001: package com.salmonllc.servlets;
002:
003: import com.salmonllc.jsp.JspServlet;
004: import com.salmonllc.properties.Props;
005: import com.salmonllc.remote.RemoteProxy;
006: import com.salmonllc.remote.server.HttpRemoteReflectionSecurityManager;
007: import com.salmonllc.remote.server.RemoteReflectionSecurityPolicy;
008: import com.salmonllc.remote.server.RemoteReflectionSecurityManager;
009: import com.salmonllc.util.ApplicationContext;
010: import com.salmonllc.util.MessageLog;
011:
012: import javax.servlet.ServletConfig;
013: import javax.servlet.ServletException;
014: import javax.servlet.http.HttpServlet;
015: import javax.servlet.http.HttpServletRequest;
016: import javax.servlet.http.HttpServletResponse;
017: import javax.servlet.http.HttpSession;
018: import java.io.*;
019: import java.lang.reflect.Method;
020: import java.lang.reflect.InvocationTargetException;
021: import java.lang.reflect.Constructor;
022:
023: /**
024: * Created by IntelliJ IDEA.
025: * User: Fred Cahill
026: * Date: Sep 14, 2004
027: * Time: 9:57:36 AM
028: * To change this template use Options | File Templates.
029: */
030: /**
031: * This class represents the servlet which gets called from the RemoteProxy instance.
032: */
033: public class RemoteReflector extends HttpServlet {
034:
035: private final static String REMOTEREFLECTIONPOLICY = "$REMOTEREFLECTIONPOLICY$";
036: public static RemoteReflectionSecurityPolicy _rrsp = new RemoteReflectionSecurityManager();
037:
038: /**
039: * Initializes the servlet
040: */
041: public void init(ServletConfig s) throws ServletException {
042: super .init(s);
043: }
044:
045: /**
046: * This method was created in VisualAge.
047: * @param res javax.servlet.http.HttpServletResponse
048: */
049: private void setStatus(HttpServletResponse res, int stat) {
050: res.setIntHeader("RemoteReflectorResponse", stat);
051: }
052:
053: private Object getSessionObject(HttpSession sess, String sessionkey)
054: throws Exception {
055: if (sessionkey == null)
056: return null;
057:
058: return sess.getAttribute(sessionkey);
059:
060: }
061:
062: private Object setSessionObject(HttpSession sess,
063: String sessionkey, Object obj) throws Exception {
064: if (sessionkey == null)
065: return null;
066:
067: sess.setAttribute(sessionkey, obj);
068: return obj;
069: }
070:
071: /**
072: * This method handles events from the applet.
073: */
074: public void service(HttpServletRequest req, HttpServletResponse res)
075: throws ServletException, IOException {
076: JspServlet.setUpApplicationContext(getServletContext(), req);
077: Props p = Props.getProps(ApplicationContext.getContext()
078: .getAppID(), null);
079: OutputStream out = null;
080: ObjectInputStream in = null;
081: boolean bInstantiate = false;
082:
083: try {
084: in = new ObjectInputStream(req.getInputStream());
085: out = res.getOutputStream();
086:
087: bInstantiate = ((Boolean) in.readObject()).booleanValue();
088: String sSessionKey = (String) in.readObject();
089: String sMethod = (String) in.readObject();
090: Class[] caParms = (Class[]) in.readObject();
091: Object[] oaParms = (Object[]) in.readObject();
092:
093: if (sSessionKey == null) {
094: setStatus(res, RemoteProxy.REMOTE_STATUS_BAD_REQUEST);
095: return;
096: }
097: MessageLog.writeInfoMessage("Method:" + sMethod
098: + " Session Key:" + sSessionKey, this );
099:
100: HttpSession sess = req.getSession(false);
101: if (sess == null) {
102: sess = req.getSession(true);
103: }
104:
105: RemoteReflectionSecurityPolicy rrsp = (RemoteReflectionSecurityPolicy) sess
106: .getAttribute(REMOTEREFLECTIONPOLICY);
107: String managerClass = p
108: .getProperty(Props.SYS_REMOTEREFLECTOR_SECURITY_MANAGER);
109: if (managerClass != null && rrsp == null) {
110: Class c = Class.forName(managerClass);
111: rrsp = (RemoteReflectionSecurityManager) c
112: .newInstance();
113: sess.setAttribute(REMOTEREFLECTIONPOLICY, rrsp);
114: }
115: if (rrsp == null)
116: rrsp = _rrsp;
117: if (rrsp != null
118: && rrsp instanceof HttpRemoteReflectionSecurityManager) {
119: ((HttpRemoteReflectionSecurityManager) rrsp)
120: .setReq(req);
121: ((HttpRemoteReflectionSecurityManager) rrsp)
122: .setSess(sess);
123: }
124: if (bInstantiate) {
125: Class c = Class.forName(sMethod);
126: if (!rrsp.isInstantiationAllowed(c)) {
127: setStatus(res,
128: RemoteProxy.REMOTE_STATUS_ACCESS_DENIED);
129: return;
130: }
131: Constructor constructor = c.getConstructor(caParms);
132: if (constructor != null) {
133: Object oSessionObject = constructor
134: .newInstance(oaParms);
135: setSessionObject(sess, sSessionKey, oSessionObject);
136: if (oSessionObject instanceof Serializable) {
137: ObjectOutputStream o = new ObjectOutputStream(
138: out);
139: o.writeObject(oSessionObject);
140: o.close();
141: } else {
142: ObjectOutputStream o = new ObjectOutputStream(
143: out);
144: o.writeObject(sSessionKey);
145: o.close();
146: }
147: setStatus(res, RemoteProxy.REMOTE_STATUS_OK);
148: }
149:
150: else {
151: setStatus(
152: res,
153: RemoteProxy.REMOTE_STATUS_CONSTRUCTOR_NOT_FOUND);
154: }
155: } else {
156: Object oSessionObject = getSessionObject(sess,
157: sSessionKey);
158: if (oSessionObject != null) {
159: if (!rrsp.isMethodCallAllowed(oSessionObject,
160: sMethod)) {
161: setStatus(res,
162: RemoteProxy.REMOTE_STATUS_ACCESS_DENIED);
163: return;
164: }
165: Method m = oSessionObject.getClass().getMethod(
166: sMethod, caParms);
167: if (m != null) {
168: Object result = m.invoke(oSessionObject,
169: oaParms);
170: if (result != null) {
171: ObjectOutputStream o = new ObjectOutputStream(
172: out);
173: o.writeObject(result);
174: o.close();
175: }
176: setStatus(res, RemoteProxy.REMOTE_STATUS_OK);
177: } else {
178: setStatus(
179: res,
180: RemoteProxy.REMOTE_STATUS_METHOD_NOT_FOUND);
181: }
182: } else {
183: setStatus(res,
184: RemoteProxy.REMOTE_STATUS_OBJECT_NOT_FOUND);
185: }
186: }
187: in.close();
188: } catch (ClassNotFoundException cnfe) {
189: MessageLog.writeErrorMessage("doGet", cnfe, this );
190: ObjectOutputStream o = new ObjectOutputStream(out);
191: o.writeObject(cnfe);
192: o.close();
193: setStatus(res, RemoteProxy.REMOTE_STATUS_CLASS_NOT_FOUND);
194: } catch (NoSuchMethodException nsme) {
195: MessageLog.writeErrorMessage("doGet", nsme, this );
196: ObjectOutputStream o = new ObjectOutputStream(out);
197: o.writeObject(nsme);
198: o.close();
199: setStatus(res, RemoteProxy.REMOTE_STATUS_METHOD_NOT_FOUND);
200: } catch (IllegalAccessException iae) {
201: MessageLog.writeErrorMessage("doGet", iae, this );
202: ObjectOutputStream o = new ObjectOutputStream(out);
203: o.writeObject(iae);
204: o.close();
205: setStatus(res, RemoteProxy.REMOTE_STATUS_ACCESS_DENIED);
206: } catch (InvocationTargetException ite) {
207: MessageLog.writeErrorMessage("doGet", ite, this );
208: ObjectOutputStream o = new ObjectOutputStream(out);
209: o.writeObject(ite);
210: o.close();
211: setStatus(res, RemoteProxy.REMOTE_STATUS_ACCESS_DENIED);
212: } catch (Exception e) {
213: MessageLog.writeErrorMessage("doGet", e, this );
214: ObjectOutputStream o = new ObjectOutputStream(out);
215: o.writeObject(e);
216: o.close();
217: setStatus(res, RemoteProxy.REMOTE_STATUS_EXCEPTION_OCCURED);
218: }
219:
220: }
221:
222: /**
223: * Sets the Global Security Policy to use for this servlet.
224: * @param rrsp RemoteReflectionSecurityPolicy
225: */
226: public static void setSecurityPolicy(
227: RemoteReflectionSecurityPolicy rrsp) {
228: _rrsp = rrsp;
229: }
230:
231: /**
232: * Sets a session based Security Policy to use for this servlet for this session.
233: * @param sess HttpSession The session for which this security policy applies.
234: * @param rrsp RemoteReflectionSecurityPolicy
235: */
236: public static void setSecurityPolicy(HttpSession sess,
237: RemoteReflectionSecurityPolicy rrsp) {
238: sess.setAttribute(REMOTEREFLECTIONPOLICY, rrsp);
239: }
240:
241: /**
242: * Returns true if a security policy is set for this session
243: */
244: public static boolean isSecurityPolicySet(HttpSession sess) {
245: return (sess.getAttribute(REMOTEREFLECTIONPOLICY) != null);
246: }
247: }
|