Coverage Report - org.kuali.rice.krad.web.filter.HideWebInfFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
HideWebInfFilter
0%
0/12
0%
0/4
2
 
 1  
 /*
 2  
  * Copyright 2007-2008 The Kuali Foundation
 3  
  *
 4  
  * Licensed under the Educational Community License, Version 2.0 (the "License");
 5  
  * you may not use this file except in compliance with the License.
 6  
  * You may obtain a copy of the License at
 7  
  *
 8  
  * http://www.opensource.org/licenses/ecl2.php
 9  
  *
 10  
  * Unless required by applicable law or agreed to in writing, software
 11  
  * distributed under the License is distributed on an "AS IS" BASIS,
 12  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13  
  * See the License for the specific language governing permissions and
 14  
  * limitations under the License.
 15  
  */
 16  
 package org.kuali.rice.krad.web.filter;
 17  
 
 18  
 import java.io.IOException;
 19  
 import java.util.regex.Pattern;
 20  
 
 21  
 import javax.servlet.Filter;
 22  
 import javax.servlet.FilterChain;
 23  
 import javax.servlet.FilterConfig;
 24  
 import javax.servlet.ServletException;
 25  
 import javax.servlet.ServletRequest;
 26  
 import javax.servlet.ServletResponse;
 27  
 import javax.servlet.http.HttpServletRequest;
 28  
 import javax.servlet.http.HttpServletResponse;
 29  
 
 30  
 /**
 31  
  * A simple filter that 404s any urls to embedded module WEB-INF directories.
 32  
  * Another solution would be for the container to disable directory browsing, however
 33  
  * files may still be accessed directly.  This filter will pre-emptively catch the URL
 34  
  * which means that application code cannot actually handle those URLs (for instance,
 35  
  * to do its own error handling).
 36  
  *
 37  
  * There is probably a better way to do this, e.g. a filter to bean proxy in some spring context,
 38  
  * but the sample app doesn't really have a web context of its own to put this in.
 39  
  *
 40  
  * @author Kuali Rice Team (rice.collab@kuali.org)
 41  
  *
 42  
  */
 43  0
 public class HideWebInfFilter implements Filter {
 44  
 
 45  0
         private static final Pattern WEB_INF_PATTERN = Pattern.compile(".*WEB-INF.*");
 46  
         
 47  
     /**
 48  
      * @see javax.servlet.Filter#destroy()
 49  
      */
 50  
     public void destroy() {
 51  
         // nothing
 52  0
     }
 53  
 
 54  
     /**
 55  
      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
 56  
      */
 57  
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
 58  0
         if ((req instanceof HttpServletRequest)) { 
 59  
 
 60  0
             HttpServletRequest hsr = (HttpServletRequest) req;
 61  
     
 62  0
             if (WEB_INF_PATTERN.matcher(hsr.getRequestURI()).matches()) {
 63  0
                 HttpServletResponse hsresp = (HttpServletResponse) res;
 64  0
                 hsresp.sendError(HttpServletResponse.SC_NOT_FOUND);
 65  0
                 return;
 66  
             }
 67  
         }
 68  
 
 69  0
         fc.doFilter(req, res);
 70  0
     }
 71  
 
 72  
     /**
 73  
      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
 74  
      */
 75  
     public void init(FilterConfig arg0) throws ServletException {
 76  
         // nada
 77  0
     }
 78  
 }