001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.util;
018    
019    import java.io.IOException;
020    
021    import javax.servlet.Filter;
022    import javax.servlet.FilterChain;
023    import javax.servlet.FilterConfig;
024    import javax.servlet.ServletException;
025    import javax.servlet.ServletRequest;
026    import javax.servlet.ServletResponse;
027    import javax.servlet.http.HttpServletRequest;
028    import javax.servlet.http.HttpServletRequestWrapper;
029    
030    import org.mortbay.log.Log;
031    
032    public class FilenameGuardFilter implements Filter {
033    
034        public void destroy() {
035            // nothing to destroy
036        }
037    
038        public void init(FilterConfig config) throws ServletException {
039            // nothing to init
040        }
041    
042        public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
043            if (request instanceof HttpServletRequest) {
044                HttpServletRequest httpRequest = (HttpServletRequest)request;
045                GuardedHttpServletRequest guardedRequest = new GuardedHttpServletRequest(httpRequest);
046                chain.doFilter(guardedRequest, response);
047            } else {
048                chain.doFilter(request, response);
049            }
050        }
051    
052        private static class GuardedHttpServletRequest extends HttpServletRequestWrapper {
053    
054            public GuardedHttpServletRequest(HttpServletRequest httpRequest) {
055                super(httpRequest);
056            }
057    
058            private String guard(String filename) {
059                String guarded = filename.replace(":", "_");
060                if (Log.isDebugEnabled()) {
061                    Log.debug("guarded " + filename + " to " + guarded);
062                }
063                return guarded;
064            }
065    
066            @Override
067            public String getParameter(String name) {
068                if (name.equals("Destination")) {
069                    return guard(super.getParameter(name));
070                } else {
071                    return super.getParameter(name);
072                }
073            }
074    
075            @Override
076            public String getPathInfo() {
077                return guard(super.getPathInfo());
078            }
079    
080            @Override
081            public String getPathTranslated() {
082                return guard(super.getPathTranslated());
083            }
084    
085            @Override
086            public String getRequestURI() {
087                return guard(super.getRequestURI());
088            }
089        }
090    }