001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.activemq.util; 018 019 import java.io.IOException; 020 021 import javax.servlet.Filter; 022 import javax.servlet.FilterChain; 023 import javax.servlet.FilterConfig; 024 import javax.servlet.ServletException; 025 import javax.servlet.ServletRequest; 026 import javax.servlet.ServletResponse; 027 import javax.servlet.http.HttpServletRequest; 028 import javax.servlet.http.HttpServletRequestWrapper; 029 030 import org.mortbay.log.Log; 031 032 public class FilenameGuardFilter implements Filter { 033 034 public void destroy() { 035 // nothing to destroy 036 } 037 038 public void init(FilterConfig config) throws ServletException { 039 // nothing to init 040 } 041 042 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 043 if (request instanceof HttpServletRequest) { 044 HttpServletRequest httpRequest = (HttpServletRequest)request; 045 GuardedHttpServletRequest guardedRequest = new GuardedHttpServletRequest(httpRequest); 046 chain.doFilter(guardedRequest, response); 047 } else { 048 chain.doFilter(request, response); 049 } 050 } 051 052 private static class GuardedHttpServletRequest extends HttpServletRequestWrapper { 053 054 public GuardedHttpServletRequest(HttpServletRequest httpRequest) { 055 super(httpRequest); 056 } 057 058 private String guard(String filename) { 059 String guarded = filename.replace(":", "_"); 060 if (Log.isDebugEnabled()) { 061 Log.debug("guarded " + filename + " to " + guarded); 062 } 063 return guarded; 064 } 065 066 @Override 067 public String getParameter(String name) { 068 if (name.equals("Destination")) { 069 return guard(super.getParameter(name)); 070 } else { 071 return super.getParameter(name); 072 } 073 } 074 075 @Override 076 public String getPathInfo() { 077 return guard(super.getPathInfo()); 078 } 079 080 @Override 081 public String getPathTranslated() { 082 return guard(super.getPathTranslated()); 083 } 084 085 @Override 086 public String getRequestURI() { 087 return guard(super.getRequestURI()); 088 } 089 } 090 }