Dear Wiki user, You have subscribed to a wiki page or wiki category on "Struts Wiki" for change notification.
The following page has been changed by MichaelJouravlev: http://wiki.apache.org/struts/SecureStrutsLinkTool The comment on the change is: Orphaned; just a big chunk of code. ------------------------------------------------------------------------------ - July 29, 2003 + deleted - SecureStrutsLinkTool is a substitute for StrutsLinkTool intended for those who use the SSL Extensions with Struts 1.1. Simply switch class names in toolbox.xml and you're set. - - [http://sslext.sourceforge.net More info on Struts SSL Extensions] - - Any comments are welcome on the Velocity Developer's List <velocity-dev@jakarta.apache.org>. - - Marinó A. Jónsson - - ---- - {{{ - { { { - - package org.apache.velocity.tools.struts; - - import javax.servlet.*; - import javax.servlet.http.*; - - import org.apache.velocity.app.Velocity; - import org.apache.velocity.tools.view.tools.LinkTool; - import org.apache.velocity.tools.struts.StrutsUtils; - - import org.apache.struts.config.ForwardConfig; - import org.apache.struts.config.ModuleConfig; - import org.apache.struts.action.SecurePlugIn; - import org.apache.struts.config.SecureActionConfig; - import org.apache.struts.Globals; - - /** - {{{ * <p>Title: SecureStrutsLinkTool</p> - * <p>Description: Tool to be able to use Struts SSL Extensions with Velocity</p> - * <p>It has the same interface as StrutsLinkTool and can function as a substitute if Struts 1.1 and SSL Ext are installed. </p> - * @author Marinó A. Jónsson - * @version 1.0 - */ }}} - public class SecureStrutsLinkTool - {{{ extends LinkTool { - - private static final String HTTP = "http"; - private static final String HTTPS = "https"; - private static final String STD_HTTP_PORT = "80"; - private static final String STD_HTTPS_PORT = "443"; - - /** - * <p>Returns a copy of the link with the given action name - * converted into a server-relative URI reference. This method - * does not check if the specified action really is defined. - * This method will overwrite any previous URI reference settings - * but will copy the query string.</p> - * - * @param action an action path as defined in struts-config.xml - * - * @return a new instance of StrutsLinkTool - */ - public SecureStrutsLinkTool setAction(String action) { - String link = StrutsUtils.getActionMappingURL(application, request, action); - return (SecureStrutsLinkTool) copyWith(this.computeURL(request, application, link)); - } - - /** - * <p>Returns a copy of the link with the given global forward name - * converted into a server-relative URI reference. If the parameter - * does not map to an existing global forward name, <code>null</code> - * is returned. This method will overwrite any previous URI reference - * settings but will copy the query string.</p> - * - * @param forward a global forward name as defined in struts-config.xml - * - * @return a new instance of StrutsLinkTool - */ - public SecureStrutsLinkTool setForward(String forward) { - - ForwardConfig fc = StrutsUtils.getForwardConfig(forward, request, application); - - if (fc == null) { - Velocity.warn("In method setForward(" + forward + - "): Parameter does not map to a valid forward."); - return null; - } - - StringBuffer url = new StringBuffer(); - if (fc.getPath().startsWith("/")) { - url.append(request.getContextPath()); - url.append(StrutsUtils.getForwardURL(request, fc)); - } - else { - url.append(fc.getPath()); - } - - return (SecureStrutsLinkTool) copyWith(this.computeURL(request, application, url.toString())); - } - - public static String computeURL(HttpServletRequest request, ServletContext app, String link) { - - StringBuffer url = new StringBuffer(link); - - String contextPath = request.getContextPath(); - - if (SecurePlugIn.getAppSslExtEnable(app) && - url.toString().startsWith(contextPath)) { - - // Initialize the scheme and ports we are using - String usingScheme = request.getScheme(); - String usingPort = String.valueOf(request.getServerPort()); - - // Get the servlet context relative link URL - String linkString = url.toString().substring(contextPath.length()); - - // See if link references an action somewhere in our app - SecureActionConfig secureConfig = getActionConfig(request, app, linkString); - - // If link is an action, find the desired port and scheme - if (secureConfig != null && - !SecureActionConfig.ANY.equalsIgnoreCase(secureConfig.getSecure())) { - - String desiredScheme = Boolean.valueOf(secureConfig.getSecure()).booleanValue() ? - HTTPS : HTTP; - String desiredPort = Boolean.valueOf(secureConfig.getSecure()).booleanValue() ? - SecurePlugIn.getAppHttpsPort(app) : SecurePlugIn.getAppHttpPort(app); - - // If scheme and port we are using do not match the ones we want - if ( (!desiredScheme.equals(usingScheme) || !desiredPort.equals(usingPort))) { - url.insert(0, startNewUrlString(request, desiredScheme, desiredPort)); - - // This is a hack to help us overcome the problem that some - // older browsers do not share sessions between http & https - if (url.toString().indexOf(";jsessionid=") < 0) { - // Add the session identifier - url = new StringBuffer(StrutsUtils.toEncoded(url.toString(), - request.getSession().getId())); - } - } - } - } - return url.toString(); - } - - /** - * Finds the configuration definition for the specified action link - * @param pageContext the current page context. - * @param linkString The action we are searching for, specified as a link. (i.e. may include "..") - * @return The SecureActionConfig object entry for this action, or null if not found - */ - private static SecureActionConfig getActionConfig(HttpServletRequest request, ServletContext app, String linkString) { - - ModuleConfig moduleConfig = StrutsUtils.selectModule(linkString, app); - - // Strip off the subapp path, if any - linkString = linkString.substring(moduleConfig.getPrefix().length()); - - // Use our servlet mapping, if one is specified - String servletMapping = (String) app.getAttribute(Globals.SERVLET_KEY); - - int starIndex = servletMapping != null ? servletMapping.indexOf('*') : -1; - if (starIndex == -1) { - return null; - } // No servlet mapping or no usable pattern defined, short circuit - - String prefix = servletMapping.substring(0, starIndex); - String suffix = servletMapping.substring(starIndex + 1); - - // Strip off the jsessionid, if any - int jsession = linkString.indexOf(";jsessionid="); - if (jsession >= 0) { - linkString = linkString.substring(0, jsession); - } - - // Strip off the anchor, if any - int anchor = linkString.indexOf("#"); - if (anchor >= 0) { - linkString = linkString.substring(0, anchor); - } - - // Strip off the query string, if any - int question = linkString.indexOf("?"); - if (question >= 0) { - linkString = linkString.substring(0, question); - } - - // Unable to establish this link as an action, short circuit - if (! (linkString.startsWith(prefix) && linkString.endsWith(suffix))) { - return null; - } - - // Chop off prefix and suffix - linkString = linkString.substring(prefix.length()); - linkString = linkString.substring(0, linkString.length() - suffix.length()); - if (!linkString.startsWith("/")) { - linkString = "/" + linkString; - } - - SecureActionConfig secureConfig = (SecureActionConfig) moduleConfig.findActionConfig(linkString); - - return secureConfig; - } - - /** - * Builds the protocol, server name, and port portion of the new URL - * @param request The current request - * @param desiredScheme The scheme (http or https) to be used in the new URL - * @param desiredPort The port number to be used in th enew URL - * @return The new URL as a StringBuffer - */ - private static StringBuffer startNewUrlString(HttpServletRequest request, - String desiredScheme, - String desiredPort) { - StringBuffer url = new StringBuffer(); - String serverName = request.getServerName(); - url.append(desiredScheme).append("://").append(serverName); - - if ( (HTTP.equals(desiredScheme) && !STD_HTTP_PORT.equals(desiredPort)) || - (HTTPS.equals(desiredScheme) && !STD_HTTPS_PORT.equals(desiredPort))) { - url.append(":").append(desiredPort); - } - - return url; - } }}} - } - - {{{ } } } - }}} - --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
