| /* |
| * The Apache Software License, Version 1.1 |
| * |
| * |
| * Copyright (c) 1999-2003 The Apache Software Foundation. All rights |
| * reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in |
| * the documentation and/or other materials provided with the |
| * distribution. |
| * |
| * 3. The end-user documentation included with the redistribution, |
| * if any, must include the following acknowledgment: |
| * "This product includes software developed by the |
| * Apache Software Foundation (http://www.apache.org/)." |
| * Alternately, this acknowledgment may appear in the software itself, |
| * if and wherever such third-party acknowledgments normally appear. |
| * |
| * 4. The names "Xalan" and "Apache Software Foundation" must |
| * not be used to endorse or promote products derived from this |
| * software without prior written permission. For written |
| * permission, please contact apache@apache.org. |
| * |
| * 5. Products derived from this software may not be called "Apache", |
| * nor may "Apache" appear in their name, without prior written |
| * permission of the Apache Software Foundation. |
| * |
| * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR |
| * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
| * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| * SUCH DAMAGE. |
| * ==================================================================== |
| * |
| * This software consists of voluntary contributions made by many |
| * individuals on behalf of the Apache Software Foundation and was |
| * originally based on software copyright (c) 1999, Lotus |
| * Development Corporation., http://www.lotus.com. For more |
| * information on the Apache Software Foundation, please see |
| * <http://www.apache.org/>. |
| */ |
| package servlet; |
| |
| import java.net.*; |
| import javax.servlet.*; |
| import javax.servlet.http.*; |
| import java.util.Enumeration; |
| import java.util.Properties; |
| |
| /***************************************************************************************************** |
| * |
| * DefaultApplyXSLTProperties contains operational parameters for DefaultApplyXSLT based |
| * on program defaults and configuration. |
| * <p>This class is also used to return values for request-time parameters.</p> |
| * |
| * @author Spencer Shepard (sshepard@us.ibm.com) |
| * @author R. Adam King (rak@us.ibm.com) |
| * @author Tom Rowe (trowe@us.ibm.com) |
| * |
| *****************************************************************************************************/ |
| |
| public class DefaultApplyXSLTProperties extends ApplyXSLTProperties { |
| |
| /** |
| * Program default for parameter "catalog". |
| * @see #getCatalog |
| */ |
| private final String DEFAULT_catalog; |
| |
| /** |
| * Host used for local context comparisons. |
| * @see #getLocalHost |
| * @see #setLocalHost |
| */ |
| protected transient String localHost = null; |
| |
| /** |
| * Server port. Used in toSafeURL() -- fix submitted by Ritesh Kumar. |
| */ |
| protected static int port =0; |
| |
| /** |
| * Constructor to use program defaults. |
| */ |
| public DefaultApplyXSLTProperties() |
| { |
| super(); |
| DEFAULT_catalog = null; |
| setLocalHost(); |
| // setSystemProperties(); |
| } |
| |
| /** |
| * Constructor to use to override program defaults. |
| * @param config Servlet configuration |
| * @see #setLocalHost |
| */ |
| public DefaultApplyXSLTProperties(ServletConfig config) |
| { |
| super(config); |
| String cat = config.getInitParameter("catalog"); |
| if (cat != null) DEFAULT_catalog = cat; |
| else DEFAULT_catalog = null; |
| setLocalHost(); |
| setSystemProperties(); |
| } |
| |
| /** |
| * Sets the name of the local IP host name; this value will be used to constrain untrusted |
| * XML document and XSL stylesheet URLs to this trusted host. |
| * @see #getLocalHost |
| */ |
| protected void setLocalHost() |
| { |
| try |
| { |
| localHost = InetAddress.getLocalHost().getHostName(); |
| } |
| catch (Exception uhe) |
| { |
| localHost = null; |
| } |
| } |
| |
| /** |
| * Returns the name of trusted IP host. |
| * @return Name of trusted host |
| * @see #setLocalHost |
| */ |
| public String getLocalHost() |
| { |
| return localHost; |
| } |
| |
| /** |
| * Returns a URL which is constrained to a trusted IP host. |
| * @param xURL URL or file path to be made safe |
| * @return Safe URL |
| * @exception MalformedURLException Thrown when xURL is not a valid URL |
| * @see #setLocalHost |
| * @see #getLocalHost |
| */ |
| public URL toSafeURL(String xURL, HttpServletRequest request) |
| throws MalformedURLException |
| { |
| // Fix submitted by Ritesh Kumar. Port is included in construction of URL that is returned. |
| if (port == 0) |
| port = request.getServerPort(); |
| |
| if (xURL == null) |
| return null; |
| |
| if (xURL.startsWith("/")) |
| { |
| try |
| { |
| return new URL("http", localHost, port, xURL); |
| } |
| catch (MalformedURLException mue) |
| { |
| throw new MalformedURLException("toSafeURL(): " + xURL + |
| " did not map to local"); |
| } |
| } |
| URL tempURL = null; |
| try |
| { |
| tempURL = new URL(xURL); |
| } |
| catch (MalformedURLException mue) |
| { |
| throw new MalformedURLException("toSafeURL(): " + xURL + |
| " not a valid URL"); |
| } |
| try |
| { |
| return new URL(tempURL.getProtocol(), localHost, |
| port, tempURL.getFile()); |
| } |
| catch (MalformedURLException mue) |
| { |
| throw new MalformedURLException("toSafeURL(): " + xURL + |
| " could not be converted to local host"); |
| } |
| } |
| |
| /** |
| * Returns a string representing the constrained URL for the XML document. |
| * If there is no request parameter for the XML document, return the configured default. |
| * @param request May contain an XML document URL parameter |
| * @return String form of XML URL |
| * @exception MalformedURLException Thrown when request URL is not a valid URL or path |
| * @see #toSafeURL |
| */ |
| public String getXMLurl(HttpServletRequest request) |
| throws MalformedURLException |
| { |
| URL url = toSafeURL(getRequestParmString(request, "URL"),request); |
| if (url == null) |
| return super.getXMLurl(null); |
| return url.toExternalForm(); |
| } |
| |
| /** |
| * Returns a string representing the constrained URL for the XSL stylesheet |
| * from the request. |
| * @param request May contain an XSL stylesheet URL parameter |
| * @return String form of request XSL URL, or null if request contains no xslURL parameter |
| * @exception MalformedURLException Thrown when request URL is not a valid URL or path |
| * @see #toSafeURL |
| */ |
| public String getXSLRequestURL(HttpServletRequest request) |
| throws MalformedURLException |
| { |
| URL url = toSafeURL(getRequestParmString(request, "xslURL"),request); |
| if (url == null) |
| return null; |
| return url.toExternalForm(); |
| } |
| |
| /** |
| * Returns a string representing the constrained request URL for the XSL stylesheet. |
| * If there is no request parameter for the XSL stylesheet, return the configured default. |
| * @param request May contain an XSL stylesheet URL parameter |
| * @return String form of XSL URL |
| * @exception MalformedURLException Thrown when request URL is not a valid URL or path |
| * @see #toSafeURL |
| */ |
| public String getXSLurl(HttpServletRequest request) |
| throws MalformedURLException |
| { |
| String reqURL = getXSLRequestURL(request); |
| if (reqURL != null) |
| return reqURL; |
| URL url = toSafeURL(super.getXSLurl(null), request); |
| return url.toExternalForm(); |
| } |
| |
| /** |
| * Returns URLs for all <a href="http://www.ccil.org/~cowan/XML/XCatalog.html">XCatalogs</a> |
| * that are to be used to process the request. Catalogs are used to resolve XML public identifiers |
| * into system identifiers. |
| * <p>A single XCatalog can be configured as a default, |
| * but multiple XCatalogs can be specified at request time to augment the configured default. |
| * @param request May contain one or more XCatalog parameters |
| * @return Array of strings for all catalog URLs |
| */ |
| public String[] getCatalog(HttpServletRequest request) |
| { |
| String temp[] = request.getParameterValues("catalog"); |
| if (DEFAULT_catalog == null) |
| return temp; |
| if (temp == null) |
| { |
| String defaultArray[] = new String [1]; |
| defaultArray[0] = DEFAULT_catalog; |
| return defaultArray; |
| } |
| int i, len = temp.length + 1; |
| String newCatalogs[] = new String[len]; |
| newCatalogs[0] = DEFAULT_catalog; |
| for (i=1; i < len; i++) |
| { |
| newCatalogs[i] = temp[i-1]; |
| } |
| return newCatalogs; |
| } |
| |
| /** |
| * I think we no longer need this. Sets the 3 jaxp core system properties. |
| */ |
| protected void setSystemProperties() |
| { |
| Properties props = new Properties(); |
| props.put("javax.xml.transform.TransformerFactory", |
| "org.apache.xalan.processor.TransformerFactoryImpl"); |
| props.put("javax.xml.parsers.DocumentBuilderFactory", |
| "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); |
| props.put("javax.xml.parsers.SAXParserFactory", |
| "org.apache.xerces.jaxp.SAXParserFactoryImpl"); |
| |
| Properties systemProps = System.getProperties(); |
| Enumeration propEnum = props.propertyNames(); |
| while(propEnum.hasMoreElements()) |
| { |
| String prop = (String)propEnum.nextElement(); |
| if(!systemProps.containsKey(prop)) |
| systemProps.put(prop, props.getProperty(prop)); |
| } |
| System.setProperties(systemProps); |
| } |
| |
| } |