001: /*
002: * Copyright 2004 The Apache Software Foundation.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016: package javax.faces.webapp;
017:
018: import java.io.IOException;
019:
020: import javax.faces.FactoryFinder;
021: import javax.faces.context.FacesContext;
022: import javax.faces.context.FacesContextFactory;
023: import javax.faces.lifecycle.Lifecycle;
024: import javax.faces.lifecycle.LifecycleFactory;
025: import javax.servlet.Servlet;
026: import javax.servlet.ServletConfig;
027: import javax.servlet.ServletException;
028: import javax.servlet.ServletRequest;
029: import javax.servlet.ServletResponse;
030: import javax.servlet.http.HttpServletRequest;
031: import javax.servlet.http.HttpServletResponse;
032:
033: import org.apache.commons.logging.Log;
034: import org.apache.commons.logging.LogFactory;
035:
036: /**
037: * see Javadoc of <a href="http://java.sun.com/javaee/javaserverfaces/1.2/docs/api/index.html">JSF Specification</a>
038: *
039: * @author Manfred Geiler (latest modification by $Author: mbr $)
040: * @version $Revision: 512227 $ $Date: 2007-02-27 13:25:16 +0100 (Di, 27 Feb 2007) $
041: */
042: public final class FacesServlet implements Servlet {
043: private static final Log log = LogFactory
044: .getLog(FacesServlet.class);
045: public static final String CONFIG_FILES_ATTR = "javax.faces.CONFIG_FILES";
046: public static final String LIFECYCLE_ID_ATTR = "javax.faces.LIFECYCLE_ID";
047:
048: private static final String SERVLET_INFO = "FacesServlet of the MyFaces API implementation";
049: private ServletConfig _servletConfig;
050: private FacesContextFactory _facesContextFactory;
051: private Lifecycle _lifecycle;
052:
053: public FacesServlet() {
054: super ();
055: }
056:
057: public void destroy() {
058: _servletConfig = null;
059: _facesContextFactory = null;
060: _lifecycle = null;
061: if (log.isTraceEnabled())
062: log.trace("destroy");
063: }
064:
065: public ServletConfig getServletConfig() {
066: return _servletConfig;
067: }
068:
069: public String getServletInfo() {
070: return SERVLET_INFO;
071: }
072:
073: private String getLifecycleId() {
074: String lifecycleId = _servletConfig.getServletContext()
075: .getInitParameter(LIFECYCLE_ID_ATTR);
076: return lifecycleId != null ? lifecycleId
077: : LifecycleFactory.DEFAULT_LIFECYCLE;
078: }
079:
080: public void init(ServletConfig servletConfig)
081: throws ServletException {
082: if (log.isTraceEnabled())
083: log.trace("init begin");
084: _servletConfig = servletConfig;
085: _facesContextFactory = (FacesContextFactory) FactoryFinder
086: .getFactory(FactoryFinder.FACES_CONTEXT_FACTORY);
087: //TODO: null-check for Weblogic, that tries to initialize Servlet before ContextListener
088:
089: //Javadoc says: Lifecycle instance is shared across multiple simultaneous requests, it must be implemented in a thread-safe manner.
090: //So we can acquire it here once:
091: LifecycleFactory lifecycleFactory = (LifecycleFactory) FactoryFinder
092: .getFactory(FactoryFinder.LIFECYCLE_FACTORY);
093: _lifecycle = lifecycleFactory.getLifecycle(getLifecycleId());
094: if (log.isTraceEnabled())
095: log.trace("init end");
096: }
097:
098: public void service(ServletRequest request, ServletResponse response)
099: throws IOException, ServletException {
100:
101: HttpServletRequest httpRequest = ((HttpServletRequest) request);
102: String pathInfo = httpRequest.getPathInfo();
103:
104: // if it is a prefix mapping ...
105: if (pathInfo != null
106: && (pathInfo.startsWith("/WEB-INF") || pathInfo
107: .startsWith("/META-INF"))) {
108: StringBuffer buffer = new StringBuffer();
109:
110: buffer
111: .append(" Someone is trying to access a secure resource : "
112: + pathInfo);
113: buffer.append("\n remote address is "
114: + httpRequest.getRemoteAddr());
115: buffer.append("\n remote host is "
116: + httpRequest.getRemoteHost());
117: buffer.append("\n remote user is "
118: + httpRequest.getRemoteUser());
119: buffer.append("\n request URI is "
120: + httpRequest.getRequestURI());
121:
122: log.warn(buffer.toString());
123:
124: // Why does RI return a 404 and not a 403, SC_FORBIDDEN ?
125:
126: ((HttpServletResponse) response)
127: .sendError(HttpServletResponse.SC_NOT_FOUND);
128: return;
129: }
130:
131: if (log.isTraceEnabled())
132: log.trace("service begin");
133: FacesContext facesContext = _facesContextFactory
134: .getFacesContext(_servletConfig.getServletContext(),
135: request, response, _lifecycle);
136: try {
137: _lifecycle.execute(facesContext);
138: _lifecycle.render(facesContext);
139: } catch (Throwable e) {
140: if (e instanceof IOException) {
141: throw (IOException) e;
142: } else if (e instanceof ServletException) {
143: throw (ServletException) e;
144: } else if (e.getMessage() != null) {
145: throw new ServletException(e.getMessage(), e);
146: } else {
147: throw new ServletException(e);
148: }
149: } finally {
150: facesContext.release();
151: }
152: if (log.isTraceEnabled())
153: log.trace("service end");
154: }
155: }
|