/**
* Determines if the requested view is one of the login pages which will allow the user to access
* them without being authenticated.
*
* <p>Note, this implementation most likely will not work if the <code>FacesServlet</code> is
* suffix mapped.
*
* @param context the <code>FacesContext</code> for the current request
* @return <code>true</code> if the requested view is allowed to be accessed without being
* authenticated, otherwise <code>false</code>
*/
private boolean requestingSecureView(FacesContext context) {
ExternalContext extContext = context.getExternalContext();
String path = extContext.getRequestPathInfo();
return (!"/users/login.xhtml".equals(path)
&& !"/users/create.xhtml".equals(path)
&& !"/annonces/index.xhtml".equals(path)
&& !"/annonces/detail.xhtml".equals(path));
}
protected String getFacesViewId(ExternalContext externalContext) {
String viewId = externalContext.getRequestPathInfo();
if (viewId == null) {
viewId = externalContext.getRequestServletPath();
}
return viewId;
}
public static String calculateResourceBasePath(FacesContext facesContext) {
FacesServletMapping mapping = getFacesServletMapping(facesContext);
ExternalContext externalContext = facesContext.getExternalContext();
if (mapping != null) {
String resourceBasePath = null;
if (mapping.isExtensionMapping()) {
// Mapping using a suffix. In this case we have to strip
// the suffix. If we have a url like:
// http://localhost:8080/testjsf20/javax.faces.resource/imagen.jpg.jsf?ln=dojo
//
// The servlet path is /javax.faces.resource/imagen.jpg.jsf
//
// For obtain the resource name we have to remove the .jsf
// suffix and
// the prefix ResourceHandler.RESOURCE_IDENTIFIER
resourceBasePath = externalContext.getRequestServletPath();
int stripPoint = resourceBasePath.lastIndexOf('.');
if (stripPoint > 0) {
resourceBasePath = resourceBasePath.substring(0, stripPoint);
}
} else {
// Mapping using prefix. In this case we have to strip
// the prefix used for mapping. If we have a url like:
// http://localhost:8080/testjsf20/faces/javax.faces.resource/imagen.jpg?ln=dojo
//
// The servlet path is /faces
// and the path info is /javax.faces.resource/imagen.jpg
//
// For obtain the resource name we have to remove the /faces
// prefix and
// then the prefix ResourceHandler.RESOURCE_IDENTIFIER
resourceBasePath = externalContext.getRequestPathInfo();
}
return resourceBasePath;
} else {
// If no mapping is detected, just return the
// information follows the servlet path but before
// the query string
return externalContext.getRequestPathInfo();
}
}
/**
* Determines and returns the resource name of the current resource request.
*
* @param context The involved faces context.
* @return The resource name of the current resource request (without any faces servlet mapping).
*/
private static String getResourceName(FacesContext context) {
ExternalContext externalContext = context.getExternalContext();
String path = externalContext.getRequestPathInfo();
if (path == null) {
path = externalContext.getRequestServletPath();
return path.substring(path.lastIndexOf('/') + 1, path.lastIndexOf('.'));
} else {
return path.substring(path.lastIndexOf('/') + 1);
}
}
/**
* Returns the URL pattern of the {@link javax.faces.webapp.FacesServlet} that is executing the
* current request. If there are multiple URL patterns, the value returned by <code>
* HttpServletRequest.getServletPath()</code> and <code>HttpServletRequest.getPathInfo()</code> is
* used to determine which mapping to return. If no mapping can be determined, it most likely
* means that this particular request wasn't dispatched through the {@link
* javax.faces.webapp.FacesServlet}.
*
* @param context the {@link FacesContext} of the current request
* @return the URL pattern of the {@link javax.faces.webapp.FacesServlet} or <code>null</code> if
* no mapping can be determined
* @throws NullPointerException if <code>context</code> is null
*/
public static String getFacesMapping(FacesContext context) {
if (context == null) {
String message =
MessageUtils.getExceptionMessageString(
MessageUtils.NULL_PARAMETERS_ERROR_MESSAGE_ID, "context");
throw new NullPointerException(message);
}
// Check for a previously stored mapping
ExternalContext extContext = context.getExternalContext();
String mapping = (String) RequestStateManager.get(context, RequestStateManager.INVOCATION_PATH);
if (mapping == null) {
// first check for javax.servlet.forward.servlet_path
// and javax.servlet.forward.path_info for non-null
// values. if either is non-null, use this
// information to generate determine the mapping.
String servletPath = extContext.getRequestServletPath();
String pathInfo = extContext.getRequestPathInfo();
mapping = getMappingForRequest(servletPath, pathInfo);
if (mapping == null) {
if (LOGGER.isLoggable(Level.FINE)) {
LOGGER.log(
Level.FINE,
"jsf.faces_servlet_mapping_cannot_be_determined_error",
new Object[] {servletPath});
}
}
}
// if the FacesServlet is mapped to /* throw an
// Exception in order to prevent an endless
// RequestDispatcher loop
// if ("/*".equals(mapping)) {
// throw new FacesException(MessageUtils.getExceptionMessageString(
// MessageUtils.FACES_SERVLET_MAPPING_INCORRECT_ID));
// }
if (mapping != null) {
RequestStateManager.set(context, RequestStateManager.INVOCATION_PATH, mapping);
}
if (LOGGER.isLoggable(Level.FINE)) {
LOGGER.log(
Level.FINE, "URL pattern of the FacesServlet executing the current request " + mapping);
}
return mapping;
}
public static FacesServletMapping getFacesServletMapping(final FacesContext facesContext) {
Map<Object, Object> attributes = facesContext.getAttributes();
// Has the mapping already been determined during this request?
FacesServletMapping mapping =
(FacesServletMapping) attributes.get(FacesServletMapping.CACHED_SERVLET_MAPPING);
if (mapping == null) {
ExternalContext externalContext = facesContext.getExternalContext();
mapping =
FacesServletMapping.calculateFacesServletMapping(
externalContext.getRequestServletPath(), externalContext.getRequestPathInfo());
attributes.put(FacesServletMapping.CACHED_SERVLET_MAPPING, mapping);
}
return mapping;
}
private String getNoscriptUrl(ExternalContext externalContext) {
String url = externalContext.getRequestPathInfo();
if (url == null) {
url = "";
}
// only use the very last part of the url
int lastSlash = url.lastIndexOf('/');
if (lastSlash != -1) {
url = url.substring(lastSlash + 1);
}
// add request parameter
url = JsfUtils.addPageParameters(externalContext, url, true);
url = JsfUtils.addParameter(externalContext, url, false, NOSCRIPT_PARAMETER, "true");
// NOTE that the url could contain data for an XSS attack
// like e.g. ?"></a><a href%3D"http://hacker.org/attack.html?a
// DO NOT REMOVE THE FOLLOWING LINES!
url = url.replace("\"", "");
url = url.replace("\'", "");
return url;
}