• Home
• com.google.gwt
• gwt-servlet
• 2.5.1
• source code
• Util.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.google.gwt.user.server.Util Maven / Gradle / Ivy

/*
 * Copyright 2011 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.google.gwt.user.server;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

/**
 * A bunch of useful methods.
 */
public class Util {

  /**
   * Find an instance of the specified annotation, walking up the inheritance
   * tree if necessary. Copied from {@link
   * com.google.gwt.i18n.rebind.AnnotationUtil}.
   *
   * 
The super chain is walked first, so if an ancestor superclass has the
   * requested annotation, it will be preferred over a directly implemented
   * interface.
   *
   * @param  Annotation type to search for
   * @param clazz root class to search, may be null
   * @param annotationClass class object of Annotation subclass to search for
   * @return the requested annotation or null if none
   */
  public static  T getClassAnnotation(Class clazz,
      Class annotationClass) {
    if (clazz == null) {
      return null;
    }
    T annot = clazz.getAnnotation(annotationClass);
    if (annot == null) {
      annot = getClassAnnotation(clazz.getSuperclass(), annotationClass);
      if (annot != null) {
        return annot;
      }
      for (Class intf : clazz.getInterfaces()) {
        annot = getClassAnnotation(intf, annotationClass);
        if (annot != null) {
          return annot;
        }
      }
    }
    return annot;
  }

  /**
   * Retrieves named cookie from supplied request. If {@code allowDuplicates} is
   * set to {@code true}, method will throw {@link IllegalStateException} if
   * duplicate cookies are found, which can be a sign of a cookie overwrite
   * attack.
   *
   * @param request HTTP request to retrieve cookie from.
   * @param cookieName Cookie name.
   * @param allowDuplicates if {@code true} duplicate cookies are allowed,
   *        otherwise {@link IllegalStateException} is thrown if duplicate
   *        cookies are detected.
   * @return {@link Cookie} if specified cookie is present, {@code null}
   *         otherwise.
   * @throws IllegalArgumentException if duplicate cookies are detected.
   */
  public static Cookie getCookie(HttpServletRequest request,
      String cookieName, boolean allowDuplicates) {
    Cookie cookieToReturn = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
      for (Cookie cookie : cookies) {
        if (cookieName.equals(cookie.getName())) {
          // ensure that it's the only one cookie, since duplicate cookies
          // can be a sign of a cookie overriding attempt.
          if (cookieToReturn == null) {
            if (allowDuplicates) {
              // do not attempt to detect duplicate cookies
              return cookie;
            } else {
              cookieToReturn = cookie;
            }
          } else {
            throw new IllegalArgumentException("Duplicate cookie! " +
                "Cookie override attack?");
          }
        }
      }
    }
    return cookieToReturn;
  }

  /**
   * Checks if specified method is XSRF protected based on the following logic:
   *
   * 

   *  
Method level annotations override class level annotations.
   *  
If method is annotated with {@code xsrfAnnotation} this
   *      method returns {@code true}
   *  
If method is annotated with {@code noXsrfAnnotation}, this method
   *      returns {@code false}.
   *  
If class is annotated with {@code xsrfAnnotation} and method is not
   *      annotated, this method returns {@code true}.
   *  
If class is annotated with {@code noXsrfAnnotation} and method is not
   *      annotated, this method returns {@code false}.
   *  
If no annotations are present and class has a method with return value
   *      assignable from {@code xsrfTokenInterface}, this method returns
   *      {@code true}.
   *  
If no annotations are present this method returns {@code false}.
   * 
   *
   * @see com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet
   */
  public static boolean isMethodXsrfProtected(Method method,
      Class xsrfAnnotation,
      Class noXsrfAnnotation,
      Class xsrfTokenInterface) {
    Class declaringClass = method.getDeclaringClass();

    if (method.getAnnotation(noXsrfAnnotation) != null ||
          (Util.getClassAnnotation(
              declaringClass, noXsrfAnnotation) != null &&
          method.getAnnotation(xsrfAnnotation) == null)) {
      // XSRF protection is disabled
      return false;
    }

    if (Util.getClassAnnotation(declaringClass, xsrfAnnotation) != null ||
          method.getAnnotation(xsrfAnnotation) != null) {
      return true;
    }

    // if no explicit annotation is given no XSRF token verification is done,
    // unless there's a method returning RpcToken in which case XSRF token
    // verification is performed for all methods
    Method[] classMethods = declaringClass.getMethods();
    for (Method classMethod : classMethods) {
      if (xsrfTokenInterface.isAssignableFrom(classMethod.getReturnType()) &&
          !method.equals(classMethod)) {
        return true;
      }
    }
    return false;
  }

  private Util() {
  }
}