From aaac4de09445060b306867bd261b67ab54acf00e Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Mon, 5 Jul 2010 11:54:47 +0000 Subject: [PATCH] cleaned up remote filter git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2070 7e9141cc-0065-0410-87d8-b60c137991c4 --- .../handler/AbstractHandlerContainer.java | 2 ++ .../eclipse/jetty/servlet/FilterHolder.java | 12 +++++------- .../org/eclipse/jetty/servlet/Holder.java | 13 +++++++------ .../eclipse/jetty/servlet/ServletHandler.java | 5 +++++ .../config/contexts/test.d/override-web.xml | 10 ++++++++++ .../src/main/java/com/acme/TestFilter.java | 19 +++++++++++++------ test-jetty-webapp/src/main/webapp/remote.html | 9 +++++---- .../java/org/eclipse/jetty/TestServer.java | 2 +- 8 files changed, 48 insertions(+), 24 deletions(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AbstractHandlerContainer.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AbstractHandlerContainer.java index fbaa3513d22..91a65a19b17 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AbstractHandlerContainer.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/AbstractHandlerContainer.java @@ -94,6 +94,8 @@ public abstract class AbstractHandlerContainer extends AbstractHandler implement int last=handlers.length-1; for (int h=0;h<=last;h++) { + if (handlers[h]==null) + continue; b.append(indent); b.append(" +-"); if (handlers[h] instanceof AbstractHandler) diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/FilterHolder.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/FilterHolder.java index 8f5f1defd01..b52c698c623 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/FilterHolder.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/FilterHolder.java @@ -52,6 +52,7 @@ public class FilterHolder extends Holder } /* ------------------------------------------------------------ */ + @Override public void doStart() throws Exception { @@ -68,13 +69,13 @@ public class FilterHolder extends Holder if (_filter==null) _filter=(Filter)newInstance(); - _filter = getServletHandler().customizeFilter(_filter); - + _filter = getServletHandler().customizeFilter(_filter); _config=new Config(); _filter.init(_config); } /* ------------------------------------------------------------ */ + @Override public void doStop() throws Exception { @@ -97,6 +98,7 @@ public class FilterHolder extends Holder } /* ------------------------------------------------------------ */ + @Override public void destroyInstance (Object o) throws Exception { @@ -124,6 +126,7 @@ public class FilterHolder extends Holder } /* ------------------------------------------------------------ */ + @Override public String toString() { return getName(); @@ -141,8 +144,3 @@ public class FilterHolder extends Holder } } } - - - - - diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/Holder.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/Holder.java index cc46e5a9537..8a9172725a8 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/Holder.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/Holder.java @@ -33,10 +33,10 @@ import org.eclipse.jetty.util.log.Log; */ public class Holder extends AbstractLifeCycle { + protected final Map _initParams=new HashMap(3); protected transient Class _class; protected String _className; protected String _displayName; - protected Map _initParams; protected boolean _extInstance; protected boolean _asyncSupported=true; @@ -45,7 +45,9 @@ public class Holder extends AbstractLifeCycle protected ServletHandler _servletHandler; protected Holder() - {} + { + + } /* ---------------------------------------------------------------- */ protected Holder(Class held) @@ -190,15 +192,14 @@ public class Holder extends AbstractLifeCycle /* ------------------------------------------------------------ */ public void setInitParameter(String param,String value) { - if (_initParams==null) - _initParams=new HashMap(3); _initParams.put(param,value); } /* ---------------------------------------------------------------- */ - public void setInitParameters(Map map) + public void setInitParameters(Map map) { - _initParams=map; + _initParams.clear(); + _initParams.putAll(map); } /* ------------------------------------------------------------ */ diff --git a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java index 3df73799071..a38afdde443 100644 --- a/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java +++ b/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletHandler.java @@ -1388,6 +1388,7 @@ public class ServletHandler extends ScopedHandler b.append(indent); b.append(" +-"); b.append(f); + b.append(f.getFilterHolder().getInitParameters()); b.append('\n'); } } @@ -1400,6 +1401,9 @@ public class ServletHandler extends ScopedHandler b.append(indent); b.append(" +-"); b.append(m); + ServletHolder h = getServlet(m.getServletName()); + if (h!=null) + b.append(h.getInitParameters()); b.append('\n'); } } @@ -1413,6 +1417,7 @@ public class ServletHandler extends ScopedHandler b.append(indent); b.append(" +-[]==>"); b.append(h.getName()); + b.append(h.getInitParameters()); b.append('\n'); } } diff --git a/test-jetty-webapp/src/main/config/contexts/test.d/override-web.xml b/test-jetty-webapp/src/main/config/contexts/test.d/override-web.xml index 432ba813440..9e42d6d5ef9 100644 --- a/test-jetty-webapp/src/main/config/contexts/test.d/override-web.xml +++ b/test-jetty-webapp/src/main/config/contexts/test.d/override-web.xml @@ -15,6 +15,16 @@ a context value + + + TestFilter + com.acme.TestFilter + + remote + false + + + Dump diff --git a/test-jetty-webapp/src/main/java/com/acme/TestFilter.java b/test-jetty-webapp/src/main/java/com/acme/TestFilter.java index db506a04380..0d43e8158e3 100644 --- a/test-jetty-webapp/src/main/java/com/acme/TestFilter.java +++ b/test-jetty-webapp/src/main/java/com/acme/TestFilter.java @@ -29,6 +29,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; +import org.eclipse.jetty.util.log.Log; + /* ------------------------------------------------------------ */ /** TestFilter. * @@ -50,10 +52,11 @@ public class TestFilter implements Filter public void init(FilterConfig filterConfig) throws ServletException { _context= filterConfig.getServletContext(); - _remote=Boolean.parseBoolean(_context.getInitParameter("remote")); + _remote=Boolean.parseBoolean(filterConfig.getInitParameter("remote")); _allowed.add("/favicon.ico"); _allowed.add("/jetty_banner.gif"); - _allowed.add("/remote.html"); + + Log.debug("TestFilter#remote="+_remote); } /* ------------------------------------------------------------ */ @@ -65,12 +68,16 @@ public class TestFilter implements Filter { String from = request.getRemoteHost(); String to = request.getServerName(); + String path=((HttpServletRequest)request).getServletPath(); - if ((!_remote&&!from.equals("localhost")&&!from.startsWith("127.0.0.")|| - !to.equals("localhost")&&!to.startsWith("127.0.0.")) && - !_allowed.contains(((HttpServletRequest)request).getServletPath())) + if (!_remote && !_allowed.contains(path) && ( + !from.equals("localhost") && !from.startsWith("127.") || + !to.equals("localhost")&&!to.startsWith("127.0.0."))) { - ((HttpServletResponse)response).sendRedirect("/remote.html"); + if ("/".equals(path)) + _context.getRequestDispatcher("/remote.html").forward(request,response); + else + ((HttpServletResponse)response).sendRedirect("/remote.html"); return; } diff --git a/test-jetty-webapp/src/main/webapp/remote.html b/test-jetty-webapp/src/main/webapp/remote.html index 51a90b4f312..f979afc3692 100644 --- a/test-jetty-webapp/src/main/webapp/remote.html +++ b/test-jetty-webapp/src/main/webapp/remote.html @@ -19,13 +19,14 @@ This is a test context that serves several demo filters and servlets. However, test servlets are not safe for deployment on the internet as (by design) they contain cross domain scripting vulnerabilities and reveal private information. This page is displayed because you have access the context from a non local IP address. -You can disable the remote address checking by editing the web.xml and changing the -"remote" init parameter to true for the TestFilter. Once the webapp has been reconfigured, -you can access the demonstrations here, or here -if you can access the local machine. +

+

+You can disable the remote address checking by editing contexts/test.d/override-web.xml and changing the +"remote" init parameter to true for the TestFilter.

This webapp is deployed in $JETTY_HOME/webapp/test and configured by $JETTY_HOME/contexts/test.xml +and $JETTY_HOME/contexts/test.d/override-web.xml

diff --git a/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java b/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java index b86394b90a5..952752173b9 100644 --- a/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java +++ b/test-jetty-webapp/src/test/java/org/eclipse/jetty/TestServer.java @@ -37,7 +37,7 @@ public class TestServer { public static void main(String[] args) throws Exception { - Log.getLog().setDebugEnabled(false); + Log.getLog().setDebugEnabled(true); ((StdErrLog)Log.getLog()).setSource(false); String jetty_root = "..";