SecureTag xref

View Javadoc

1   package com.panogenesis.webapp.taglib;
2   
3   import java.util.HashMap;
4   import java.util.Map;
5   
6   import javax.servlet.http.HttpServletRequest;
7   import javax.servlet.http.HttpServletResponse;
8   import javax.servlet.jsp.JspException;
9   import javax.servlet.jsp.tagext.BodyTagSupport;
10  
11  import org.apache.commons.logging.Log;
12  import org.apache.commons.logging.LogFactory;
13  import com.panogenesis.Constants;
14  import com.panogenesis.webapp.util.SslUtil;
15  
16  
17  /***
18   * This tag library is designed to be used on a JSP
19   * to switch HTTP -> HTTPS protocols and vise versa.
20   *
21   * If you want to force the page to be viewed in SSL,
22   * then you would do something like this:<br /><br />
23   * <pre>
24   * &lt;tag:secure /&gt;
25   * or
26   * &lt;tag:secure mode="secured" /&gt;
27   * </pre>
28   * If you want the force the page to be viewed in
29   * over standard http, then you would do something like:<br />
30   * <pre>
31   * &lt;tag:secure mode="unsecured" /&gt;
32   * </pre>
33   * @jsp.tag name="secure"
34   *          bodycontent="empty"
35   *
36   * @author <a href="mailto:jon.lipsky@xesoft.com">Jon Lipsky</a>
37   *
38   * Contributed by:
39   *
40   * XEsoft GmbH
41   * Oskar-Messter-Strasse 18
42   * 85737 Ismaning, Germany
43   * http://www.xesoft.com
44   */
45  public class SecureTag extends BodyTagSupport {
46      //~ Static fields/initializers =============================================
47  
48      public static final String MODE_SECURED = "secured";
49      public static final String MODE_UNSECURED = "unsecured";
50      public static final String MODE_EITHER = "either";
51  
52      //~ Instance fields ========================================================
53  
54      private final Log log = LogFactory.getLog(SecureTag.class);
55      protected String TAG_NAME = "Secure";
56      private String mode = MODE_SECURED;
57      private String httpPort = null;
58      private String httpsPort = null;
59  
60      //~ Methods ================================================================
61  
62      /***
63       * Sets the mode attribute. This is included in the tld file.
64       *
65       * @jsp.attribute
66       *     description="The mode attribute (secure | unsecured)"
67       *     required="false"
68       *     rtexprvalue="true"
69       */
70      public void setMode(String aMode) {
71          mode = aMode;
72      }
73  
74      public int doStartTag() throws JspException {
75          // get the port numbers from the application context
76          Map config =
77              (HashMap) pageContext.getServletContext().getAttribute(Constants.CONFIG);
78  
79          httpPort = (String) config.get(Constants.HTTP_PORT);
80  
81          if (httpPort == null) {
82              httpPort = SslUtil.STD_HTTP_PORT;
83          }
84  
85          httpsPort = (String) config.get(Constants.HTTPS_PORT);
86  
87          if (httpsPort == null) {
88              httpsPort = SslUtil.STD_HTTPS_PORT;
89          }
90  
91          return SKIP_BODY;
92      }
93  
94      public int doAfterBody() throws JspException {
95          return SKIP_BODY;
96      }
97  
98      public int doEndTag() throws JspException {
99          if (mode.equalsIgnoreCase(MODE_SECURED)) {
100             if (pageContext.getRequest().isSecure() == false) {
101                 String vQueryString =
102                     ((HttpServletRequest) pageContext.getRequest()).getQueryString();
103                 String vPageUrl =
104                     ((HttpServletRequest) pageContext.getRequest()).getRequestURI();
105                 String vServer = pageContext.getRequest().getServerName();
106 
107                 StringBuffer vRedirect = new StringBuffer("");
108                 vRedirect.append("https://");
109                 vRedirect.append(vServer + ":" + httpsPort + vPageUrl);
110 
111                 if (vQueryString != null) {
112                     vRedirect.append("?");
113                     vRedirect.append(vQueryString);
114                 }
115 
116                 if (log.isDebugEnabled()) {
117                     log.debug("attempting to redirect to: " + vRedirect);
118                 }
119 
120                 try {
121                     ((HttpServletResponse) pageContext.getResponse()).sendRedirect(vRedirect.toString());
122 
123                     return SKIP_PAGE;
124                 } catch (Exception exc2) {
125                     throw new JspException(exc2.getMessage());
126                 }
127             }
128         } else if (mode.equalsIgnoreCase(MODE_UNSECURED)) {
129             if (pageContext.getRequest().isSecure() == true) {
130                 String vQueryString =
131                     ((HttpServletRequest) pageContext.getRequest()).getQueryString();
132                 String vPageUrl =
133                     ((HttpServletRequest) pageContext.getRequest()).getRequestURI();
134                 String vServer = pageContext.getRequest().getServerName();
135 
136                 StringBuffer vRedirect = new StringBuffer("");
137                 vRedirect.append("http://");
138                 vRedirect.append(vServer + vPageUrl);
139 
140                 if (vQueryString != null) {
141                     vRedirect.append("?");
142                     vRedirect.append(vQueryString);
143                 }
144 
145                 try {
146                     ((HttpServletResponse) pageContext.getResponse()).sendRedirect(vRedirect.toString());
147 
148                     return SKIP_PAGE;
149                 } catch (Exception exc2) {
150                     throw new JspException(exc2.getMessage());
151                 }
152             }
153         } else if (mode.equalsIgnoreCase(MODE_EITHER)) {
154             return EVAL_PAGE;
155         } else {
156             throw new JspException("Illegal value for the attribute mode: " +
157                                    mode);
158         }
159 
160         return EVAL_PAGE;
161     }
162 }