001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * Portions Copyright Apache Software Foundation.
007: *
008: * The contents of this file are subject to the terms of either the GNU
009: * General Public License Version 2 only ("GPL") or the Common Development
010: * and Distribution License("CDDL") (collectively, the "License"). You
011: * may not use this file except in compliance with the License. You can obtain
012: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
013: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
014: * language governing permissions and limitations under the License.
015: *
016: * When distributing the software, include this License Header Notice in each
017: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
018: * Sun designates this particular file as subject to the "Classpath" exception
019: * as provided by Sun in the GPL Version 2 section of the License file that
020: * accompanied this code. If applicable, add the following below the License
021: * Header, with the fields enclosed by brackets [] replaced by your own
022: * identifying information: "Portions Copyrighted [year]
023: * [name of copyright owner]"
024: *
025: * Contributor(s):
026: *
027: * If you wish your version of this file to be governed by only the CDDL or
028: * only the GPL Version 2, indicate your decision by adding "[Contributor]
029: * elects to include this software in this distribution under the [CDDL or GPL
030: * Version 2] license." If you don't indicate a single choice of license, a
031: * recipient has the option to distribute your version of this file under
032: * either the CDDL, the GPL Version 2 or to extend the choice of license to
033: * its licensees as provided above. However, if you add GPL Version 2 code
034: * and therefore, elected the GPL Version 2 license, then the option applies
035: * only if the new code is made subject to such option by the copyright
036: * holder.
037: */
038:
039: package javax.servlet.jsp.jstl.tlv;
040:
041: import java.io.IOException;
042: import java.util.HashSet;
043: import java.util.Set;
044: import java.util.StringTokenizer;
045:
046: import javax.servlet.jsp.tagext.PageData;
047: import javax.servlet.jsp.tagext.TagLibraryValidator;
048: import javax.servlet.jsp.tagext.ValidationMessage;
049: import javax.xml.parsers.ParserConfigurationException;
050: import javax.xml.parsers.SAXParser;
051: import javax.xml.parsers.SAXParserFactory;
052:
053: import org.xml.sax.Attributes;
054: import org.xml.sax.SAXException;
055: import org.xml.sax.helpers.DefaultHandler;
056:
057: /**
058: * <p>A TagLibraryValidator class to allow a TLD to restrict what
059: * taglibs (in addition to itself) may be imported on a page where it's
060: * used.</p>
061: *
062: * <p>This TLV supports the following initialization parameter:</p>
063: * <ul>
064: * <li><b>permittedTaglibs</b>: A whitespace-separated list of URIs corresponding
065: * to tag libraries permitted to be imported on the page in addition to the tag
066: * library that references PermittedTaglibsTLV (which is allowed implicitly).
067: * </ul>
068: *
069: * @author Shawn Bayern
070: */
071: public class PermittedTaglibsTLV extends TagLibraryValidator {
072:
073: //*********************************************************************
074: // Constants
075:
076: // parameter names
077: private final String PERMITTED_TAGLIBS_PARAM = "permittedTaglibs";
078:
079: // URI for "<jsp:root>" element
080: private final String JSP_ROOT_URI = "http://java.sun.com/JSP/Page";
081:
082: // local name of "<jsp:root>" element
083: private final String JSP_ROOT_NAME = "root";
084:
085: // QName for "<jsp:root>" element
086: private final String JSP_ROOT_QN = "jsp:root";
087:
088: //*********************************************************************
089: // Validation and configuration state (protected)
090:
091: private Set permittedTaglibs; // what URIs are allowed?
092: private boolean failed; // did the page fail?
093: private String uri; // our taglib's URI
094:
095: //*********************************************************************
096: // Constructor and lifecycle management
097:
098: public PermittedTaglibsTLV() {
099: super ();
100: init();
101: }
102:
103: private void init() {
104: permittedTaglibs = null;
105: failed = false;
106: }
107:
108: public void release() {
109: super .release();
110: init();
111: }
112:
113: //*********************************************************************
114: // Validation entry point
115:
116: public synchronized ValidationMessage[] validate(String prefix,
117: String uri, PageData page) {
118: try {
119:
120: // initialize
121: this .uri = uri;
122: permittedTaglibs = readConfiguration();
123:
124: // get a handler
125: DefaultHandler h = new PermittedTaglibsHandler();
126:
127: // parse the page
128: SAXParserFactory f = SAXParserFactory.newInstance();
129: f.setValidating(true);
130: SAXParser p = f.newSAXParser();
131: p.parse(page.getInputStream(), h);
132:
133: if (failed)
134: return vmFromString("taglib " + prefix + " (" + uri
135: + ") allows only the "
136: + "following taglibs to be imported: "
137: + permittedTaglibs);
138: else
139: return null;
140:
141: } catch (SAXException ex) {
142: return vmFromString(ex.toString());
143: } catch (ParserConfigurationException ex) {
144: return vmFromString(ex.toString());
145: } catch (IOException ex) {
146: return vmFromString(ex.toString());
147: }
148: }
149:
150: //*********************************************************************
151: // Utility functions
152:
153: /** Returns Set of permitted taglibs, based on configuration data. */
154: private Set readConfiguration() {
155:
156: // initialize the Set
157: Set s = new HashSet();
158:
159: // get the space-separated list of taglibs
160: String uris = (String) getInitParameters().get(
161: PERMITTED_TAGLIBS_PARAM);
162:
163: // separate the list into individual uris and store them
164: StringTokenizer st = new StringTokenizer(uris);
165: while (st.hasMoreTokens())
166: s.add(st.nextToken());
167:
168: // return the new Set
169: return s;
170:
171: }
172:
173: // constructs a ValidationMessage[] from a single String and no ID
174: private ValidationMessage[] vmFromString(String message) {
175: return new ValidationMessage[] { new ValidationMessage(null,
176: message) };
177: }
178:
179: //*********************************************************************
180: // SAX handler
181:
182: /** The handler that provides the base of our implementation. */
183: private class PermittedTaglibsHandler extends DefaultHandler {
184:
185: // if the element is <jsp:root>, check its "xmlns:" attributes
186: public void startElement(String ns, String ln, String qn,
187: Attributes a) {
188:
189: // ignore all but <jsp:root>
190: if (!qn.equals(JSP_ROOT_QN)
191: && (!ns.equals(JSP_ROOT_URI) || !ln
192: .equals(JSP_ROOT_NAME)))
193: return;
194:
195: // for <jsp:root>, check the attributes
196: for (int i = 0; i < a.getLength(); i++) {
197: String name = a.getQName(i);
198:
199: // ignore non-namespace attributes, and xmlns:jsp
200: if (!name.startsWith("xmlns:")
201: || name.equals("xmlns:jsp"))
202: continue;
203:
204: String value = a.getValue(i);
205: // ignore our own namespace declaration
206: if (value.equals(uri))
207: continue;
208:
209: // otherwise, ensure that 'value' is in 'permittedTaglibs' set
210: if (!permittedTaglibs.contains(value))
211: failed = true;
212: }
213: }
214: }
215:
216: }
|