Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
ViewProtectionUtils |
|
| 15.0;15 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.myfaces.shared.util; | |
20 | ||
21 | import java.util.Set; | |
22 | import javax.faces.context.FacesContext; | |
23 | ||
24 | /** | |
25 | * | |
26 | * @since 2.2 | |
27 | */ | |
28 | 0 | public class ViewProtectionUtils |
29 | { | |
30 | ||
31 | /** | |
32 | * NOTE: Taken from org.apache.catalina.deploy.SecurityConstraint | |
33 | * | |
34 | * Does the specified request path match the specified URL pattern? | |
35 | * This method follows the same rules (in the same order) as those used | |
36 | * for mapping requests to servlets. | |
37 | * | |
38 | * @param path Context-relative request path to be checked | |
39 | * (must start with '/') | |
40 | * @param pattern URL pattern to be compared against | |
41 | */ | |
42 | public static boolean matchPattern(String path, String pattern) | |
43 | { | |
44 | // Normalize the argument strings | |
45 | 0 | if ((path == null) || (path.length() == 0)) |
46 | { | |
47 | 0 | path = "/"; |
48 | } | |
49 | 0 | if ((pattern == null) || (pattern.length() == 0)) |
50 | { | |
51 | 0 | pattern = "/"; |
52 | } | |
53 | ||
54 | // Check for exact match | |
55 | 0 | if (path.equals(pattern)) |
56 | { | |
57 | 0 | return (true); |
58 | } | |
59 | ||
60 | // Check for path prefix matching | |
61 | 0 | if (pattern.startsWith("/") && pattern.endsWith("/*")) |
62 | { | |
63 | 0 | pattern = pattern.substring(0, pattern.length() - 2); |
64 | 0 | if (pattern.length() == 0) |
65 | { | |
66 | 0 | return (true); // "/*" is the same as "/" |
67 | } | |
68 | 0 | if (path.endsWith("/")) |
69 | { | |
70 | 0 | path = path.substring(0, path.length() - 1); |
71 | } | |
72 | while (true) | |
73 | { | |
74 | 0 | if (pattern.equals(path)) |
75 | { | |
76 | 0 | return (true); |
77 | } | |
78 | 0 | int slash = path.lastIndexOf('/'); |
79 | 0 | if (slash <= 0) |
80 | { | |
81 | 0 | break; |
82 | } | |
83 | 0 | path = path.substring(0, slash); |
84 | 0 | } |
85 | 0 | return (false); |
86 | } | |
87 | ||
88 | // Check for suffix matching | |
89 | 0 | if (pattern.startsWith("*.")) |
90 | { | |
91 | 0 | int slash = path.lastIndexOf('/'); |
92 | 0 | int period = path.lastIndexOf('.'); |
93 | 0 | if ((slash >= 0) && (period > slash) && |
94 | path.endsWith(pattern.substring(1))) | |
95 | { | |
96 | 0 | return (true); |
97 | } | |
98 | 0 | return (false); |
99 | } | |
100 | ||
101 | // Check for universal mapping | |
102 | 0 | if (pattern.equals("/")) |
103 | { | |
104 | 0 | return (true); |
105 | } | |
106 | ||
107 | 0 | return (false); |
108 | } | |
109 | ||
110 | public static boolean isViewProtected(FacesContext context, String viewId) | |
111 | { | |
112 | 0 | Set<String> protectedViews = context.getApplication().getViewHandler().getProtectedViewsUnmodifiable(); |
113 | 0 | if (!protectedViews.isEmpty()) |
114 | { | |
115 | 0 | boolean matchFound = false; |
116 | 0 | for (String urlPattern : protectedViews) |
117 | { | |
118 | 0 | if (ViewProtectionUtils.matchPattern(viewId, urlPattern)) |
119 | { | |
120 | 0 | matchFound = true; |
121 | 0 | break; |
122 | } | |
123 | 0 | } |
124 | 0 | return matchFound; |
125 | } | |
126 | else | |
127 | { | |
128 | 0 | return false; |
129 | } | |
130 | } | |
131 | } |