1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.myfaces.shared.util;
20
21 import java.util.Set;
22 import javax.faces.context.FacesContext;
23
24 /**
25 *
26 * @since 2.2
27 */
28 public class ViewProtectionUtils
29 {
30
31 /**
32 * NOTE: Taken from org.apache.catalina.deploy.SecurityConstraint
33 *
34 * Does the specified request path match the specified URL pattern?
35 * This method follows the same rules (in the same order) as those used
36 * for mapping requests to servlets.
37 *
38 * @param path Context-relative request path to be checked
39 * (must start with '/')
40 * @param pattern URL pattern to be compared against
41 */
42 public static boolean matchPattern(String path, String pattern)
43 {
44 // Normalize the argument strings
45 if ((path == null) || (path.length() == 0))
46 {
47 path = "/";
48 }
49 if ((pattern == null) || (pattern.length() == 0))
50 {
51 pattern = "/";
52 }
53
54 // Check for exact match
55 if (path.equals(pattern))
56 {
57 return (true);
58 }
59
60 // Check for path prefix matching
61 if (pattern.startsWith("/") && pattern.endsWith("/*"))
62 {
63 pattern = pattern.substring(0, pattern.length() - 2);
64 if (pattern.length() == 0)
65 {
66 return (true); // "/*" is the same as "/"
67 }
68 if (path.endsWith("/"))
69 {
70 path = path.substring(0, path.length() - 1);
71 }
72 while (true)
73 {
74 if (pattern.equals(path))
75 {
76 return (true);
77 }
78 int slash = path.lastIndexOf('/');
79 if (slash <= 0)
80 {
81 break;
82 }
83 path = path.substring(0, slash);
84 }
85 return (false);
86 }
87
88 // Check for suffix matching
89 if (pattern.startsWith("*."))
90 {
91 int slash = path.lastIndexOf('/');
92 int period = path.lastIndexOf('.');
93 if ((slash >= 0) && (period > slash) &&
94 path.endsWith(pattern.substring(1)))
95 {
96 return (true);
97 }
98 return (false);
99 }
100
101 // Check for universal mapping
102 if (pattern.equals("/"))
103 {
104 return (true);
105 }
106
107 return (false);
108 }
109
110 public static boolean isViewProtected(FacesContext context, String viewId)
111 {
112 Set<String> protectedViews = context.getApplication().getViewHandler().getProtectedViewsUnmodifiable();
113 if (!protectedViews.isEmpty())
114 {
115 boolean matchFound = false;
116 for (String urlPattern : protectedViews)
117 {
118 if (ViewProtectionUtils.matchPattern(viewId, urlPattern))
119 {
120 matchFound = true;
121 break;
122 }
123 }
124 return matchFound;
125 }
126 else
127 {
128 return false;
129 }
130 }
131 }