1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.myfaces.shared.util;
20
21 import java.util.Set;
22 import javax.faces.context.FacesContext;
23
24
25
26
27
28 public class ViewProtectionUtils
29 {
30
31
32
33
34
35
36
37
38
39
40
41
42 public static boolean matchPattern(String path, String pattern)
43 {
44
45 if ((path == null) || (path.length() == 0))
46 {
47 path = "/";
48 }
49 if ((pattern == null) || (pattern.length() == 0))
50 {
51 pattern = "/";
52 }
53
54
55 if (path.equals(pattern))
56 {
57 return (true);
58 }
59
60
61 if (pattern.startsWith("/") && pattern.endsWith("/*"))
62 {
63 pattern = pattern.substring(0, pattern.length() - 2);
64 if (pattern.length() == 0)
65 {
66 return (true);
67 }
68 if (path.endsWith("/"))
69 {
70 path = path.substring(0, path.length() - 1);
71 }
72 while (true)
73 {
74 if (pattern.equals(path))
75 {
76 return (true);
77 }
78 int slash = path.lastIndexOf('/');
79 if (slash <= 0)
80 {
81 break;
82 }
83 path = path.substring(0, slash);
84 }
85 return (false);
86 }
87
88
89 if (pattern.startsWith("*."))
90 {
91 int slash = path.lastIndexOf('/');
92 int period = path.lastIndexOf('.');
93 if ((slash >= 0) && (period > slash) &&
94 path.endsWith(pattern.substring(1)))
95 {
96 return (true);
97 }
98 return (false);
99 }
100
101
102 if (pattern.equals("/"))
103 {
104 return (true);
105 }
106
107 return (false);
108 }
109
110 public static boolean isViewProtected(FacesContext context, String viewId)
111 {
112 Set<String> protectedViews = context.getApplication().getViewHandler().getProtectedViewsUnmodifiable();
113 if (!protectedViews.isEmpty())
114 {
115 boolean matchFound = false;
116 for (String urlPattern : protectedViews)
117 {
118 if (ViewProtectionUtils.matchPattern(viewId, urlPattern))
119 {
120 matchFound = true;
121 break;
122 }
123 }
124 return matchFound;
125 }
126 else
127 {
128 return false;
129 }
130 }
131 }