| commit | author | age | ||
| 1da1ca | 1 | /* |
| 42c48e | 2 | Transit - Remote procedure calls made simple |
| U | 3 | Copyright (c) 2012 Ulrich Hilger |
| 4 | ||
| 5 | This program is free software: you can redistribute it and/or modify | |
| 6 | it under the terms of the GNU Affero General Public License as published by | |
| 7 | the Free Software Foundation, either version 3 of the License, or | |
| 8 | (at your option) any later version. | |
| 9 | ||
| 10 | This program is distributed in the hope that it will be useful, | |
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 13 | GNU Affero General Public License for more details. | |
| 14 | ||
| 15 | You should have received a copy of the GNU Affero General Public License | |
| 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 1da1ca | 17 | */ |
| U | 18 | package de.uhilger.transit.web; |
| 19 | ||
| 20 | import java.io.IOException; | |
| 21 | import java.io.PrintWriter; | |
| 22 | import java.security.Principal; | |
| 23 | import javax.servlet.ServletConfig; | |
| 24 | import javax.servlet.ServletException; | |
| 25 | import javax.servlet.http.HttpServlet; | |
| 26 | import javax.servlet.http.HttpServletRequest; | |
| 27 | import javax.servlet.http.HttpServletResponse; | |
| 28 | ||
| 29 | /** | |
| 42c48e | 30 | * Basisklasse mit gemeinsamem Code fuer die TransitServlets |
| U | 31 | * |
| 32 | * @author Copyright (c) Ulrich Hilger, http://uhilger.de | |
| 33 | * @author Published under the terms and conditions of the | |
| 34 | * <a href="http://www.gnu.org/licenses/agpl-3.0" target="_blank">GNU Affero | |
| 35 | * General Public License</a> | |
| 1da1ca | 36 | * |
| 42c48e | 37 | * @version 1, September 16, 2012 |
| 1da1ca | 38 | */ |
| U | 39 | public abstract class AbstractServlet extends HttpServlet { |
| 40 | ||
| 41 | public static final String MIME_JSON = "application/json"; | |
| 42 | public static final String MIME_XML = "text/xml"; | |
| 43 | ||
| 44 | public static final String KLASSEN_TRENNER = ";"; | |
| 45 | ||
| 46 | private static final String[] specialChars = {new String("\u00c4"), new String("\u00d6"), | |
| 47 | new String("\u00dc"), new String("\u00e4"), new String("\u00f6"), new String("\u00fc"), new String("\u00df")}; | |
| 48 | ||
| 49 | /** Name, der als Benutzername verwendet wird, wenn kein Benutzer angemeldet ist */ | |
| 50 | public static final String ANONYMER_NUTZER = "anonymous"; | |
| 51 | ||
| 52 | protected String[] klassen; | |
| 53 | ||
| 54 | @Override | |
| 55 | public void init(ServletConfig servletConfig) throws ServletException{ | |
| 56 | this.klassen = servletConfig.getInitParameter("klassen").split(KLASSEN_TRENNER); | |
| 57 | super.init(servletConfig); | |
| 58 | } | |
| 59 | ||
| 60 | /** | |
| 61 | * Den Namen des angemeldeten Benutzers ermitteln. | |
| 62 | * | |
| 63 | * @param req die Anfrage, deren Benutzer ermittelt werden soll | |
| 64 | * @return Name des Benutzers oder <code>anonymous</code>, wenn | |
| 65 | * kein Benutzer angemeldet ist | |
| 66 | */ | |
| 67 | protected String getUserName(HttpServletRequest req) { | |
| 68 | String userName = null; | |
| 69 | Principal p = req.getUserPrincipal(); | |
| 70 | if(p != null) { | |
| 71 | userName = p.getName(); | |
| 72 | } | |
| 73 | if(userName == null) { | |
| 74 | userName = ANONYMER_NUTZER; | |
| 75 | } | |
| 76 | return userName; | |
| 77 | } | |
| 78 | ||
| 79 | public String escapeHtml(String text) { | |
| 80 | text = text.replace(specialChars[0], "Ä"); | |
| 81 | text = text.replace(specialChars[1], "Ö"); | |
| 82 | text = text.replace(specialChars[2], "Ü"); | |
| 83 | text = text.replace(specialChars[3], "ä"); | |
| 84 | text = text.replace(specialChars[4], "ö"); | |
| 85 | text = text.replace(specialChars[5], "ü"); | |
| 86 | text = text.replace(specialChars[6], "ß"); | |
| 87 | return text; | |
| 88 | } | |
| 89 | ||
| 90 | /** | |
| 91 | * Hier wird geprueft, ob der Name einer Klasse der Liste der erlaubten | |
| 92 | * Klassen bzw. Packages entspricht. Im Deployment Descriptor wird ein | |
| 93 | * Ausdruck wie z.B. | |
| 94 | * | |
| 95 | * de.uhilger.test.web;de.uhilger.test.api;de.uhilger.test.db.KlassenName | |
| 96 | * | |
| 97 | * erwartet. Diese Methode spaltet diesen Ausdruck an den ';' auf und prueft | |
| 98 | * fuer jeden Ausdruck, ob der KlassenName mit diesem Ausdruck beginnt. | |
| 99 | * Beginnt der Klassenname mit einem der Ausdruecke, wird der Zugriff erlaubt | |
| 100 | * | |
| 101 | * @param klassenName Name der Klasse, fuer die der Zugriff geprueft | |
| 102 | * werden soll | |
| 103 | * @return true, wenn die Klasse laut dem Eintrag im Deployment Desccriptor | |
| 104 | * aufgerufen werden darf, false wenn nicht | |
| 105 | */ | |
| 106 | protected boolean istErlaubt(String klassenName) { | |
| 107 | boolean erlaubt = false; | |
| 108 | for(int i = 0; i < klassen.length && !erlaubt; i++) { | |
| 109 | erlaubt = klassenName.startsWith(klassen[i]); | |
| 110 | } | |
| 111 | return erlaubt; | |
| 112 | } | |
| 113 | ||
| 114 | } | |
