From dfde473ef88f8be7873385b1ff3357c1f79afe73 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Thu, 26 Mar 2015 10:04:08 +0100
Subject: added Whitelist for external configuration overwrites

---
 .../gv/egiz/pdfas/web/config/WebConfiguration.java | 43 +++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

(limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java')

diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
index 5860b740..ca4f2c50 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
@@ -50,6 +50,8 @@ public class WebConfiguration implements IConfigurationConstants {
 	public static final String STATISTIC_BACKEND_LIST = "statistic.backends";
 	public static final String ALLOW_EXT_OVERWRITE = "allow.ext.overwrite";
 	
+	public static final String ALLOW_EXT_WHITELIST_VALUE_PRE = "ext.overwrite.wl.";
+	
 	public static final String MOA_SS_ENABLED = "moa.enabled";
 	public static final String SOAP_SIGN_ENABLED = "soap.sign.enabled";
 	public static final String SOAP_VERIFY_ENABLED = "soap.verify.enabled";
@@ -94,11 +96,13 @@ public class WebConfiguration implements IConfigurationConstants {
 			.getLogger(WebConfiguration.class);
 
 	private static List<String> whiteListregEx = new ArrayList<String>();
-
+	private static List<String> overwritewhiteListregEx = new ArrayList<String>();
+	
 	public static void configure(String config) {
 
 		properties.clear();
 		whiteListregEx.clear();
+		overwritewhiteListregEx.clear();
 
 		try {
 			properties.load(new FileInputStream(config));
@@ -123,6 +127,23 @@ public class WebConfiguration implements IConfigurationConstants {
 				}
 			}
 		}
+		
+		if (isAllowExtOverwrite()) {
+			Iterator<Object> keyIt = properties.keySet().iterator();
+			while (keyIt.hasNext()) {
+				Object keyObj = keyIt.next();
+				if (keyObj != null) {
+					String key = keyObj.toString();
+					if (key.startsWith(ALLOW_EXT_WHITELIST_VALUE_PRE)) {
+						String whitelist_expr = properties.getProperty(key);
+						if (whitelist_expr != null) {
+							overwritewhiteListregEx.add(whitelist_expr);
+							logger.debug("Overwrite Whitelist: " + whitelist_expr);
+						}
+					}
+				}
+			}
+		}
 
 		Iterator<Object> keyIt = properties.keySet().iterator();
 		while (keyIt.hasNext()) {
@@ -249,6 +270,26 @@ public class WebConfiguration implements IConfigurationConstants {
 		return false;
 	}
 	
+	public static synchronized boolean isOverwriteAllowed(String key) {
+		if (isAllowExtOverwrite()) {
+
+			Iterator<String> patterns = whiteListregEx.iterator();
+			while (patterns.hasNext()) {
+				String pattern = patterns.next();
+				try {
+					if (key.matches(pattern)) {
+						return true;
+					}
+				} catch (Throwable e) {
+					logger.warn("Error in matching regex: " + pattern, e);
+				}
+			}
+
+			return false;
+		}
+		return false;
+	}
+	
 	public static boolean isMoaEnabled(String keyIdentifier) {
 		String value = properties.getProperty(MOA_LIST + "." + keyIdentifier + ".enabled");
 		if (value != null) {
-- 
cgit v1.2.3