cleaned up remote filter
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2070 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
3edea65c39
commit
aaac4de094
|
@ -94,6 +94,8 @@ public abstract class AbstractHandlerContainer extends AbstractHandler implement
|
|||
int last=handlers.length-1;
|
||||
for (int h=0;h<=last;h++)
|
||||
{
|
||||
if (handlers[h]==null)
|
||||
continue;
|
||||
b.append(indent);
|
||||
b.append(" +-");
|
||||
if (handlers[h] instanceof AbstractHandler)
|
||||
|
|
|
@ -52,6 +52,7 @@ public class FilterHolder extends Holder
|
|||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
@Override
|
||||
public void doStart()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -68,13 +69,13 @@ public class FilterHolder extends Holder
|
|||
if (_filter==null)
|
||||
_filter=(Filter)newInstance();
|
||||
|
||||
_filter = getServletHandler().customizeFilter(_filter);
|
||||
|
||||
_filter = getServletHandler().customizeFilter(_filter);
|
||||
_config=new Config();
|
||||
_filter.init(_config);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
@Override
|
||||
public void doStop()
|
||||
throws Exception
|
||||
{
|
||||
|
@ -97,6 +98,7 @@ public class FilterHolder extends Holder
|
|||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
@Override
|
||||
public void destroyInstance (Object o)
|
||||
throws Exception
|
||||
{
|
||||
|
@ -124,6 +126,7 @@ public class FilterHolder extends Holder
|
|||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
return getName();
|
||||
|
@ -141,8 +144,3 @@ public class FilterHolder extends Holder
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -33,10 +33,10 @@ import org.eclipse.jetty.util.log.Log;
|
|||
*/
|
||||
public class Holder extends AbstractLifeCycle
|
||||
{
|
||||
protected final Map<String,String> _initParams=new HashMap<String,String>(3);
|
||||
protected transient Class<?> _class;
|
||||
protected String _className;
|
||||
protected String _displayName;
|
||||
protected Map _initParams;
|
||||
protected boolean _extInstance;
|
||||
protected boolean _asyncSupported=true;
|
||||
|
||||
|
@ -45,7 +45,9 @@ public class Holder extends AbstractLifeCycle
|
|||
protected ServletHandler _servletHandler;
|
||||
|
||||
protected Holder()
|
||||
{}
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
/* ---------------------------------------------------------------- */
|
||||
protected Holder(Class held)
|
||||
|
@ -190,15 +192,14 @@ public class Holder extends AbstractLifeCycle
|
|||
/* ------------------------------------------------------------ */
|
||||
public void setInitParameter(String param,String value)
|
||||
{
|
||||
if (_initParams==null)
|
||||
_initParams=new HashMap(3);
|
||||
_initParams.put(param,value);
|
||||
}
|
||||
|
||||
/* ---------------------------------------------------------------- */
|
||||
public void setInitParameters(Map map)
|
||||
public void setInitParameters(Map<String,String> map)
|
||||
{
|
||||
_initParams=map;
|
||||
_initParams.clear();
|
||||
_initParams.putAll(map);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
|
|
@ -1388,6 +1388,7 @@ public class ServletHandler extends ScopedHandler
|
|||
b.append(indent);
|
||||
b.append(" +-");
|
||||
b.append(f);
|
||||
b.append(f.getFilterHolder().getInitParameters());
|
||||
b.append('\n');
|
||||
}
|
||||
}
|
||||
|
@ -1400,6 +1401,9 @@ public class ServletHandler extends ScopedHandler
|
|||
b.append(indent);
|
||||
b.append(" +-");
|
||||
b.append(m);
|
||||
ServletHolder h = getServlet(m.getServletName());
|
||||
if (h!=null)
|
||||
b.append(h.getInitParameters());
|
||||
b.append('\n');
|
||||
}
|
||||
}
|
||||
|
@ -1413,6 +1417,7 @@ public class ServletHandler extends ScopedHandler
|
|||
b.append(indent);
|
||||
b.append(" +-[]==>");
|
||||
b.append(h.getName());
|
||||
b.append(h.getInitParameters());
|
||||
b.append('\n');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,6 +15,16 @@
|
|||
<param-value>a context value</param-value>
|
||||
</context-param>
|
||||
|
||||
<!-- Add or override filter init parameter -->
|
||||
<filter>
|
||||
<filter-name>TestFilter</filter-name>
|
||||
<filter-class>com.acme.TestFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>remote</param-name>
|
||||
<param-value>false</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<!-- Add or override servlet init parameter -->
|
||||
<servlet>
|
||||
<servlet-name>Dump</servlet-name>
|
||||
|
|
|
@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletRequestWrapper;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
/** TestFilter.
|
||||
*
|
||||
|
@ -50,10 +52,11 @@ public class TestFilter implements Filter
|
|||
public void init(FilterConfig filterConfig) throws ServletException
|
||||
{
|
||||
_context= filterConfig.getServletContext();
|
||||
_remote=Boolean.parseBoolean(_context.getInitParameter("remote"));
|
||||
_remote=Boolean.parseBoolean(filterConfig.getInitParameter("remote"));
|
||||
_allowed.add("/favicon.ico");
|
||||
_allowed.add("/jetty_banner.gif");
|
||||
_allowed.add("/remote.html");
|
||||
|
||||
Log.debug("TestFilter#remote="+_remote);
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
@ -65,12 +68,16 @@ public class TestFilter implements Filter
|
|||
{
|
||||
String from = request.getRemoteHost();
|
||||
String to = request.getServerName();
|
||||
String path=((HttpServletRequest)request).getServletPath();
|
||||
|
||||
if ((!_remote&&!from.equals("localhost")&&!from.startsWith("127.0.0.")||
|
||||
!to.equals("localhost")&&!to.startsWith("127.0.0.")) &&
|
||||
!_allowed.contains(((HttpServletRequest)request).getServletPath()))
|
||||
if (!_remote && !_allowed.contains(path) && (
|
||||
!from.equals("localhost") && !from.startsWith("127.") ||
|
||||
!to.equals("localhost")&&!to.startsWith("127.0.0.")))
|
||||
{
|
||||
((HttpServletResponse)response).sendRedirect("/remote.html");
|
||||
if ("/".equals(path))
|
||||
_context.getRequestDispatcher("/remote.html").forward(request,response);
|
||||
else
|
||||
((HttpServletResponse)response).sendRedirect("/remote.html");
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
@ -19,13 +19,14 @@ This is a test context that serves several demo filters and servlets. However,
|
|||
test servlets are not safe for deployment on the internet as (by design) they contain
|
||||
cross domain scripting vulnerabilities and reveal private information. This page
|
||||
is displayed because you have access the context from a non local IP address.
|
||||
You can disable the remote address checking by editing the web.xml and changing the
|
||||
"remote" init parameter to true for the TestFilter. Once the webapp has been reconfigured,
|
||||
you can access the demonstrations <a href="index.html">here</a>, or <a href="http://127.0.0.1:8080/">here</a>
|
||||
if you can access the local machine.
|
||||
</p>
|
||||
<p>
|
||||
You can disable the remote address checking by editing contexts/test.d/override-web.xml and changing the
|
||||
"remote" init parameter to true for the TestFilter.
|
||||
</p>
|
||||
<p>
|
||||
This webapp is deployed in $JETTY_HOME/webapp/test and configured by $JETTY_HOME/contexts/test.xml
|
||||
and $JETTY_HOME/contexts/test.d/override-web.xml
|
||||
</p>
|
||||
|
||||
</BODY>
|
||||
|
|
|
@ -37,7 +37,7 @@ public class TestServer
|
|||
{
|
||||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
Log.getLog().setDebugEnabled(false);
|
||||
Log.getLog().setDebugEnabled(true);
|
||||
((StdErrLog)Log.getLog()).setSource(false);
|
||||
|
||||
String jetty_root = "..";
|
||||
|
|
Loading…
Reference in New Issue