001: /*
002: * Copyright 1999-2004 The Apache Software Foundation.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: /*
017: * $Id: DefaultApplyXSLTProperties.java,v 1.1 2006-06-27 14:42:52 sinisa Exp $
018: */
019: package servlet;
020:
021: import java.net.*;
022: import javax.servlet.*;
023: import javax.servlet.http.*;
024: import java.util.Enumeration;
025: import java.util.Properties;
026:
027: /*****************************************************************************************************
028: *
029: * DefaultApplyXSLTProperties contains operational parameters for DefaultApplyXSLT based
030: * on program defaults and configuration.
031: * <p>This class is also used to return values for request-time parameters.</p>
032: *
033: * @author Spencer Shepard (sshepard@us.ibm.com)
034: * @author R. Adam King (rak@us.ibm.com)
035: * @author Tom Rowe (trowe@us.ibm.com)
036: *
037: *****************************************************************************************************/
038:
039: public class DefaultApplyXSLTProperties extends ApplyXSLTProperties {
040:
041: /**
042: * Program default for parameter "catalog".
043: * @see #getCatalog
044: */
045: private final String DEFAULT_catalog;
046:
047: /**
048: * Host used for local context comparisons.
049: * @see #getLocalHost
050: * @see #setLocalHost
051: */
052: protected transient String localHost = null;
053:
054: /**
055: * Server port. Used in toSafeURL() -- fix submitted by Ritesh Kumar.
056: */
057: protected static int port = 0;
058:
059: /**
060: * Constructor to use program defaults.
061: */
062: public DefaultApplyXSLTProperties() {
063: super ();
064: DEFAULT_catalog = null;
065: setLocalHost();
066: // setSystemProperties();
067: }
068:
069: /**
070: * Constructor to use to override program defaults.
071: * @param config Servlet configuration
072: * @see #setLocalHost
073: */
074: public DefaultApplyXSLTProperties(ServletConfig config) {
075: super (config);
076: String cat = config.getInitParameter("catalog");
077: if (cat != null)
078: DEFAULT_catalog = cat;
079: else
080: DEFAULT_catalog = null;
081: setLocalHost();
082: setSystemProperties();
083: }
084:
085: /**
086: * Sets the name of the local IP host name; this value will be used to constrain untrusted
087: * XML document and XSL stylesheet URLs to this trusted host.
088: * @see #getLocalHost
089: */
090: protected void setLocalHost() {
091: try {
092: localHost = InetAddress.getLocalHost().getHostName();
093: } catch (Exception uhe) {
094: localHost = null;
095: }
096: }
097:
098: /**
099: * Returns the name of trusted IP host.
100: * @return Name of trusted host
101: * @see #setLocalHost
102: */
103: public String getLocalHost() {
104: return localHost;
105: }
106:
107: /**
108: * Returns a URL which is constrained to a trusted IP host.
109: * @param xURL URL or file path to be made safe
110: * @return Safe URL
111: * @exception MalformedURLException Thrown when xURL is not a valid URL
112: * @see #setLocalHost
113: * @see #getLocalHost
114: */
115: public URL toSafeURL(String xURL, HttpServletRequest request)
116: throws MalformedURLException {
117: // Fix submitted by Ritesh Kumar. Port is included in construction of URL that is returned.
118: if (port == 0)
119: port = request.getServerPort();
120:
121: if (xURL == null)
122: return null;
123:
124: if (xURL.startsWith("/")) {
125: try {
126: return new URL("http", localHost, port, xURL);
127: } catch (MalformedURLException mue) {
128: throw new MalformedURLException("toSafeURL(): " + xURL
129: + " did not map to local");
130: }
131: }
132: URL tempURL = null;
133: try {
134: tempURL = new URL(xURL);
135: } catch (MalformedURLException mue) {
136: throw new MalformedURLException("toSafeURL(): " + xURL
137: + " not a valid URL");
138: }
139: try {
140: return new URL(tempURL.getProtocol(), localHost, port,
141: tempURL.getFile());
142: } catch (MalformedURLException mue) {
143: throw new MalformedURLException("toSafeURL(): " + xURL
144: + " could not be converted to local host");
145: }
146: }
147:
148: /**
149: * Returns a string representing the constrained URL for the XML document.
150: * If there is no request parameter for the XML document, return the configured default.
151: * @param request May contain an XML document URL parameter
152: * @return String form of XML URL
153: * @exception MalformedURLException Thrown when request URL is not a valid URL or path
154: * @see #toSafeURL
155: */
156: public String getXMLurl(HttpServletRequest request)
157: throws MalformedURLException {
158: URL url = toSafeURL(getRequestParmString(request, "URL"),
159: request);
160: if (url == null)
161: return super .getXMLurl(null);
162: return url.toExternalForm();
163: }
164:
165: /**
166: * Returns a string representing the constrained URL for the XSL stylesheet
167: * from the request.
168: * @param request May contain an XSL stylesheet URL parameter
169: * @return String form of request XSL URL, or null if request contains no xslURL parameter
170: * @exception MalformedURLException Thrown when request URL is not a valid URL or path
171: * @see #toSafeURL
172: */
173: public String getXSLRequestURL(HttpServletRequest request)
174: throws MalformedURLException {
175: URL url = toSafeURL(getRequestParmString(request, "xslURL"),
176: request);
177: if (url == null)
178: return null;
179: return url.toExternalForm();
180: }
181:
182: /**
183: * Returns a string representing the constrained request URL for the XSL stylesheet.
184: * If there is no request parameter for the XSL stylesheet, return the configured default.
185: * @param request May contain an XSL stylesheet URL parameter
186: * @return String form of XSL URL
187: * @exception MalformedURLException Thrown when request URL is not a valid URL or path
188: * @see #toSafeURL
189: */
190: public String getXSLurl(HttpServletRequest request)
191: throws MalformedURLException {
192: String reqURL = getXSLRequestURL(request);
193: if (reqURL != null)
194: return reqURL;
195: URL url = toSafeURL(super .getXSLurl(null), request);
196: return url.toExternalForm();
197: }
198:
199: /**
200: * Returns URLs for all <a href="http://www.ccil.org/~cowan/XML/XCatalog.html">XCatalogs</a>
201: * that are to be used to process the request. Catalogs are used to resolve XML public identifiers
202: * into system identifiers.
203: * <p>A single XCatalog can be configured as a default,
204: * but multiple XCatalogs can be specified at request time to augment the configured default.
205: * @param request May contain one or more XCatalog parameters
206: * @return Array of strings for all catalog URLs
207: */
208: public String[] getCatalog(HttpServletRequest request) {
209: String temp[] = request.getParameterValues("catalog");
210: if (DEFAULT_catalog == null)
211: return temp;
212: if (temp == null) {
213: String defaultArray[] = new String[1];
214: defaultArray[0] = DEFAULT_catalog;
215: return defaultArray;
216: }
217: int i, len = temp.length + 1;
218: String newCatalogs[] = new String[len];
219: newCatalogs[0] = DEFAULT_catalog;
220: for (i = 1; i < len; i++) {
221: newCatalogs[i] = temp[i - 1];
222: }
223: return newCatalogs;
224: }
225:
226: /**
227: * I think we no longer need this. Sets the 3 jaxp core system properties.
228: */
229: protected void setSystemProperties() {
230: Properties props = new Properties();
231: props.put("javax.xml.transform.TransformerFactory",
232: "org.apache.xalan.processor.TransformerFactoryImpl");
233: props.put("javax.xml.parsers.DocumentBuilderFactory",
234: "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
235: props.put("javax.xml.parsers.SAXParserFactory",
236: "org.apache.xerces.jaxp.SAXParserFactoryImpl");
237:
238: Properties systemProps = System.getProperties();
239: Enumeration propEnum = props.propertyNames();
240: while (propEnum.hasMoreElements()) {
241: String prop = (String) propEnum.nextElement();
242: if (!systemProps.containsKey(prop))
243: systemProps.put(prop, props.getProperty(prop));
244: }
245: System.setProperties(systemProps);
246: }
247:
248: }
|