001: /*
002: * Copyright 2004-2007 the original author or authors.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: *
016: */
017:
018: package org.jpublish;
019:
020: import org.apache.commons.logging.Log;
021: import org.apache.velocity.VelocityContext;
022: import org.apache.velocity.context.Context;
023: import org.jpublish.util.CharacterEncodingMap;
024: import org.jpublish.util.DateUtilities;
025: import org.jpublish.util.NumberUtilities;
026: import org.jpublish.util.URLUtilities;
027:
028: import javax.servlet.ServletContext;
029: import javax.servlet.http.HttpServletRequest;
030: import javax.servlet.http.HttpServletResponse;
031: import javax.servlet.http.HttpSession;
032:
033: /**
034: * The JPublishContext overrides the Velocity context to add name
035: * checking as a security measure so that code cannot replace
036: * standard variables.
037: *
038: * @author Anthony Eden
039: * @author <a href="mailto:florin.patrascu@gmail.com">Florin T.PATRASCU</a>
040: */
041:
042: public class JPublishContext extends VelocityContext {
043: public static final String JPUBLISH_STOP_PROCESSING = "stop-processing";
044:
045: /**
046: * names used to store objects in the JPublish context
047: */
048: public static final String JPUBLISH_REQUEST = "request";
049: public static final String JPUBLISH_RESPONSE = "response";
050: public static final String JPUBLISH_SESSION = "session";
051: public static final String JPUBLISH_APPLICATION = "application";
052: public static final String JPUBLISH_CHARACTER_ENCODING_MAP = "characterEncodingMap";
053: public static final String JPUBLISH_URL_UTILITIES = "urlUtilities";
054: public static final String JPUBLISH_DATE_UTILITIES = "dateUtilities";
055: public static final String JPUBLISH_NUMBER_UTILITIES = "numberUtilities";
056: public static final String JPUBLISH_SYSLOG = "syslog";
057: public static final String JPUBLISH_SITE = "site";
058: public static final String JPUBLISH_PAGE = "page";
059:
060: /**
061: * List of reserved names.
062: */
063: private static final String[] reservedNames = { "request",
064: "response", "session", "application", "page", "site",
065: "components" };
066:
067: private Object owner;
068: private boolean checkReservedNames = false;
069:
070: /**
071: * Construct a new JPublishContext. The owner object is used
072: * to enable and disable modification of protected keys.
073: *
074: * @param owner The context "owner" object
075: */
076:
077: public JPublishContext(Object owner) {
078: this .owner = owner;
079: }
080:
081: /**
082: * Construct a new JPublishContext. The owner object is used
083: * to enable and disable modification of protected keys.
084: *
085: * @param inner The inner context
086: * @param owner The context "owner" object
087: */
088:
089: public JPublishContext(Context inner, Object owner) {
090: super (inner);
091: this .owner = owner;
092: }
093:
094: /**
095: * Get the value for the specified key. If the value is not
096: * in the context then this method returns null.
097: *
098: * @param key The key
099: * @return The value or null
100: */
101:
102: public Object get(String key) {
103: return super .get(key);
104: }
105:
106: /**
107: * Get the stop-processing lag. This method will return null unless request processing should be stopped.
108: *
109: * @return The stop processing flag or null
110: */
111: public String getStopProcessing() {
112: return (String) get(JPUBLISH_STOP_PROCESSING);
113: }
114:
115: /**
116: * Get the SiteContext.
117: *
118: * @return The SiteContext or null if not available
119: */
120: public SiteContext getSiteContext() {
121: return (SiteContext) get(JPUBLISH_SITE);
122: }
123:
124: /**
125: * Set the stop-processing flag. Any non-null String value will be considered "true" indicating that processing
126: * should stop.
127: *
128: * @param stopProcessing The stop processing flag
129: */
130: public void setStopProcessing(String stopProcessing) {
131: put(JPUBLISH_STOP_PROCESSING, stopProcessing);
132: }
133:
134: public void setStopProcessing() {
135: put(JPUBLISH_STOP_PROCESSING, JPUBLISH_STOP_PROCESSING);
136: }
137:
138: /**
139: * Put the given value into the context. If the key cannot be
140: * inserted into the context because it conflicts with a reserved
141: * name then a ReservedNameException will be thrown.
142: *
143: * @param key The key
144: * @param value The value
145: * @return The previous value or null if there was no previous
146: * value
147: */
148:
149: public Object put(String key, Object value) {
150: if (checkReservedNames && (isReservedName(key))) {
151: throw new ReservedNameException(key);
152: }
153:
154: return super .put(key, value);
155: }
156:
157: /**
158: * Remove the given value from the context. If the key cannot be
159: * removed from the context because it is a reserved name then a
160: * ReservedNameException will be thrown.
161: *
162: * @param key The key
163: * @return The removed value or null if there was no removed
164: * value
165: */
166:
167: public Object remove(String key) {
168: if (checkReservedNames && isReservedName(key)) {
169: throw new ReservedNameException(key);
170: }
171:
172: return super .remove(key);
173: }
174:
175: /**
176: * Enable the reserved name check so that external code cannot
177: * overwrite JPublish defined variables.
178: *
179: * @param owner The owner of the context. Only the owner can
180: * enable or disable the check.
181: */
182:
183: public final void enableCheckReservedNames(Object owner) {
184: if (owner.equals(this .owner)) {
185: checkReservedNames = true;
186: }
187: }
188:
189: /**
190: * Disable the reserved name check so that external code can
191: * overwrite JPublish defined variables.
192: *
193: * @param owner The owner of the context. Only the owner can
194: * enable or disable the check.
195: */
196:
197: public final void disableCheckReservedNames(Object owner) {
198: if (owner.equals(this .owner)) {
199: checkReservedNames = false;
200: }
201: }
202:
203: /* Convenience methods for getting objects stored in the
204: JPublish context
205: */
206:
207: /**
208: * Get the current HTTP-request object
209: *
210: * @return The HTTP servlet request or null if not available
211: */
212:
213: public HttpServletRequest getRequest() {
214: return (HttpServletRequest) get(JPUBLISH_REQUEST);
215: }
216:
217: /**
218: * Get the current HTTP-response object
219: *
220: * @return The HTTP servlet response or null if not available
221: */
222:
223: public HttpServletResponse getResponse() {
224: return (HttpServletResponse) get(JPUBLISH_RESPONSE);
225: }
226:
227: /**
228: * Get the current HTTP session object
229: *
230: * @return The HTTP session or null if not available
231: */
232:
233: public HttpSession getSession() {
234: return (HttpSession) get(JPUBLISH_SESSION);
235: }
236:
237: /**
238: * Get the current servlet context
239: *
240: * @return The servlet context or null if not available
241: */
242:
243: public ServletContext getApplication() {
244: return (ServletContext) get(JPUBLISH_APPLICATION);
245: }
246:
247: /**
248: * Get the JPublish character encoding map
249: *
250: * @return The character encoding map or null if not available
251: */
252:
253: public CharacterEncodingMap getCharacterEncodingMap() {
254: return (CharacterEncodingMap) get(JPUBLISH_CHARACTER_ENCODING_MAP);
255: }
256:
257: /**
258: * Get the JPublish URL utilities
259: *
260: * @return The URL utilities or null if not available
261: */
262:
263: public URLUtilities getUrlUtilities() {
264: return (URLUtilities) get(JPUBLISH_URL_UTILITIES);
265: }
266:
267: /**
268: * Get the JPublish date utilities
269: *
270: * @return The date utilities or null if not available
271: */
272:
273: public DateUtilities getDateUtilities() {
274: return (DateUtilities) get(JPUBLISH_DATE_UTILITIES);
275: }
276:
277: /**
278: * Get the JPublish number utilities
279: *
280: * @return The number utilities or null if not available
281: */
282:
283: public NumberUtilities getNumberUtilities() {
284: return (NumberUtilities) get(JPUBLISH_NUMBER_UTILITIES);
285: }
286:
287: /**
288: * Get the JPublish syslog.
289: *
290: * @return The syslog or null if not available
291: */
292:
293: public Log getSyslog() {
294: return (Log) get(JPUBLISH_SYSLOG);
295: }
296:
297: /**
298: * Get the current JPublish page.
299: *
300: * @return The current page or null if not available
301: */
302:
303: public Page getPage() {
304: return (Page) get(JPUBLISH_PAGE);
305: }
306:
307: /**
308: * Return true if the given variable is a reserved name
309: * used by the JPublish engine. If checkReservedNames is
310: * true then this method must be called before inserting
311: * a value into the context.
312: *
313: * @param name The name to check
314: * @return True if the name is a reserved name
315: */
316:
317: private static boolean isReservedName(String name) {
318: for (int i = 0; i < reservedNames.length; i++) {
319: if (name.equals(reservedNames[i])) {
320: return true;
321: }
322: }
323: return false;
324: }
325:
326: }
|