From 7700a426db02fe0e44d8ff1e19595f45dc337806 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Apr 2014 18:56:00 +0200 Subject: solve problems with Struts 2.3.16.1 --- id/ConfigWebTool/src/main/resources/struts.xml | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index 9a098da5a..1c5dc83d3 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -6,10 +6,22 @@ + - + + + + + + + ^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^method:.* + + + + /index.jsp @@ -69,7 +81,16 @@ - + + + + + ^class\..*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^method:.* + + + + -- cgit v1.2.3 From f94e5ae88e1481008f6a2b5d15384e8d8be2e9e5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 2 Apr 2014 07:37:28 +0200 Subject: Disallow CrossNamespace actions --- id/ConfigWebTool/src/main/resources/struts.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index 1c5dc83d3..55490788d 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -6,7 +6,8 @@ - + + -- cgit v1.2.3 From 657bd247f385b480ab4550c4c1216c3c95157c4d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 2 Apr 2014 09:32:26 +0200 Subject: add EncodingFilter from commons-iaik.jar to ConfigWebTool remove lib commons-iaik.jar --- .../id/configuration/filter/EncodingFilter.java | 123 +++++++++++++++++++++ id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml | 2 +- 2 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java new file mode 100644 index 000000000..71f9536ae --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.id.configuration.filter; + +import java.io.IOException; +import java.nio.charset.Charset; + +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang.builder.ToStringBuilder; +import org.apache.log4j.Logger; + +/** + * @author Thomas Knall + */ +public class EncodingFilter implements javax.servlet.Filter { + + private static final String SERVLET_INIT_PARAM_ENCODING = "encoding"; + + private static final String SERVLET_INIT_PARAM_SET_REQUEST_ENCODING = "setRequestEncoding"; + private static final String SERVLET_INIT_PARAM_FORCE_REQUEST_ENCODING = "forceRequestEncoding"; + + private static final String SERVLET_INIT_PARAM_SET_RESPONSE_ENCODING = "setResponseEncoding"; + private static final String SERVLET_INIT_PARAM_FORCE_RESPONSE_ENCODING = "forceResponseEncoding"; + + private static final boolean DEFAULT_SET_REQUEST_ENCODING_VALUE = true; + private static final boolean DEFAULT_FORCE_REQUEST_ENCODING_VALUE = true; + private static final boolean DEFAULT_SET_RESPONSE_ENCODING_VALUE = false; + private static final boolean DEFAULT_FORCE_RESPONSE_ENCODING_VALUE = false; + + private Logger log = Logger.getLogger(getClass().getName()); + + private String encoding = null; + + private boolean setRequestEncoding; + private boolean forceRequestEncoding; + + private boolean setResponseEncoding; + private boolean forceResponseEncoding; + + private boolean enabled = false; + + private boolean parseBooleanInitParameter(final FilterConfig filterConfig, String parameterName, boolean defaultValue) { + String paramValue = filterConfig.getInitParameter(parameterName); + if (paramValue == null) { + return defaultValue; + } + paramValue = paramValue.trim(); + if (paramValue.equalsIgnoreCase("true")) { + return true; + } else if (paramValue.equalsIgnoreCase("false")){ + return false; + } else { + log.warn("Unknown value \"" + paramValue + "\" for init parameter \"" + parameterName + "\" detected. Should be \"true\" or \"false\". Using default value \"" + defaultValue + "\"."); + return defaultValue; + } + } + + public void init(final FilterConfig filterConfig) throws ServletException { + log.debug("Initializing encoding filter (" + getClass().getName() + ")."); + + // mandatory parameter encoding + String desiredEncoding = filterConfig.getInitParameter(SERVLET_INIT_PARAM_ENCODING); + if (StringUtils.isEmpty(desiredEncoding)) { + log.warn("Unable to initialize encoding filter (" + getClass().getName() + "). Init parameter \"" + SERVLET_INIT_PARAM_ENCODING + "\" empty or not supplied."); + } else if (!Charset.isSupported(desiredEncoding)) { + log.warn("Unable to initialize encoding filter (" + getClass().getName() + "). Encoding \"" + desiredEncoding + "\" is not supported."); + } else { + this.encoding = desiredEncoding; + this.enabled = true; + this.setRequestEncoding = this.parseBooleanInitParameter(filterConfig, SERVLET_INIT_PARAM_SET_REQUEST_ENCODING, DEFAULT_SET_REQUEST_ENCODING_VALUE); + this.forceRequestEncoding = this.parseBooleanInitParameter(filterConfig, SERVLET_INIT_PARAM_FORCE_REQUEST_ENCODING, DEFAULT_FORCE_REQUEST_ENCODING_VALUE); + this.setResponseEncoding = this.parseBooleanInitParameter(filterConfig, SERVLET_INIT_PARAM_SET_RESPONSE_ENCODING, DEFAULT_SET_RESPONSE_ENCODING_VALUE); + this.forceResponseEncoding = this.parseBooleanInitParameter(filterConfig, SERVLET_INIT_PARAM_FORCE_RESPONSE_ENCODING, DEFAULT_FORCE_RESPONSE_ENCODING_VALUE); + log.debug("Encoding filter \"" + getClass().getName() + "\" configured: " + this.toString(true)); + + } + } + + public String toString(boolean verbose) { + if (verbose) { + return new ToStringBuilder(this) + .append(SERVLET_INIT_PARAM_ENCODING, this.encoding) + .append(SERVLET_INIT_PARAM_SET_REQUEST_ENCODING, this.setRequestEncoding) + .append(SERVLET_INIT_PARAM_FORCE_REQUEST_ENCODING, this.forceRequestEncoding) + .append(SERVLET_INIT_PARAM_SET_RESPONSE_ENCODING, this.setResponseEncoding) + .append(SERVLET_INIT_PARAM_FORCE_RESPONSE_ENCODING, this.forceResponseEncoding) + .toString(); + } else { + return super.toString(); + } + } + + public void doFilter(ServletRequest request, ServletResponse response, final FilterChain filterChain) throws IOException, ServletException { + if (this.enabled) { + if (this.setRequestEncoding) { + if (this.forceRequestEncoding) { + log.trace("Forcing request encoding \"" + this.encoding + "\"."); + request.setCharacterEncoding(this.encoding); + } else if (request.getCharacterEncoding() == null) { + log.trace("Request character encoding not set. Setting to \"" + this.encoding + "\"."); + request.setCharacterEncoding(this.encoding); + } + } + if (this.setResponseEncoding) { + if (this.forceResponseEncoding) { + log.trace("Forcing response encoding \"" + this.encoding + "\"."); + response.setCharacterEncoding(this.encoding); + } else if (response.getCharacterEncoding() == null) { + log.trace("Response character encoding not set. Setting to \"" + this.encoding + "\"."); + response.setCharacterEncoding(this.encoding); + } + } + } + filterChain.doFilter(request, response); + } + + public void destroy() { + } +} diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml index a44cf8ce5..b55e97f23 100644 --- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml @@ -46,7 +46,7 @@ EncodingFilter - at.iaik.commons.webapp.filter.encoding.EncodingFilter + at.gv.egovernment.moa.id.configuration.filter.EncodingFilter encoding UTF-8 -- cgit v1.2.3