001: /*
002: * Enhydra Java Application Server Project
003: *
004: * The contents of this file are subject to the Enhydra Public License
005: * Version 1.1 (the "License"); you may not use this file except in
006: * compliance with the License. You may obtain a copy of the License on
007: * the Enhydra web site ( http://www.enhydra.org/ ).
008: *
009: * Software distributed under the License is distributed on an "AS IS"
010: * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
011: * the License for the specific terms governing rights and limitations
012: * under the License.
013: *
014: * The Initial Developer of the Enhydra Application Server is Lutris
015: * Technologies, Inc. The Enhydra Application Server and portions created
016: * by Lutris Technologies, Inc. are Copyright Lutris Technologies, Inc.
017: * All Rights Reserved.
018: *
019: * Contributor(s):
020: *
021: * $Id: CGIServlet.java,v 1.2 2006-06-15 14:07:00 sinisa Exp $
022: */
023:
024: package org.enhydra.servlet.servlets;
025:
026: import java.io.File;
027: import java.io.IOException;
028:
029: import javax.servlet.ServletContext;
030: import javax.servlet.ServletException;
031: import javax.servlet.http.HttpServlet;
032: import javax.servlet.http.HttpServletRequest;
033: import javax.servlet.http.HttpServletResponse;
034:
035: /**
036: * This Servlet is for the purpose of executing a CGI program that resides on
037: * the system. In order to use this servlet in the server please
038: * remember to specify the fully qualified classname
039: * org.enhydra.servlet.servlets.CGIServlet in the Classname field and specify
040: * the directory of the CGI to run in the DocRoot field.
041: *
042: * @version $Revision: 1.2 $
043: * @author Kent Henneuse
044: * @author Paul Morgan
045: */
046: public class CGIServlet extends HttpServlet {
047:
048: /**
049: * Overide the service method of HttpServelet. This method executes a CGI
050: * program that is specified on the URL line of a browser.
051: *
052: * @param request the request that is sent by a browser
053: * @param response the response that is sent back to the browser after
054: * processing the CGI
055: */
056: public void service(HttpServletRequest request,
057: HttpServletResponse response) throws ServletException,
058: IOException {
059:
060: // Get the full path of the CGI program to execute, the simple
061: // script name and the path info...
062: String strBuffer, progName, scriptPath, scriptName, pathInfo;
063: int pathLength, sp, sp2;
064: String servletPath = request.getServletPath();
065:
066: if (servletPath.equals("")) {
067: // handles url mappings to directories
068: progName = request.getPathTranslated();
069: pathLength = servletPath.length();
070: strBuffer = request.getRequestURI().substring(pathLength);
071: sp = progName.indexOf(strBuffer);
072: int nextSlash = 0;
073: while (sp == -1 && nextSlash != -1) {
074:
075: nextSlash = strBuffer.indexOf(File.separator, 1);
076: if (nextSlash != -1) {
077: strBuffer = strBuffer.substring(nextSlash);
078: sp = progName.indexOf(strBuffer);
079: }
080: }
081:
082: scriptPath = progName;
083: sp2 = 0;
084: while (sp2 < progName.length()) {
085: sp2 = progName.indexOf(File.separator, sp);
086: scriptPath = progName.substring(0, sp2 == -1 ? progName
087: .length() : sp2);
088: if (!scriptPath.equals("")) {
089: File file = new File(scriptPath);
090: if (!file.isDirectory()) {
091: break;
092: }
093: }
094: sp = sp2 + 1;
095: }
096:
097: pathInfo = progName.substring(scriptPath.length());
098: scriptName = scriptPath.substring(scriptPath
099: .lastIndexOf(File.separator) + 1);
100: } else {
101: // handles url mappings to suffixes
102: ServletContext context = getServletContext();
103: String realPath = context.getRealPath("");
104: if (!realPath.endsWith(File.separator)) {
105: realPath = realPath + File.separator;
106: }
107: if (servletPath.startsWith(File.separator)) {
108: servletPath = servletPath.substring(1);
109: }
110: scriptPath = realPath + servletPath;
111: scriptName = scriptPath.substring(scriptPath
112: .lastIndexOf(File.separator) + 1);
113: pathInfo = request.getPathInfo();
114: }
115:
116: // Check that the script pathname is valid i.e. no ".."
117: if (!isAuthorized(scriptPath)) {
118: response.sendError(response.SC_NOT_FOUND);
119: return;
120: }
121:
122: CgiProcessor cgi = new CgiProcessor();
123: try {
124: cgi.processCgiRequest(request, response, scriptPath,
125: pathInfo, scriptName);
126: } catch (IOException e) {
127: cgi.cgiError(response);
128: System.err.println("ERROR: CGI: " + e);
129: }
130: }
131:
132: /**
133: * Test if a path is authorized. Currently the only limitations
134: * are that the pathname must not contain "..".
135: *
136: * @param path requested path
137: * @return true if the path is authorized
138: */
139: private boolean isAuthorized(String path) {
140: if ((path != null) && (path.indexOf("..") != -1))
141: return false;
142: return true;
143: }
144:
145: }
|