예제 #1
0
  /* ------------------------------------------------------------ */
  @Override
  public void push() {
    if (HttpMethod.POST.is(_method) || HttpMethod.PUT.is(_method))
      throw new IllegalStateException("Bad Method " + _method);

    if (_path == null || _path.length() == 0) throw new IllegalStateException("Bad Path " + _path);

    String path = _path;
    String query = _queryString;
    int q = path.indexOf('?');
    if (q >= 0) {
      query =
          (query != null && query.length() > 0)
              ? (_path.substring(q + 1) + '&' + query)
              : _path.substring(q + 1);
      path = _path.substring(0, q);
    }

    if (!path.startsWith("/")) path = URIUtil.addPaths(_request.getContextPath(), path);

    String param = null;
    if (_sessionId != null) {
      if (_request.isRequestedSessionIdFromURL()) param = "jsessionid=" + _sessionId;
      // TODO else
      //      _fields.add("Cookie","JSESSIONID="+_sessionId);
    }

    if (_conditional) {
      if (_etag != null) _fields.add(HttpHeader.IF_NONE_MATCH, _etag);
      else if (_lastModified != null) _fields.add(HttpHeader.IF_MODIFIED_SINCE, _lastModified);
    }

    HttpURI uri =
        HttpURI.createHttpURI(
            _request.getScheme(),
            _request.getServerName(),
            _request.getServerPort(),
            _path,
            param,
            query,
            null);
    MetaData.Request push = new MetaData.Request(_method, uri, _request.getHttpVersion(), _fields);

    if (LOG.isDebugEnabled())
      LOG.debug(
          "Push {} {} inm={} ims={}",
          _method,
          uri,
          _fields.get(HttpHeader.IF_NONE_MATCH),
          _fields.get(HttpHeader.IF_MODIFIED_SINCE));

    _request.getHttpChannel().getHttpTransport().push(push);
    _path = null;
    _etag = null;
    _lastModified = null;
  }
예제 #2
0
파일: Response.java 프로젝트: byronka/xenos
  private boolean doIsEncodeable(Request hreq, Session session, String location) {
    // Is this a valid absolute URL?
    URL url = null;
    try {
      url = new URL(location);
    } catch (MalformedURLException e) {
      return (false);
    }

    // Does this URL match down to (and including) the context path?
    if (!hreq.getScheme().equalsIgnoreCase(url.getProtocol())) {
      return (false);
    }
    if (!hreq.getServerName().equalsIgnoreCase(url.getHost())) {
      return (false);
    }
    int serverPort = hreq.getServerPort();
    if (serverPort == -1) {
      if ("https".equals(hreq.getScheme())) {
        serverPort = 443;
      } else {
        serverPort = 80;
      }
    }
    int urlPort = url.getPort();
    if (urlPort == -1) {
      if ("https".equals(url.getProtocol())) {
        urlPort = 443;
      } else {
        urlPort = 80;
      }
    }
    if (serverPort != urlPort) {
      return (false);
    }

    String contextPath = getContext().getPath();
    if (contextPath != null) {
      String file = url.getFile();
      if ((file == null) || !file.startsWith(contextPath)) {
        return (false);
      }
      String tok =
          ";"
              + SessionConfig.getSessionUriParamName(request.getContext())
              + "="
              + session.getIdInternal();
      if (file.indexOf(tok, contextPath.length()) >= 0) {
        return (false);
      }
    }

    // This URL belongs to our web application, so it is encodeable
    return (true);
  }
예제 #3
0
  /* ------------------------------------------------------------ */
  protected void checkForwardedHeaders(EndPoint endpoint, Request request) throws IOException {
    HttpFields httpFields = request.getConnection().getRequestFields();

    // Retrieving headers from the request
    String forwardedHost = getLeftMostValue(httpFields.getStringField(getForwardedHostHeader()));
    String forwardedServer =
        getLeftMostValue(httpFields.getStringField(getForwardedServerHeader()));
    String forwardedFor = getLeftMostValue(httpFields.getStringField(getForwardedForHeader()));

    if (_hostHeader != null) {
      // Update host header
      httpFields.put(HttpHeaders.HOST_BUFFER, _hostHeader);
      request.setServerName(null);
      request.setServerPort(-1);
      request.getServerName();
    } else if (forwardedHost != null) {
      // Update host header
      httpFields.put(HttpHeaders.HOST_BUFFER, forwardedHost);
      request.setServerName(null);
      request.setServerPort(-1);
      request.getServerName();
    } else if (forwardedServer != null) {
      // Use provided server name
      request.setServerName(forwardedServer);
    }

    if (forwardedFor != null) {
      request.setRemoteAddr(forwardedFor);
      InetAddress inetAddress = null;

      if (_useDNS) {
        try {
          inetAddress = InetAddress.getByName(forwardedFor);
        } catch (UnknownHostException e) {
          Log.ignore(e);
        }
      }

      request.setRemoteHost(inetAddress == null ? forwardedFor : inetAddress.getHostName());
    }
  }
  /**
   * Customizes the request attributes to be set for SSL requests.
   *
   * <p>The requirements of the Servlet specs are:
   *
   * <ul>
   *   <li>an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet
   *       Spec 3.0).
   *   <li>an attribute named "javax.servlet.request.cipher_suite" of type String.
   *   <li>an attribute named "javax.servlet.request.key_size" of type Integer.
   *   <li>an attribute named "javax.servlet.request.X509Certificate" of type
   *       java.security.cert.X509Certificate[]. This is an array of objects of type
   *       X509Certificate, the order of this array is defined as being in ascending order of trust.
   *       The first certificate in the chain is the one set by the client, the next is the one used
   *       to authenticate the first, and so on.
   * </ul>
   *
   * @param sslEngine the sslEngine to be customized.
   * @param request HttpRequest to be customized.
   */
  protected void customize(SSLEngine sslEngine, Request request) {
    SSLSession sslSession = sslEngine.getSession();

    if (_sniHostCheck) {
      String name = request.getServerName();
      X509 x509 = (X509) sslSession.getValue(SniX509ExtendedKeyManager.SNI_X509);

      if (x509 != null && !x509.matches(name)) {
        LOG.warn("Host {} does not match SNI {}", name, x509);
        throw new BadMessageException(400, "Host does not match SNI");
      }

      if (LOG.isDebugEnabled()) LOG.debug("Host {} matched SNI {}", name, x509);
    }

    try {
      String cipherSuite = sslSession.getCipherSuite();
      Integer keySize;
      X509Certificate[] certs;
      String idStr;

      CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR);
      if (cachedInfo != null) {
        keySize = cachedInfo.getKeySize();
        certs = cachedInfo.getCerts();
        idStr = cachedInfo.getIdStr();
      } else {
        keySize = SslContextFactory.deduceKeyLength(cipherSuite);
        certs = SslContextFactory.getCertChain(sslSession);
        byte[] bytes = sslSession.getId();
        idStr = TypeUtil.toHexString(bytes);
        cachedInfo = new CachedInfo(keySize, certs, idStr);
        sslSession.putValue(CACHED_INFO_ATTR, cachedInfo);
      }

      if (certs != null) request.setAttribute("javax.servlet.request.X509Certificate", certs);

      request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
      request.setAttribute("javax.servlet.request.key_size", keySize);
      request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
    } catch (Exception e) {
      LOG.warn(Log.EXCEPTION, e);
    }
  }
예제 #5
0
파일: Response.java 프로젝트: byronka/xenos
  /**
   * Convert (if necessary) and return the absolute URL that represents the resource referenced by
   * this possibly relative URL. If this URL is already absolute, return it unchanged.
   *
   * @param location URL to be (possibly) converted and then returned
   * @exception IllegalArgumentException if a MalformedURLException is thrown when converting the
   *     relative URL to an absolute one
   */
  protected String toAbsolute(String location) {

    if (location == null) {
      return (location);
    }

    boolean leadingSlash = location.startsWith("/");

    if (location.startsWith("//")) {
      // Scheme relative
      redirectURLCC.recycle();
      // Add the scheme
      String scheme = request.getScheme();
      try {
        redirectURLCC.append(scheme, 0, scheme.length());
        redirectURLCC.append(':');
        redirectURLCC.append(location, 0, location.length());
        return redirectURLCC.toString();
      } catch (IOException e) {
        IllegalArgumentException iae = new IllegalArgumentException(location);
        iae.initCause(e);
        throw iae;
      }

    } else if (leadingSlash || !hasScheme(location)) {

      redirectURLCC.recycle();

      String scheme = request.getScheme();
      String name = request.getServerName();
      int port = request.getServerPort();

      try {
        redirectURLCC.append(scheme, 0, scheme.length());
        redirectURLCC.append("://", 0, 3);
        redirectURLCC.append(name, 0, name.length());
        if ((scheme.equals("http") && port != 80) || (scheme.equals("https") && port != 443)) {
          redirectURLCC.append(':');
          String portS = port + "";
          redirectURLCC.append(portS, 0, portS.length());
        }
        if (!leadingSlash) {
          String relativePath = request.getDecodedRequestURI();
          int pos = relativePath.lastIndexOf('/');
          CharChunk encodedURI = null;
          final String frelativePath = relativePath;
          final int fend = pos;
          if (SecurityUtil.isPackageProtectionEnabled()) {
            try {
              encodedURI =
                  AccessController.doPrivileged(
                      new PrivilegedExceptionAction<CharChunk>() {
                        @Override
                        public CharChunk run() throws IOException {
                          return urlEncoder.encodeURL(frelativePath, 0, fend);
                        }
                      });
            } catch (PrivilegedActionException pae) {
              IllegalArgumentException iae = new IllegalArgumentException(location);
              iae.initCause(pae.getException());
              throw iae;
            }
          } else {
            encodedURI = urlEncoder.encodeURL(relativePath, 0, pos);
          }
          redirectURLCC.append(encodedURI);
          encodedURI.recycle();
          redirectURLCC.append('/');
        }
        redirectURLCC.append(location, 0, location.length());

        normalize(redirectURLCC);
      } catch (IOException e) {
        IllegalArgumentException iae = new IllegalArgumentException(location);
        iae.initCause(e);
        throw iae;
      }

      return redirectURLCC.toString();

    } else {

      return (location);
    }
  }
예제 #6
0
  @Override
  public String encodeURL(String url) {
    final Request request = _channel.getRequest();
    SessionManager sessionManager = request.getSessionManager();
    if (sessionManager == null) return url;

    HttpURI uri = null;
    if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url)) {
      uri = new HttpURI(url);
      String path = uri.getPath();
      path = (path == null ? "" : path);
      int port = uri.getPort();
      if (port < 0) port = HttpScheme.HTTPS.asString().equalsIgnoreCase(uri.getScheme()) ? 443 : 80;
      if (!request.getServerName().equalsIgnoreCase(uri.getHost())
          || request.getServerPort() != port
          || !path.startsWith(
              request
                  .getContextPath())) // TODO the root context path is "", with which every non null
                                      // string starts
      return url;
    }

    String sessionURLPrefix = sessionManager.getSessionIdPathParameterNamePrefix();
    if (sessionURLPrefix == null) return url;

    if (url == null) return null;

    // should not encode if cookies in evidence
    if (request.isRequestedSessionIdFromCookie()) {
      int prefix = url.indexOf(sessionURLPrefix);
      if (prefix != -1) {
        int suffix = url.indexOf("?", prefix);
        if (suffix < 0) suffix = url.indexOf("#", prefix);

        if (suffix <= prefix) return url.substring(0, prefix);
        return url.substring(0, prefix) + url.substring(suffix);
      }
      return url;
    }

    // get session;
    HttpSession session = request.getSession(false);

    // no session
    if (session == null) return url;

    // invalid session
    if (!sessionManager.isValid(session)) return url;

    String id = sessionManager.getNodeId(session);

    if (uri == null) uri = new HttpURI(url);

    // Already encoded
    int prefix = url.indexOf(sessionURLPrefix);
    if (prefix != -1) {
      int suffix = url.indexOf("?", prefix);
      if (suffix < 0) suffix = url.indexOf("#", prefix);

      if (suffix <= prefix) return url.substring(0, prefix + sessionURLPrefix.length()) + id;
      return url.substring(0, prefix + sessionURLPrefix.length()) + id + url.substring(suffix);
    }

    // edit the session
    int suffix = url.indexOf('?');
    if (suffix < 0) suffix = url.indexOf('#');
    if (suffix < 0) {
      return url
          + ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme()))
                  && uri.getPath() == null
              ? "/"
              : "")
          + // if no path, insert the root path
          sessionURLPrefix
          + id;
    }

    return url.substring(0, suffix)
        + ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme()))
                && uri.getPath() == null
            ? "/"
            : "")
        + // if no path so insert the root path
        sessionURLPrefix
        + id
        + url.substring(suffix);
  }