abstract class RequestFilterValve
	extends ValveBase {

	//------------------------------------------------------ Constructor
	public RequestFilterValve() {
	super(true);
	}

	// ----------------------------------------------------- Class Variables


	/**
	* The descriptive information related to this implementation.
	*/
	private static final String info =
	"org.apache.catalina.valves.RequestFilterValve/1.0";


	// ----------------------------------------------------- Instance Variables


	/**
	* The regular expression used to test for allowed requests.
	*/
	protected Pattern allow = null;


	/**
	* The regular expression used to test for denied requests.
	*/
	protected Pattern deny = null;


	// ------------------------------------------------------------- Properties


	/**
	* Return the regular expression used to test for allowed requests for this
	* Valve, if any; otherwise, return <code>null</code>.
	*/
	public String getAllow() {
	if (allow == null) {
	return null;
	}
	return allow.toString();
	}


	/**
	* Set the regular expression used to test for allowed requests for this
	* Valve, if any.
	*
	* @param allow The new allow expression
	*/
	public void setAllow(String allow) {
	if (allow == null \|\| allow.length() == 0) {
	this.allow = null;
	} else {
	this.allow = Pattern.compile(allow);
	}
	}


	/**
	* Return the regular expression used to test for denied requests for this
	* Valve, if any; otherwise, return <code>null</code>.
	*/
	public String getDeny() {
	if (deny == null) {
	return null;
	}
	return deny.toString();
	}


	/**
	* Set the regular expression used to test for denied requests for this
	* Valve, if any.
	*
	* @param deny The new deny expression
	*/
	public void setDeny(String deny) {
	if (deny == null \|\| deny.length() == 0) {
	this.deny = null;
	} else {
	this.deny = Pattern.compile(deny);
	}
	}


	/**
	* Return descriptive information about this Valve implementation.
	*/
	@Override
	public String getInfo() {

	return (info);

	}


	// --------------------------------------------------------- Public Methods


	/**
	* Extract the desired request property, and pass it (along with the
	* specified request and response objects) to the protected
	* <code>process()</code> method to perform the actual filtering.
	* This method must be implemented by a concrete subclass.
	*
	* @param request The servlet request to be processed
	* @param response The servlet response to be created
	*
	* @exception IOException if an input/output error occurs
	* @exception ServletException if a servlet error occurs
	*/
	@Override
	public abstract void invoke(Request request, Response response)
	throws IOException, ServletException;


	// ------------------------------------------------------ Protected Methods


	/**
	* Perform the filtering that has been configured for this Valve, matching
	* against the specified request property.
	*
	* @param property The request property on which to filter
	* @param request The servlet request to be processed
	* @param response The servlet response to be processed
	*
	* @exception IOException if an input/output error occurs
	* @exception ServletException if a servlet error occurs
	*/
	protected void process(String property,
	Request request, Response response)
	throws IOException, ServletException {

	// Check the deny patterns, if any
	if (deny != null && deny.matcher(property).matches()) {
	response.sendError(HttpServletResponse.SC_FORBIDDEN);
	return;
	}

	// Check the allow patterns, if any
	if (allow != null && allow.matcher(property).matches()) {
	getNext().invoke(request, response);
	return;
	}

	// Allow if denies specified but not allows
	if (deny != null && allow == null) {
	getNext().invoke(request, response);
	return;
	}

	// Deny this request
	response.sendError(HttpServletResponse.SC_FORBIDDEN);

	}
	}