Coverage Report

Coverage Report - org.apache.myfaces.shared.util.ViewProtectionUtils

Classes in this File

0/40

0/38

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.myfaces.shared.util;
 
 import java.util.Set;
 import javax.faces.context.FacesContext;
 
 /**
  *
  * @since 2.2
  */
 public class ViewProtectionUtils
 {
     
     /**
      * NOTE: Taken from org.apache.catalina.deploy.SecurityConstraint
      * 
      * Does the specified request path match the specified URL pattern?
      * This method follows the same rules (in the same order) as those used
      * for mapping requests to servlets.
      *
      * @param path Context-relative request path to be checked
      *  (must start with '/')
      * @param pattern URL pattern to be compared against
      */
     public static boolean matchPattern(String path, String pattern)
     {
         // Normalize the argument strings
         if ((path == null) || (path.length() == 0))
         {
             path = "/";
         }
         if ((pattern == null) || (pattern.length() == 0))
         {
             pattern = "/";
         }
 
         // Check for exact match
         if (path.equals(pattern))
         {
             return (true);
         }
 
         // Check for path prefix matching
         if (pattern.startsWith("/") && pattern.endsWith("/*"))
         {
             pattern = pattern.substring(0, pattern.length() - 2);
             if (pattern.length() == 0)
             {
                 return (true);  // "/*" is the same as "/"
             }
             if (path.endsWith("/"))
             {
                 path = path.substring(0, path.length() - 1);
             }
             while (true)
             {
                 if (pattern.equals(path))
                 {
                     return (true);
                 }
                 int slash = path.lastIndexOf('/');
                 if (slash <= 0)
                 {
                     break;
                 }
                 path = path.substring(0, slash);
             }
             return (false);
         }
 
         // Check for suffix matching
         if (pattern.startsWith("*."))
         {
             int slash = path.lastIndexOf('/');
             int period = path.lastIndexOf('.');
             if ((slash >= 0) && (period > slash) &&
                 path.endsWith(pattern.substring(1)))
             {
                 return (true);
             }
             return (false);
         }
 
         // Check for universal mapping
         if (pattern.equals("/"))
         {
             return (true);
         }
 
         return (false);
     }
     
     public static boolean isViewProtected(FacesContext context, String viewId)
     {
         Set<String> protectedViews = context.getApplication().getViewHandler().getProtectedViewsUnmodifiable();
         if (!protectedViews.isEmpty())
         {
             boolean matchFound = false;
             for (String urlPattern : protectedViews)
             {
                 if (ViewProtectionUtils.matchPattern(viewId, urlPattern))
                 {
                     matchFound = true;
                     break;
                 }
             }
             return matchFound;
         }
         else
         {
             return false;
         }
     }
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.myfaces.shared.util;
20
21		import java.util.Set;
22		import javax.faces.context.FacesContext;
23
24		/**
25		*
26		* @since 2.2
27		*/
28	0	public class ViewProtectionUtils
29		{
30
31		/**
32		* NOTE: Taken from org.apache.catalina.deploy.SecurityConstraint
33		*
34		* Does the specified request path match the specified URL pattern?
35		* This method follows the same rules (in the same order) as those used
36		* for mapping requests to servlets.
37		*
38		* @param path Context-relative request path to be checked
39		* (must start with '/')
40		* @param pattern URL pattern to be compared against
41		*/
42		public static boolean matchPattern(String path, String pattern)
43		{
44		// Normalize the argument strings
45	0	if ((path == null) \|\| (path.length() == 0))
46		{
47	0	path = "/";
48		}
49	0	if ((pattern == null) \|\| (pattern.length() == 0))
50		{
51	0	pattern = "/";
52		}
53
54		// Check for exact match
55	0	if (path.equals(pattern))
56		{
57	0	return (true);
58		}
59
60		// Check for path prefix matching
61	0	if (pattern.startsWith("/") && pattern.endsWith("/*"))
62		{
63	0	pattern = pattern.substring(0, pattern.length() - 2);
64	0	if (pattern.length() == 0)
65		{
66	0	return (true); // "/*" is the same as "/"
67		}
68	0	if (path.endsWith("/"))
69		{
70	0	path = path.substring(0, path.length() - 1);
71		}
72		while (true)
73		{
74	0	if (pattern.equals(path))
75		{
76	0	return (true);
77		}
78	0	int slash = path.lastIndexOf('/');
79	0	if (slash <= 0)
80		{
81	0	break;
82		}
83	0	path = path.substring(0, slash);
84	0	}
85	0	return (false);
86		}
87
88		// Check for suffix matching
89	0	if (pattern.startsWith("*."))
90		{
91	0	int slash = path.lastIndexOf('/');
92	0	int period = path.lastIndexOf('.');
93	0	if ((slash >= 0) && (period > slash) &&
94		path.endsWith(pattern.substring(1)))
95		{
96	0	return (true);
97		}
98	0	return (false);
99		}
100
101		// Check for universal mapping
102	0	if (pattern.equals("/"))
103		{
104	0	return (true);
105		}
106
107	0	return (false);
108		}
109
110		public static boolean isViewProtected(FacesContext context, String viewId)
111		{
112	0	Set<String> protectedViews = context.getApplication().getViewHandler().getProtectedViewsUnmodifiable();
113	0	if (!protectedViews.isEmpty())
114		{
115	0	boolean matchFound = false;
116	0	for (String urlPattern : protectedViews)
117		{
118	0	if (ViewProtectionUtils.matchPattern(viewId, urlPattern))
119		{
120	0	matchFound = true;
121	0	break;
122		}
123	0	}
124	0	return matchFound;
125		}
126		else
127		{
128	0	return false;
129		}
130		}
131		}