/**
  * Determines if the requested view is one of the login pages which will allow the user to access
  * them without being authenticated.
  *
  * <p>Note, this implementation most likely will not work if the <code>FacesServlet</code> is
  * suffix mapped.
  *
  * @param context the <code>FacesContext</code> for the current request
  * @return <code>true</code> if the requested view is allowed to be accessed without being
  *     authenticated, otherwise <code>false</code>
  */
 private boolean requestingSecureView(FacesContext context) {
   ExternalContext extContext = context.getExternalContext();
   String path = extContext.getRequestPathInfo();
   return (!"/users/login.xhtml".equals(path)
       && !"/users/create.xhtml".equals(path)
       && !"/annonces/index.xhtml".equals(path)
       && !"/annonces/detail.xhtml".equals(path));
 }
  protected String getFacesViewId(ExternalContext externalContext) {

    String viewId = externalContext.getRequestPathInfo();

    if (viewId == null) {
      viewId = externalContext.getRequestServletPath();
    }

    return viewId;
  }
  public static String calculateResourceBasePath(FacesContext facesContext) {
    FacesServletMapping mapping = getFacesServletMapping(facesContext);
    ExternalContext externalContext = facesContext.getExternalContext();

    if (mapping != null) {
      String resourceBasePath = null;
      if (mapping.isExtensionMapping()) {
        // Mapping using a suffix. In this case we have to strip
        // the suffix. If we have a url like:
        // http://localhost:8080/testjsf20/javax.faces.resource/imagen.jpg.jsf?ln=dojo
        //
        // The servlet path is /javax.faces.resource/imagen.jpg.jsf
        //
        // For obtain the resource name we have to remove the .jsf
        // suffix and
        // the prefix ResourceHandler.RESOURCE_IDENTIFIER
        resourceBasePath = externalContext.getRequestServletPath();
        int stripPoint = resourceBasePath.lastIndexOf('.');
        if (stripPoint > 0) {
          resourceBasePath = resourceBasePath.substring(0, stripPoint);
        }
      } else {
        // Mapping using prefix. In this case we have to strip
        // the prefix used for mapping. If we have a url like:
        // http://localhost:8080/testjsf20/faces/javax.faces.resource/imagen.jpg?ln=dojo
        //
        // The servlet path is /faces
        // and the path info is /javax.faces.resource/imagen.jpg
        //
        // For obtain the resource name we have to remove the /faces
        // prefix and
        // then the prefix ResourceHandler.RESOURCE_IDENTIFIER
        resourceBasePath = externalContext.getRequestPathInfo();
      }
      return resourceBasePath;
    } else {
      // If no mapping is detected, just return the
      // information follows the servlet path but before
      // the query string
      return externalContext.getRequestPathInfo();
    }
  }
Example #4
0
  /**
   * Determines and returns the resource name of the current resource request.
   *
   * @param context The involved faces context.
   * @return The resource name of the current resource request (without any faces servlet mapping).
   */
  private static String getResourceName(FacesContext context) {
    ExternalContext externalContext = context.getExternalContext();
    String path = externalContext.getRequestPathInfo();

    if (path == null) {
      path = externalContext.getRequestServletPath();
      return path.substring(path.lastIndexOf('/') + 1, path.lastIndexOf('.'));
    } else {
      return path.substring(path.lastIndexOf('/') + 1);
    }
  }
Example #5
0
  /**
   * Returns the URL pattern of the {@link javax.faces.webapp.FacesServlet} that is executing the
   * current request. If there are multiple URL patterns, the value returned by <code>
   * HttpServletRequest.getServletPath()</code> and <code>HttpServletRequest.getPathInfo()</code> is
   * used to determine which mapping to return. If no mapping can be determined, it most likely
   * means that this particular request wasn't dispatched through the {@link
   * javax.faces.webapp.FacesServlet}.
   *
   * @param context the {@link FacesContext} of the current request
   * @return the URL pattern of the {@link javax.faces.webapp.FacesServlet} or <code>null</code> if
   *     no mapping can be determined
   * @throws NullPointerException if <code>context</code> is null
   */
  public static String getFacesMapping(FacesContext context) {

    if (context == null) {
      String message =
          MessageUtils.getExceptionMessageString(
              MessageUtils.NULL_PARAMETERS_ERROR_MESSAGE_ID, "context");
      throw new NullPointerException(message);
    }

    // Check for a previously stored mapping
    ExternalContext extContext = context.getExternalContext();
    String mapping = (String) RequestStateManager.get(context, RequestStateManager.INVOCATION_PATH);

    if (mapping == null) {

      // first check for javax.servlet.forward.servlet_path
      // and javax.servlet.forward.path_info for non-null
      // values.  if either is non-null, use this
      // information to generate determine the mapping.

      String servletPath = extContext.getRequestServletPath();
      String pathInfo = extContext.getRequestPathInfo();

      mapping = getMappingForRequest(servletPath, pathInfo);
      if (mapping == null) {
        if (LOGGER.isLoggable(Level.FINE)) {
          LOGGER.log(
              Level.FINE,
              "jsf.faces_servlet_mapping_cannot_be_determined_error",
              new Object[] {servletPath});
        }
      }
    }

    // if the FacesServlet is mapped to /* throw an
    // Exception in order to prevent an endless
    // RequestDispatcher loop
    // if ("/*".equals(mapping)) {
    //    throw new FacesException(MessageUtils.getExceptionMessageString(
    //          MessageUtils.FACES_SERVLET_MAPPING_INCORRECT_ID));
    // }

    if (mapping != null) {
      RequestStateManager.set(context, RequestStateManager.INVOCATION_PATH, mapping);
    }
    if (LOGGER.isLoggable(Level.FINE)) {
      LOGGER.log(
          Level.FINE, "URL pattern of the FacesServlet executing the current request " + mapping);
    }
    return mapping;
  }
  public static FacesServletMapping getFacesServletMapping(final FacesContext facesContext) {
    Map<Object, Object> attributes = facesContext.getAttributes();

    // Has the mapping already been determined during this request?
    FacesServletMapping mapping =
        (FacesServletMapping) attributes.get(FacesServletMapping.CACHED_SERVLET_MAPPING);
    if (mapping == null) {
      ExternalContext externalContext = facesContext.getExternalContext();
      mapping =
          FacesServletMapping.calculateFacesServletMapping(
              externalContext.getRequestServletPath(), externalContext.getRequestPathInfo());

      attributes.put(FacesServletMapping.CACHED_SERVLET_MAPPING, mapping);
    }
    return mapping;
  }
  private String getNoscriptUrl(ExternalContext externalContext) {
    String url = externalContext.getRequestPathInfo();
    if (url == null) {
      url = "";
    }

    // only use the very last part of the url
    int lastSlash = url.lastIndexOf('/');
    if (lastSlash != -1) {
      url = url.substring(lastSlash + 1);
    }

    // add request parameter
    url = JsfUtils.addPageParameters(externalContext, url, true);
    url = JsfUtils.addParameter(externalContext, url, false, NOSCRIPT_PARAMETER, "true");

    // NOTE that the url could contain data for an XSS attack
    // like e.g. ?"></a><a href%3D"http://hacker.org/attack.html?a
    // DO NOT REMOVE THE FOLLOWING LINES!
    url = url.replace("\"", "");
    url = url.replace("\'", "");

    return url;
  }