Author: ssmiweve
Date: 2007-06-17 16:54:05 +0200 (Sun, 17 Jun 2007)
New Revision: 5344
Added:
trunk/war/src/webapp/WEB-INF/jsp/403.jsp
Modified:
trunk/site-spi/src/main/java/no/schibstedsok/searchportal/site/config/SiteConfiguration.java
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/DataModelFilter.java
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/SiteLocatorFilter.java
trunk/war/src/webapp/WEB-INF/web.xml
Log:
SEARCH-2563 - Implement skin-based ACLs for denying certain IP-addresses to
access certain skins
Modified:
trunk/site-spi/src/main/java/no/schibstedsok/searchportal/site/config/SiteConfiguration.java
===================================================================
---
trunk/site-spi/src/main/java/no/schibstedsok/searchportal/site/config/SiteConfiguration.java
2007-06-17 12:39:28 UTC (rev 5343)
+++
trunk/site-spi/src/main/java/no/schibstedsok/searchportal/site/config/SiteConfiguration.java
2007-06-17 14:54:05 UTC (rev 5344)
@@ -24,15 +24,15 @@
public static final String NAME_KEY = "SiteConfiguration";
/**
- * TODO comment me. *
+ *
*/
public static final String SITE_LOCALE_DEFAULT = "site.locale.default";
/**
- * TODO comment me. *
+ *
*/
public static final String PUBLISH_SYSTEM_URL =
"publishing.system.baseURL";
/**
- * TODO comment me. *
+ *
*/
public static final String PUBLISH_SYSTEM_HOST =
"publishing.system.host-header";
private static final String SITE_LOCALE_SUPPORTED =
"site.locale.supported";
@@ -44,6 +44,9 @@
public static final String DEFAULTTAB_KEY = "site.defaultTab";
+ public static final String ALLOW_LIST = "site.allow";
+ public static final String DISALLOW_LIST = "site.disallow";
+
public interface Context extends BaseContext, PropertiesContext,
SiteContext {
}
@@ -72,7 +75,7 @@
}
/**
- * TODO comment me. *
+ *
*/
public Properties getProperties() {
@@ -80,7 +83,7 @@
}
/**
- * TODO comment me. *
+ *
*/
public String getProperty(final String key) {
@@ -138,7 +141,7 @@
}
/**
- * TODO comment me. *
+ *
*/
public boolean remove(final Site site) {
Property changes on:
trunk/site-spi/src/main/java/no/schibstedsok/searchportal/site/config/SiteConfiguration.java
___________________________________________________________________
Name: svn:keywords
+ Id
Modified:
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/DataModelFilter.java
===================================================================
---
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/DataModelFilter.java
2007-06-17 12:39:28 UTC (rev 5343)
+++
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/DataModelFilter.java
2007-06-17 14:54:05 UTC (rev 5344)
@@ -116,8 +116,11 @@
final ParametersDataObject parametersDO =
updateDataModelForRequest(factory, httpRequest);
datamodel.setParameters(parametersDO);
- datamodel.setSite(getSiteDO(request, factory));
+ if(null == datamodel.getSite() ||
!datamodel.getSite().getSite().equals(site)){
+ datamodel.setSite(getSiteDO(request, factory));
+ }
+
// DataModel's ControlLevel will be REQUEST_CONSTRUCTION (from
getDataModel(..))
// Increment it onwards to VIEW_CONSTRUCTION.
// SearchServlet will assign it back to REQUEST_CONSTRUCTION
if neccessary.
@@ -210,6 +213,7 @@
}
private static SiteDataObject getSiteDO(final ServletRequest request,
final DataModelFactory factory) {
+
final Site site = (Site) request.getAttribute(Site.NAME_KEY);
final SiteConfiguration siteConf = (SiteConfiguration)
request.getAttribute(SiteConfiguration.NAME_KEY);
Modified:
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/SiteLocatorFilter.java
===================================================================
---
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/SiteLocatorFilter.java
2007-06-17 12:39:28 UTC (rev 5343)
+++
trunk/war/src/main/java/no/schibstedsok/searchportal/http/filters/SiteLocatorFilter.java
2007-06-17 14:54:05 UTC (rev 5344)
@@ -96,10 +96,6 @@
// Attributes ----------------------------------------------------
- // Attributes ----------------------------------------------------
-
- // Attributes ----------------------------------------------------
-
// The filter configuration object we are associated with. If
// this value is null, this filter instance is not currently
// configured.
@@ -108,11 +104,7 @@
// Static --------------------------------------------------------
- // Static --------------------------------------------------------
- // Static --------------------------------------------------------
-
-
// Constructors --------------------------------------------------
/** Default constructor. **/
@@ -121,10 +113,6 @@
// Public --------------------------------------------------------
- // Public --------------------------------------------------------
-
- // Public --------------------------------------------------------
-
/** Will redirect to correct (search-config) url for resources
(css,images, javascript).
*
* @param request The servlet request we are processing
@@ -158,61 +146,68 @@
final HttpServletRequest req = (HttpServletRequest)request;
final HttpServletResponse res = (HttpServletResponse) response;
+ final Site site = (Site) req.getAttribute(Site.NAME_KEY);
final String uri = req.getRequestURI();
final String resource = uri;
final String rscDir = resource != null &&
resource.indexOf('/',1) >= 0
? resource.substring(0, resource.indexOf('/',1)+1)
: null;
+
+ if(isAccessAllowed(req)){
- if (rscDir != null && EXTERNAL_DIRS.contains(rscDir)) {
+ if (rscDir != null && EXTERNAL_DIRS.contains(rscDir)) {
- // This URL does not belong to search-front-html
- final Site site = (Site) req.getAttribute(Site.NAME_KEY);
- final String url;
+ // This URL does not belong to search-front-html
+ final String url;
- if (resource.startsWith(PUBLISH_DIR)) { // publishing
system
- // the publishing system is responsible for this.
- final Properties props =
SiteConfiguration.valueOf(site).getProperties();
- url =
props.getProperty(SiteConfiguration.PUBLISH_SYSTEM_URL)
-
.replaceFirst("localhost",props.getProperty(SiteConfiguration.PUBLISH_SYSTEM_HOST))
- + '/' + resource;
+ if (resource.startsWith(PUBLISH_DIR)) { // publishing
system
+ // the publishing system is responsible for this.
+ final Properties props =
SiteConfiguration.valueOf(site).getProperties();
+ url =
props.getProperty(SiteConfiguration.PUBLISH_SYSTEM_URL)
+
.replaceFirst("localhost",props.getProperty(SiteConfiguration.PUBLISH_SYSTEM_HOST))
+ + '/' + resource;
- } else {
- // strip the version number out of the resource
- final String noVersionRsc =
resource.replaceFirst("/(\\d)+/","/");
+ } else {
+ // strip the version number out of the resource
+ final String noVersionRsc =
resource.replaceFirst("/(\\d)+/","/");
- // Find resource in current site or any of its
- // ancestors
- url = recursivelyFindResource(noVersionRsc, site);
+ // Find resource in current site or any of its
+ // ancestors
+ url = recursivelyFindResource(noVersionRsc, site);
- if (url == null) {
- res.sendError(HttpServletResponse.SC_NOT_FOUND);
-
- if(resource.endsWith(".css")){
- LOG.info(ERR_NOT_FOUND + resource);
- }else{
- LOG.error(ERR_NOT_FOUND + resource);
+ if (url == null) {
+
res.sendError(HttpServletResponse.SC_NOT_FOUND);
+
+ if(resource.endsWith(".css")){
+ LOG.info(ERR_NOT_FOUND + resource);
+ }else{
+ LOG.error(ERR_NOT_FOUND + resource);
+ }
}
}
- }
- if (url != null) {
- // Cache the client-resource redirects on a short
(session-equivilant) period
- res.setHeader("Cache-Control", "Public");
- res.setDateHeader("Expires",
System.currentTimeMillis() + 1000*60*10); // ten minutes
- // send the redirect to where the resource really
resides
- res.sendRedirect(url);
- LOG.trace(resource + DEBUG_REDIRECTING_TO + url);
+ if (url != null) {
+ // Cache the client-resource redirects on a short
(session-equivilant) period
+ res.setHeader("Cache-Control", "Public");
+ res.setDateHeader("Expires",
System.currentTimeMillis() + 1000*60*10); // ten minutes
+ // send the redirect to where the resource really
resides
+ res.sendRedirect(url);
+ LOG.trace(resource + DEBUG_REDIRECTING_TO + url);
+ }
+
+ } else {
+ doChainFilter(chain, request, response);
}
-
- } else {
- doChainFilter(chain, request, response);
+
+ }else{
+ // Forbidden client
+ res.sendError(HttpServletResponse.SC_FORBIDDEN);
}
+
} else {
doChainFilter(chain, request, response);
}
-
doAfterProcessing(request, response);
} catch (Exception e) {
@@ -349,10 +344,6 @@
// Package protected ---------------------------------------------
- // Package protected ---------------------------------------------
-
- // Package protected ---------------------------------------------
-
// Protected -----------------------------------------------------
// Private -------------------------------------------------------
@@ -416,6 +407,7 @@
if (null != dataModel && !dataModel.getSite().getSite().equals(site)) {
LOG.warn(WARN_FAULTY_BROWSER +
dataModel.getBrowser().getUserAgent().getString());
+ // DataModelFilter will correct it
}
request.setAttribute(Site.NAME_KEY, site);
@@ -555,6 +547,30 @@
: servletRequest.getServerName() + ":" +
servletRequest.getServerPort();
}
+ private static boolean isAccessAllowed(final HttpServletRequest request){
+
+ final SiteConfiguration siteConf = (SiteConfiguration)
request.getAttribute(SiteConfiguration.NAME_KEY);
+ final String allowedList =
siteConf.getProperty(SiteConfiguration.ALLOWED_LIST);
+ final String disallowedList =
siteConf.getProperty(SiteConfiguration.DISALLOW_LIST);
+ final String ipaddress = request.getRemoteAddr();
+
+ boolean allowed = false;
+ boolean disallowed = false;
+ if(null != allowedList && 0 < allowedList.length()){
+ for(String allow : allowedList.split(",")){
+ allowed |= ipaddress.startsWith(allow);
+ }
+ }else{
+ allowed = true;
+ }
+ if(null != disallowedList && 0 < disallowedList.length()){
+ for(String disallow : disallowedList.split(",")){
+ disallowed |= ipaddress.startsWith(disallow);
+ }
+ }
+ return allowed && !disallowed;
+ }
+
private static class AccessLogResponse extends HttpServletResponseWrapper{
private int status = HttpServletResponse.SC_OK;
Added: trunk/war/src/webapp/WEB-INF/jsp/403.jsp
===================================================================
--- trunk/war/src/webapp/WEB-INF/jsp/403.jsp (rev 0)
+++ trunk/war/src/webapp/WEB-INF/jsp/403.jsp 2007-06-17 14:54:05 UTC (rev
5344)
@@ -0,0 +1,3 @@
+<%@ page language="java" pageEncoding="UTF-8"
contentType="text/html;charset=utf-8" %>
+<%@ taglib uri="/WEB-INF/SearchPortal.tld" prefix="search" %>
+<search:velocity template="/pages/403"/>
\ No newline at end of file
Modified: trunk/war/src/webapp/WEB-INF/web.xml
===================================================================
--- trunk/war/src/webapp/WEB-INF/web.xml 2007-06-17 12:39:28 UTC (rev
5343)
+++ trunk/war/src/webapp/WEB-INF/web.xml 2007-06-17 14:54:05 UTC (rev
5344)
@@ -206,6 +206,10 @@
</session-config>
<error-page>
+ <error-code>403</error-code>
+ <location>/WEB-INF/jsp/403.jsp</location>
+ </error-page>
+ <error-page>
<error-code>404</error-code>
<location>/WEB-INF/jsp/404.jsp</location>
</error-page>
_______________________________________________
Kernel-commits mailing list
[email protected]
http://sesat.no/mailman/listinfo/kernel-commits
