001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.util;
018    
019    import java.io.IOException;
020    
021    import javax.servlet.Filter;
022    import javax.servlet.FilterChain;
023    import javax.servlet.FilterConfig;
024    import javax.servlet.ServletException;
025    import javax.servlet.ServletRequest;
026    import javax.servlet.ServletResponse;
027    import javax.servlet.http.HttpServletRequest;
028    import javax.servlet.http.HttpServletRequestWrapper;
029    
030    import org.slf4j.Logger;
031    import org.slf4j.LoggerFactory;
032    
033    
034    public class FilenameGuardFilter implements Filter {
035    
036        private static final Logger LOG = LoggerFactory.getLogger(FilenameGuardFilter.class);
037        
038        public void destroy() {
039            // nothing to destroy
040        }
041    
042        public void init(FilterConfig config) throws ServletException {
043            // nothing to init
044        }
045    
046        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
047            if (request instanceof HttpServletRequest) {
048                HttpServletRequest httpRequest = (HttpServletRequest)request;
049                GuardedHttpServletRequest guardedRequest = new GuardedHttpServletRequest(httpRequest);
050                chain.doFilter(guardedRequest, response);
051            } else {
052                chain.doFilter(request, response);
053            }
054        }
055    
056        private static class GuardedHttpServletRequest extends HttpServletRequestWrapper {
057    
058            public GuardedHttpServletRequest(HttpServletRequest httpRequest) {
059                super(httpRequest);
060            }
061    
062            private String guard(String filename) {
063                String guarded = filename.replace(":", "_");
064                if (LOG.isDebugEnabled()) {
065                    LOG.debug("guarded " + filename + " to " + guarded);
066                }
067                return guarded;
068            }
069    
070            @Override
071            public String getParameter(String name) {
072                if (name.equals("Destination")) {
073                    return guard(super.getParameter(name));
074                } else {
075                    return super.getParameter(name);
076                }
077            }
078    
079            @Override
080            public String getPathInfo() {
081                return guard(super.getPathInfo());
082            }
083    
084            @Override
085            public String getPathTranslated() {
086                return guard(super.getPathTranslated());
087            }
088    
089            @Override
090            public String getRequestURI() {
091                return guard(super.getRequestURI());
092            }
093        }
094    }