Coverage Report

Coverage Report - org.kuali.rice.krad.web.filter.HideWebInfFilter

Classes in this File

0/12

0/4

 /*
  * Copyright 2007-2008 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.krad.web.filter;
 
 import java.io.IOException;
 import java.util.regex.Pattern;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
  * A simple filter that 404s any urls to embedded module WEB-INF directories.
  * Another solution would be for the container to disable directory browsing, however
  * files may still be accessed directly.  This filter will pre-emptively catch the URL
  * which means that application code cannot actually handle those URLs (for instance,
  * to do its own error handling).
  *
  * There is probably a better way to do this, e.g. a filter to bean proxy in some spring context,
  * but the sample app doesn't really have a web context of its own to put this in.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  *
  */
 public class HideWebInfFilter implements Filter {
 
         private static final Pattern WEB_INF_PATTERN = Pattern.compile(".*WEB-INF.*");
         
     /**
      * @see javax.servlet.Filter#destroy()
      */
     public void destroy() {
         // nothing
     }
 
     /**
      * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
      */
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
         if ((req instanceof HttpServletRequest)) { 
 
             HttpServletRequest hsr = (HttpServletRequest) req;
     
             if (WEB_INF_PATTERN.matcher(hsr.getRequestURI()).matches()) {
                 HttpServletResponse hsresp = (HttpServletResponse) res;
                 hsresp.sendError(HttpServletResponse.SC_NOT_FOUND);
                 return;
             }
         }
 
         fc.doFilter(req, res);
     }
 
     /**
      * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
      */
     public void init(FilterConfig arg0) throws ServletException {
         // nada
     }
 }

1		/*
2		* Copyright 2007-2008 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.krad.web.filter;
17
18		import java.io.IOException;
19		import java.util.regex.Pattern;
20
21		import javax.servlet.Filter;
22		import javax.servlet.FilterChain;
23		import javax.servlet.FilterConfig;
24		import javax.servlet.ServletException;
25		import javax.servlet.ServletRequest;
26		import javax.servlet.ServletResponse;
27		import javax.servlet.http.HttpServletRequest;
28		import javax.servlet.http.HttpServletResponse;
29
30		/**
31		* A simple filter that 404s any urls to embedded module WEB-INF directories.
32		* Another solution would be for the container to disable directory browsing, however
33		* files may still be accessed directly. This filter will pre-emptively catch the URL
34		* which means that application code cannot actually handle those URLs (for instance,
35		* to do its own error handling).
36		*
37		* There is probably a better way to do this, e.g. a filter to bean proxy in some spring context,
38		* but the sample app doesn't really have a web context of its own to put this in.
39		*
40		* @author Kuali Rice Team (rice.collab@kuali.org)
41		*
42		*/
43	0	public class HideWebInfFilter implements Filter {
44
45	0	private static final Pattern WEB_INF_PATTERN = Pattern.compile(".WEB-INF.");
46
47		/**
48		* @see javax.servlet.Filter#destroy()
49		*/
50		public void destroy() {
51		// nothing
52	0	}
53
54		/**
55		* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
56		*/
57		public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
58	0	if ((req instanceof HttpServletRequest)) {
59
60	0	HttpServletRequest hsr = (HttpServletRequest) req;
61
62	0	if (WEB_INF_PATTERN.matcher(hsr.getRequestURI()).matches()) {
63	0	HttpServletResponse hsresp = (HttpServletResponse) res;
64	0	hsresp.sendError(HttpServletResponse.SC_NOT_FOUND);
65	0	return;
66		}
67		}
68
69	0	fc.doFilter(req, res);
70	0	}
71
72		/**
73		* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
74		*/
75		public void init(FilterConfig arg0) throws ServletException {
76		// nada
77	0	}
78		}