Source code

001// --------------------------------------------------------------------------------
002// Copyright 2002-2024 Echo Three, LLC
003//
004// Licensed under the Apache License, Version 2.0 (the "License");
005// you may not use this file except in compliance with the License.
006// You may obtain a copy of the License at
007//
008//     http://www.apache.org/licenses/LICENSE-2.0
009//
010// Unless required by applicable law or agreed to in writing, software
011// distributed under the License is distributed on an "AS IS" BASIS,
012// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013// See the License for the specific language governing permissions and
014// limitations under the License.
015// --------------------------------------------------------------------------------
016
017/*
018 * ====================================================================
019 *
020 * The Apache Software License, Version 1.1
021 *
022 * Copyright (c) 1999-2003 The Apache Software Foundation.  All rights
023 * reserved.
024 *
025 * Redistribution and use in source and binary forms, with or without
026 * modification, are permitted provided that the following conditions
027 * are met:
028 *
029 * 1. Redistributions of source code must retain the above copyright
030 *    notice, this list of conditions and the following disclaimer.
031 *
032 * 2. Redistributions in binary form must reproduce the above copyright
033 *    notice, this list of conditions and the following disclaimer in
034 *    the documentation and/or other materials provided with the
035 *    distribution.
036 *
037 * 3. The end-user documentation included with the redistribution, if
038 *    any, must include the following acknowlegement:
039 *       "This product includes software developed by the
040 *        Apache Software Foundation (http://www.apache.org/)."
041 *    Alternately, this acknowlegement may appear in the software itself,
042 *    if and wherever such third-party acknowlegements normally appear.
043 *
044 * 4. The names "The Jakarta Project", "Struts", and "Apache Software
045 *    Foundation" must not be used to endorse or promote products derived
046 *    from this software without prior written permission. For written
047 *    permission, please contact apache@apache.org.
048 *
049 * 5. Products derived from this software may not be called "Apache"
050 *    nor may "Apache" appear in their names without prior written
051 *    permission of the Apache Group.
052 *
053 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
054 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
055 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
056 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
057 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
058 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
059 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
060 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
061 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
062 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
063 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
064 * SUCH DAMAGE.
065 * ====================================================================
066 *
067 * This software consists of voluntary contributions made by many
068 * individuals on behalf of the Apache Software Foundation.  For more
069 * information on the Apache Software Foundation, please see
070 * <http://www.apache.org/>.
071 *
072 */
073
074package com.echothree.view.client.web.struts.sslext.action;
075
076import com.echothree.view.client.web.struts.sslext.config.SecureActionMapping;
077import com.echothree.view.client.web.struts.sslext.util.SecureRequestUtils;
078import java.io.IOException;
079import javax.servlet.http.HttpServletRequest;
080import javax.servlet.http.HttpServletResponse;
081import org.apache.struts.action.RequestProcessor;
082
083/**
084 * Extension of a RequestProcessor for use with sslext
085 */
086public class SecureRequestProcessor
087        extends RequestProcessor {
088    
089    /**
090     * Override of the base class's processPreprocess() method,
091     * delegates to the superclass method at the end
092     * @param request The current request
093     * @param response The current response
094     * @return true, if the request should continue to be processed, false otherwise
095     */
096    @Override
097    protected boolean processPreprocess(HttpServletRequest request, HttpServletResponse response) {
098        if(!super.processPreprocess(request, response))
099            return false;
100        
101        // Identify the path component we will use to select a mapping
102        // At this point it has already been checked by the calling method,
103        // so we know it is good
104        String path = null;
105        try {
106            path = processPath(request, response);
107        } catch (IOException e) {
108        }
109        
110        // Look up the corresponding mapping
111        // This will also be checked later by the calling method,
112        // so we'll leave any error message generation to it
113        SecureActionMapping mapping = null;
114        try {
115            mapping = (SecureActionMapping)processMapping(request, response, path);
116        } catch (IOException ioe) {
117        }
118        
119        if(mapping == null) {
120            return false;
121        }
122        
123        // Redirect to https/http if necessary
124        if(SecureRequestUtils.checkSsl(mapping, getServletContext(), request, response)) {
125            return false;
126        }
127        
128        // Made it through, delegate to the superclass
129        return super.processPreprocess(request, response);
130    }
131    
132}