All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.naming.resources.FileDirContext Maven / Gradle / Ivy

There is a newer version: 7.2024.1.Alpha1
Show newest version
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2016 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 *
 *
 * This file incorporates work covered by the following copyright and
 * permission notice:
 *
 * Copyright 2004 The Apache Software Foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
// Portions Copyright [2017-2023] [Payara Foundation and/or its affiliates]

package org.apache.naming.resources;

import java.text.MessageFormat;
import java.util.*;
import java.util.logging.Logger;
import java.util.logging.Level;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.FileOutputStream;
import java.io.IOException;

import javax.naming.Binding;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.NameNotFoundException;
import javax.naming.OperationNotSupportedException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.DirContext;
import javax.naming.directory.Attributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import org.apache.naming.LogFacade;
import org.apache.naming.NamingEntry;
import org.apache.naming.NamingContextBindingsEnumeration;
import org.apache.naming.NamingContextEnumeration;
import org.apache.naming.Util;

/**
 * Filesystem Directory Context implementation helper class.
 *
 * @author Remy Maucherat
 * @version $Revision: 1.7 $ $Date: 2007/05/05 05:33:00 $
 */

public class FileDirContext extends BaseDirContext {
    private static final Logger logger = LogFacade.getLogger();

    protected static final ResourceBundle rb = logger.getResourceBundle();


    // -------------------------------------------------------------- Constants


    /**
     * The descriptive information string for this implementation.
     */
    protected static final int BUFFER_SIZE = 2048;


    // ----------------------------------------------------------- Constructors


    /**
     * Builds a file directory context using the given environment.
     */
    public FileDirContext() {
        super();
    }


    /**
     * Builds a file directory context using the given environment.
     */
    public FileDirContext(Hashtable env) {
        super(env);
    }


    // ----------------------------------------------------- Instance Variables


    /**
     * The document base directory.
     */
    protected File base = null;

    // START S1AS8PE 4965170
    /**
     * File cache.
     */
    // map x --> File(x)
    protected Map docBaseFileCache =
            Collections.synchronizedMap(new WeakHashMap());

    // map x --> File(base, x)
    protected Map fileCache =
            Collections.synchronizedMap(new WeakHashMap());

    // map file.getPath() + '/' + x --> File(file, x)
    protected Map listFileCache =
            Collections.synchronizedMap(new WeakHashMap());
    // END S1AS8PE 4965170

    /**
     * Absolute normalized filename of the base.
     */
    protected String absoluteBase = null;

    private String canonicalBase = null;
    /**
     * Case sensitivity.
     */
    protected boolean caseSensitive = true;


    /**
     * Allow linking.
     */
    protected boolean allowLinking = false;


    // ------------------------------------------------------------- Properties


    /**
     * Set the document root.
     *
     * @param docBase The new document root
     *
     * @exception IllegalArgumentException if the specified value is not
     *  supported by this implementation
     * @exception IllegalArgumentException if this would create a
     *  malformed URL
     */
    public void setDocBase(String docBase) {

        // Validate the format of the proposed document root
        if (docBase == null)
            throw new IllegalArgumentException
                    (rb.getString(LogFacade.RESOURCES_NULL));

        // START S1AS8PE 4965170
        base = docBaseFileCache.get(docBase);
        if (base == null){
            // Calculate a File object referencing this document base directory
            base = new File(docBase);
            docBaseFileCache.put(docBase,base);
        }
        // END S1AS8PE 4965170


        try {
            base = base.getCanonicalFile();
        } catch (IOException e) {
            // Ignore
        }

        // Validate that the document base is an existing directory
        if (!base.exists() || !base.isDirectory() || !base.canRead()) {
            throw new IllegalArgumentException
                    (MessageFormat.format(rb.getString(LogFacade.FILE_RESOURCES_BASE), docBase));
        }

        this.absoluteBase = normalize(base.getAbsolutePath());

        try {
            this.canonicalBase = normalize(base.getCanonicalPath());
        } catch (IOException e) {
            throw new IllegalArgumentException(e);
        }
        super.setDocBase(docBase);
    }

    /**
     * Set case sensitivity.
     */
    public void setCaseSensitive(boolean caseSensitive) {
        this.caseSensitive = caseSensitive;
    }


    /**
     * Is case sensitive ?
     */
    public boolean isCaseSensitive() {
        return caseSensitive;
    }


    /**
     * Set allow linking.
     */
    public void setAllowLinking(boolean allowLinking) {
        this.allowLinking = allowLinking;
    }


    /**
     * Is linking allowed.
     */
    public boolean getAllowLinking() {
        return allowLinking;
    }


    // --------------------------------------------------------- Public Methods


    /**
     * Release any resources allocated for this directory context.
     */
    public void release() {

        caseSensitive = true;
        allowLinking = false;
        absoluteBase = null;
        base = null;
        super.release();

    }


    // -------------------------------------------------------- Context Methods


    /**
     * Retrieves the named object.
     *
     * @param name the name of the object to look up
     * @return the object bound to name
     * @exception NamingException if a naming exception is encountered
     */
    public Object lookup(String name)
            throws NamingException {
        Object result = null;
        File file = file(name, true);

        if (file == null)
            throw new NamingException
                    (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name));
        if (file.isDirectory()) {
            FileDirContext tempContext = new FileDirContext(env);
            tempContext.setDocBase(file.getPath());
            tempContext.setAllowLinking(getAllowLinking());
            tempContext.setCaseSensitive(isCaseSensitive());
            result = tempContext;
        } else {
            result = new FileResource(file);
        }

        return result;

    }


    /**
     * Unbinds the named object. Removes the terminal atomic name in name
     * from the target context--that named by all but the terminal atomic
     * part of name.
     * 

* This method is idempotent. It succeeds even if the terminal atomic * name is not bound in the target context, but throws * NameNotFoundException if any of the intermediate contexts do not exist. * * @param name the name to bind; may not be empty * @exception NameNotFoundException if an intermediate context does not * exist * @exception NamingException if a naming exception is encountered */ public void unbind(String name) throws NamingException { File file = file(name, true); if (file == null) throw new NameNotFoundException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name)); // START S1AS8PE 4965170 fileCache.remove(name); // END S1AS8PE 4965170 if (!file.delete()) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name)); } /** * Binds a new name to the object bound to an old name, and unbinds the * old name. Both names are relative to this context. Any attributes * associated with the old name become associated with the new name. * Intermediate contexts of the old name are not changed. * * @param oldName the name of the existing binding; may not be empty * @param newName the name of the new binding; may not be empty * @exception NameAlreadyBoundException if newName is already bound * @exception NamingException if a naming exception is encountered */ public void rename(String oldName, String newName) throws NamingException { File file = file(oldName, true); if (file == null) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), oldName)); // START S1AS8PE 4965170 File newFile = fileCache.get(newName); if (newFile == null) { newFile = new File(base, newName); } // END S1AS8PE 4965170 if (!file.renameTo(newFile)) { throw new NamingException( MessageFormat.format(rb.getString(LogFacade.RESOURCES_RENAME_FAIL), oldName, newName)); } } /** * Enumerates the names bound in the named context, along with the class * names of objects bound to them. The contents of any subcontexts are * not included. *

* If a binding is added to or removed from this context, its effect on * an enumeration previously returned is undefined. * * @param name the name of the context to list * @return an enumeration of the names and class names of the bindings in * this context. Each element of the enumeration is of type NameClassPair. * @exception NamingException if a naming exception is encountered */ public NamingEnumeration list(String name) throws NamingException { File file = file(name, true); if (file == null) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name)); return new NamingContextEnumeration(list(file).iterator()); } /** * Enumerates the names bound in the named context, along with the * objects bound to them. The contents of any subcontexts are not * included. *

* If a binding is added to or removed from this context, its effect on * an enumeration previously returned is undefined. * * @param name the name of the context to list * @return an enumeration of the bindings in this context. * Each element of the enumeration is of type Binding. * @exception NamingException if a naming exception is encountered */ public NamingEnumeration listBindings(String name) throws NamingException { File file = file(name, true); if (file == null) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name)); return new NamingContextBindingsEnumeration(list(file).iterator(), this); } /** * Destroys the named context and removes it from the namespace. Any * attributes associated with the name are also removed. Intermediate * contexts are not destroyed. *

* This method is idempotent. It succeeds even if the terminal atomic * name is not bound in the target context, but throws * NameNotFoundException if any of the intermediate contexts do not exist. * * In a federated naming system, a context from one naming system may be * bound to a name in another. One can subsequently look up and perform * operations on the foreign context using a composite name. However, an * attempt destroy the context using this composite name will fail with * NotContextException, because the foreign context is not a "subcontext" * of the context in which it is bound. Instead, use unbind() to remove * the binding of the foreign context. Destroying the foreign context * requires that the destroySubcontext() be performed on a context from * the foreign context's "native" naming system. * * @param name the name of the context to be destroyed; may not be empty * @exception NameNotFoundException if an intermediate context does not * exist * @exception javax.naming.NotContextException if the name is bound but does * not name a context, or does not name a context of the appropriate type */ public void destroySubcontext(String name) throws NamingException { unbind(name); } /** * Retrieves the named object, following links except for the terminal * atomic component of the name. If the object bound to name is not a * link, returns the object itself. * * @param name the name of the object to look up * @return the object bound to name, not following the terminal link * (if any). * @exception NamingException if a naming exception is encountered */ public Object lookupLink(String name) throws NamingException { // Note : Links are not supported return lookup(name); } /** * Retrieves the full name of this context within its own namespace. *

* Many naming services have a notion of a "full name" for objects in * their respective namespaces. For example, an LDAP entry has a * distinguished name, and a DNS record has a fully qualified name. This * method allows the client application to retrieve this name. The string * returned by this method is not a JNDI composite name and should not be * passed directly to context methods. In naming systems for which the * notion of full name does not make sense, * OperationNotSupportedException is thrown. * * @return this context's name in its own namespace; never null * @exception OperationNotSupportedException if the naming system does * not have the notion of a full name * @exception NamingException if a naming exception is encountered */ public String getNameInNamespace() throws NamingException { return docBase; } // ----------------------------------------------------- DirContext Methods /** * Retrieves selected attributes associated with a named object. * See the class description regarding attribute models, attribute type * names, and operational attributes. * * @return the requested attributes; never null * @param name the name of the object from which to retrieve attributes * @param attrIds the identifiers of the attributes to retrieve. null * indicates that all attributes should be retrieved; an empty array * indicates that none should be retrieved * @exception NamingException if a naming exception is encountered */ public Attributes getAttributes(String name, String[] attrIds) throws NamingException { // Building attribute list File file = file(name, true); if (file == null) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_NOT_FOUND), name)); return new FileResourceAttributes(file); } /** * Modifies the attributes associated with a named object. The order of * the modifications is not specified. Where possible, the modifications * are performed atomically. * * @param name the name of the object whose attributes will be updated * @param mod_op the modification operation, one of: ADD_ATTRIBUTE, * REPLACE_ATTRIBUTE, REMOVE_ATTRIBUTE * @param attrs the attributes to be used for the modification; may not * be null * @exception javax.naming.directory.AttributeModificationException if the * modification cannot be completed successfully * @exception NamingException if a naming exception is encountered */ public void modifyAttributes(String name, int mod_op, Attributes attrs) throws NamingException { } /** * Modifies the attributes associated with a named object using an an * ordered list of modifications. The modifications are performed in the * order specified. Each modification specifies a modification operation * code and an attribute on which to operate. Where possible, the * modifications are performed atomically. * * @param name the name of the object whose attributes will be updated * @param mods an ordered sequence of modifications to be performed; may * not be null * @exception javax.naming.directory.AttributeModificationException if the * modification cannot be completed successfully * @exception NamingException if a naming exception is encountered */ public void modifyAttributes(String name, ModificationItem[] mods) throws NamingException { } /** * Binds a name to an object, along with associated attributes. If attrs * is null, the resulting binding will have the attributes associated * with obj if obj is a DirContext, and no attributes otherwise. If attrs * is non-null, the resulting binding will have attrs as its attributes; * any attributes associated with obj are ignored. * * @param name the name to bind; may not be empty * @param obj the object to bind; possibly null * @param attrs the attributes to associate with the binding * @exception NameAlreadyBoundException if name is already bound * @exception javax.naming.directory.InvalidAttributesException if some * "mandatory" attributes of the binding are not supplied * @exception NamingException if a naming exception is encountered */ public void bind(String name, Object obj, Attributes attrs) throws NamingException { // Note: No custom attributes allowed // bind() is meant to create a file so ensure that the path doesn't end // in '/' if (name.endsWith("/")) { throw new NamingException(MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), name)); } File file = new File(base, name); if (file.exists()) throw new NameAlreadyBoundException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_ALREADY_BOUND), name)); rebind(file, obj, attrs); } /** * Binds a name to an object, along with associated attributes, * overwriting any existing binding. If attrs is null and obj is a * DirContext, the attributes from obj are used. If attrs is null and obj * is not a DirContext, any existing attributes associated with the object * already bound in the directory remain unchanged. If attrs is non-null, * any existing attributes associated with the object already bound in * the directory are removed and attrs is associated with the named * object. If obj is a DirContext and attrs is non-null, the attributes * of obj are ignored. * * @param name the name to bind; may not be empty * @param obj the object to bind; possibly null * @param attrs the attributes to associate with the binding * @exception javax.naming.directory.InvalidAttributesException if some * "mandatory" attributes of the binding are not supplied * @exception NamingException if a naming exception is encountered */ public void rebind(String name, Object obj, Attributes attrs) throws NamingException { // Note: No custom attributes allowed // Check obj type File file = new File(base, name); rebind(file,obj,attrs); } public void rebind(File file, Object obj, Attributes attrs) throws NamingException { InputStream is = null; String name = file.getName(); if (obj instanceof Resource) { try { is = ((Resource) obj).streamContent(); } catch (IOException e) { } } else if (obj instanceof InputStream) { is = (InputStream) obj; } else if (obj instanceof DirContext) { if (file.exists()) { if (!file.delete()) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), name)); } if (!file.mkdir()) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), name)); } if (is == null) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), name)); // Open os try { FileOutputStream os = null; byte buffer[] = new byte[BUFFER_SIZE]; int len = -1; try { os = new FileOutputStream(file); while (true) { len = is.read(buffer); if (len == -1) break; os.write(buffer, 0, len); } } finally { if (os != null) os.close(); is.close(); } } catch (IOException e) { throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), e)); } } /** * Creates and binds a new context, along with associated attributes. * This method creates a new subcontext with the given name, binds it in * the target context (that named by all but terminal atomic component of * the name), and associates the supplied attributes with the newly * created object. All intermediate and target contexts must already * exist. If attrs is null, this method is equivalent to * Context.createSubcontext(). * * @param name the name of the context to create; may not be empty * @param attrs the attributes to associate with the newly created context * @return the newly created context * @exception NameAlreadyBoundException if the name is already bound * @exception javax.naming.directory.InvalidAttributesException if attrs * does not contain all the mandatory attributes required for creation * @exception NamingException if a naming exception is encountered */ public DirContext createSubcontext(String name, Attributes attrs) throws NamingException { File file = new File(base, name); if (file.exists()) throw new NameAlreadyBoundException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_ALREADY_BOUND), name)); if (!file.mkdir()) throw new NamingException (MessageFormat.format(rb.getString(LogFacade.RESOURCES_BIND_FAILED), name)); return (DirContext) lookup(name); } /** * Retrieves the schema associated with the named object. The schema * describes rules regarding the structure of the namespace and the * attributes stored within it. The schema specifies what types of * objects can be added to the directory and where they can be added; * what mandatory and optional attributes an object can have. The range * of support for schemas is directory-specific. * * @param name the name of the object whose schema is to be retrieved * @return the schema associated with the context; never null * @exception OperationNotSupportedException if schema not supported * @exception NamingException if a naming exception is encountered */ public DirContext getSchema(String name) throws NamingException { throw new OperationNotSupportedException(); } /** * Retrieves a context containing the schema objects of the named * object's class definitions. * * @param name the name of the object whose object class definition is to * be retrieved * @return the DirContext containing the named object's class * definitions; never null * @exception OperationNotSupportedException if schema not supported * @exception NamingException if a naming exception is encountered */ public DirContext getSchemaClassDefinition(String name) throws NamingException { throw new OperationNotSupportedException(); } /** * Searches in a single context for objects that contain a specified set * of attributes, and retrieves selected attributes. The search is * performed using the default SearchControls settings. * * @param name the name of the context to search * @param matchingAttributes the attributes to search for. If empty or * null, all objects in the target context are returned. * @param attributesToReturn the attributes to return. null indicates * that all attributes are to be returned; an empty array indicates that * none are to be returned. * @return a non-null enumeration of SearchResult objects. Each * SearchResult contains the attributes identified by attributesToReturn * and the name of the corresponding object, named relative to the * context named by name. * @exception NamingException if a naming exception is encountered */ public NamingEnumeration search(String name, Attributes matchingAttributes, String[] attributesToReturn) throws NamingException { return null; } /** * Searches in a single context for objects that contain a specified set * of attributes. This method returns all the attributes of such objects. * It is equivalent to supplying null as the atributesToReturn parameter * to the method search(Name, Attributes, String[]). * * @param name the name of the context to search * @param matchingAttributes the attributes to search for. If empty or * null, all objects in the target context are returned. * @return a non-null enumeration of SearchResult objects. Each * SearchResult contains the attributes identified by attributesToReturn * and the name of the corresponding object, named relative to the * context named by name. * @exception NamingException if a naming exception is encountered */ public NamingEnumeration search(String name, Attributes matchingAttributes) throws NamingException { return null; } /** * Searches in the named context or object for entries that satisfy the * given search filter. Performs the search as specified by the search * controls. * * @param name the name of the context or object to search * @param filter the filter expression to use for the search; may not be * null * @param cons the search controls that control the search. If null, * the default search controls are used (equivalent to * (new SearchControls())). * @return an enumeration of SearchResults of the objects that satisfy * the filter; never null * @exception javax.naming.directory.InvalidSearchFilterException if the * search filter specified is not supported or understood by the underlying * directory * @exception javax.naming.directory.InvalidSearchControlsException if the * search controls contain invalid settings * @exception NamingException if a naming exception is encountered */ public NamingEnumeration search(String name, String filter, SearchControls cons) throws NamingException { return null; } /** * Searches in the named context or object for entries that satisfy the * given search filter. Performs the search as specified by the search * controls. * * @param name the name of the context or object to search * @param filterExpr the filter expression to use for the search. * The expression may contain variables of the form "{i}" where i is a * nonnegative integer. May not be null. * @param filterArgs the array of arguments to substitute for the * variables in filterExpr. The value of filterArgs[i] will replace each * occurrence of "{i}". If null, equivalent to an empty array. * @param cons the search controls that control the search. If null, the * default search controls are used (equivalent to (new SearchControls())). * @return an enumeration of SearchResults of the objects that satisy the * filter; never null * @exception ArrayIndexOutOfBoundsException if filterExpr contains {i} * expressions where i is outside the bounds of the array filterArgs * @exception javax.naming.directory.InvalidSearchControlsException if cons * contains invalid settings * @exception javax.naming.directory.InvalidSearchFilterException if * filterExpr with filterArgs represents an invalid search filter * @exception NamingException if a naming exception is encountered */ public NamingEnumeration search(String name, String filterExpr, Object[] filterArgs, SearchControls cons) throws NamingException { return null; } // ------------------------------------------------------ Protected Methods /** * Return a context-relative path, beginning with a "/", that represents * the canonical version of the specified path after ".." and "." elements * are resolved out. If the specified path attempts to go outside the * boundaries of the current context (i.e. too many ".." path elements * are present), return null instead. * * @param path Path to be normalized */ protected String normalize(String path) { return Util.normalize(path, File.separatorChar == '\\'); } /** * Return a File object representing the specified normalized * context-relative path if it exists and is readable. Otherwise, * return null. * * @param name Normalized context-relative path (with leading '/') * @param fileMustExist Must the required file exist (i.e. preexisting files vs. injected) CVE-2017-12615 * @return the validated java.io.File */ protected File file(String name, boolean fileMustExist) { if (name.equals("/")) { name = ""; } return validate(base, name, name, fileCache, fileMustExist); } /* * Check that the file is valid for this context */ private File validate(File baseFile, String name, String keyName, Map fCache, boolean fileMustExist) { // START S1AS8PE 4965170 File file = fCache.get(keyName); if (file == null){ file = new File(baseFile, name); } // END S1AS8PE 4965170 // If the requested names ends in '/', the Java File API will return a // matching file if one exists. This isn't what we want as it is not // consistent with the Servlet spec rules for request mapping. if (file.isFile() && name.endsWith("/")) { return null; } if (!fileMustExist || file.exists() && file.canRead()) { // START S1AS 6200277 if (!caseSensitive && allowLinking) { fCache.put(keyName,file); return file; } // END S1AS 6200277 // Additional Windows specific checks to handle known problems with // File.getCanonicalPath() if (JrePlatform.IS_WINDOWS && isInvalidWindowsFilename(name)) { return null; } // Check that this file belongs to our root path String canPath = null; try { canPath = normalize(file.toPath().toRealPath().toString()); } catch (IOException e) { } if (canPath == null || !canPath.startsWith(canonicalBase)) { if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE, LogFacade.FILE_RESOURCES_NULL_CANONICAL_PATH); } return null; } // Check to see if going outside of the web application root if ((!allowLinking) && (!canPath.startsWith(absoluteBase))) { if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE, LogFacade.FILE_RESOURCES_NOT_ALLOWED, new Object[]{allowLinking,canPath,absoluteBase}); } return null; } // Case sensitivity check // START S1AS 6200277 // if (!allowLinking && caseSensitive) { // END S1AS 6200277 // START S1AS 6200277 if (caseSensitive) { // END S1AS 6200277 String fileAbsPath = file.getAbsolutePath(); if (fileAbsPath.endsWith(".")) fileAbsPath = fileAbsPath + "/"; String absPath = normalize(fileAbsPath); canPath = normalize(canPath); if ((canPath == null) || (absPath == null)) { if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE, LogFacade.FILE_RESOURCES_NULL_ABS_PATH, new Object[]{canPath,absPath}); } return null; } if ((absoluteBase.length() < absPath.length()) && (absoluteBase.length() < canPath.length())) { absPath = absPath.substring(absoluteBase.length() + 1); if (absPath.equals("")) { absPath = "/"; } canPath = canPath.substring(canonicalBase.length() + 1); if (canPath.equals("")) { canPath = "/"; } if (!canPath.equals(absPath)) { // START S1AS 6200277 // return null; // END S1AS 6200277 // START S1AS 6200277 if (canPath.equalsIgnoreCase(absPath) || !allowLinking) { if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE, LogFacade.FILE_RESOURCES_PATH_EQUALS_ABS_PATH, new Object[]{canPath,absPath,allowLinking}); } return null; } // END S1AS 6200277 } } } } else { if (logger.isLoggable(Level.FINE)) { logger.log(Level.FINE, LogFacade.FILE_RESOURCES_NOT_EXIST, file.getAbsolutePath()); } return null; } // START S1AS8PE 4965170 fCache.put(keyName,file); // END S1AS8PE 4965170 return file; } private boolean isInvalidWindowsFilename(String name) { final int len = name.length(); if (len == 0) { return false; } // This consistently ~10 times faster than the equivalent regular // expression irrespective of input length. for (int i = 0; i < len; i++) { char c = name.charAt(i); if (c == '\"' || c == '<' || c == '>') { // These characters are disallowed in Windows file names and // there are known problems for file names with these characters // when using File#getCanonicalPath(). // Note: There are additional characters that are disallowed in // Windows file names but these are not known to cause // problems when using File#getCanonicalPath(). return true; } } // Windows does not allow file names to end in ' ' unless specific low // level APIs are used to create the files that bypass various checks. // File names that end in ' ' are known to cause problems when using // File#getCanonicalPath(). if (name.charAt(len -1) == ' ') { return true; } return false; } /** * List the resources which are members of a collection. * * @param file Collection * @return ArrayList containg NamingEntry objects */ protected ArrayList list(File file) { ArrayList entries = new ArrayList(); if (!file.isDirectory()) return entries; String[] names = file.list(); if (names==null) { /* Some IO error occurred such as bad file permissions, * lack of file descriptors. * Prevent a NPE with Arrays.sort(names) */ logger.log(Level.WARNING, LogFacade.FILE_RESOURCES_LISTING_NULL, file.getAbsolutePath()); return entries; } Arrays.sort(names); // Sort alphabetically NamingEntry entry = null; for (int i = 0; i < names.length; i++) { // START S1AS8PE 4965170 String keyName = file.getPath() + '/' + names[i]; File currentFile = validate(file, names[i], keyName, listFileCache, true); // END S1AS8PE 4965170 Object object = null; if (currentFile!=null && currentFile.isDirectory()) { FileDirContext tempContext = new FileDirContext(env); tempContext.setDocBase(file.getPath()); tempContext.setAllowLinking(getAllowLinking()); tempContext.setCaseSensitive(isCaseSensitive()); object = tempContext; } else { object = new FileResource(currentFile); } entry = new NamingEntry(names[i], object, NamingEntry.ENTRY); entries.add(entry); } return entries; } // ----------------------------------------------- FileResource Inner Class /** * This specialized resource implementation avoids opening the InputStream * to the file right away (which would put a lock on the file). */ protected static class FileResource extends Resource { // -------------------------------------------------------- Constructor public FileResource(File file) { this.file = file; } // --------------------------------------------------- Member Variables /** * Associated file object. */ protected File file; // --------------------------------------------------- Resource Methods /** * Content accessor. * * @return InputStream */ public InputStream streamContent() throws IOException { if (binaryContent == null) { FileInputStream fin = new FileInputStream(file); inputStream = fin; return fin; } return super.streamContent(); } } // ------------------------------------- FileResourceAttributes Inner Class /** * This specialized resource attribute implementation does some lazy * reading (to speed up simple checks, like checking the last modified * date). */ protected static class FileResourceAttributes extends ResourceAttributes { // -------------------------------------------------------- Constructor public FileResourceAttributes(File file) { this.file = file; getCreation(); getLastModified(); } // --------------------------------------------------- Member Variables protected File file; protected boolean accessed = false; protected String canonicalPath = null; // ----------------------------------------- ResourceAttributes Methods /** * Is collection. */ public boolean isCollection() { if (!accessed) { collection = file.isDirectory(); accessed = true; } return super.isCollection(); } /** * Get content length. * * @return content length value */ public long getContentLength() { if (contentLength != -1L) return contentLength; contentLength = file.length(); return contentLength; } /** * Get creation time. * * @return creation time value */ public long getCreation() { if (creation != -1L) return creation; creation = getLastModified(); return creation; } /** * Get creation date. * * @return Creation date value */ public Date getCreationDate() { if (creation == -1L) { creation = file.lastModified(); } return super.getCreationDate(); } /** * Get last modified time. * * @return lastModified time value */ public long getLastModified() { if (lastModified != -1L) return lastModified; lastModified = file.lastModified(); return lastModified; } /** * Get lastModified date. * * @return LastModified date value */ public Date getLastModifiedDate() { if (lastModified == -1L) { lastModified = file.lastModified(); } return super.getLastModifiedDate(); } /** * Get name. * * @return Name value */ public String getName() { if (name == null) name = file.getName(); return name; } /** * Get resource type. * * @return String resource type */ public String getResourceType() { if (!accessed) { collection = file.isDirectory(); accessed = true; } return super.getResourceType(); } /** * Get canonical path. * * @return String the file's canonical path */ public String getCanonicalPath() { if (canonicalPath == null) { try { canonicalPath = file.getCanonicalPath(); } catch (IOException e) { // Ignore } } return canonicalPath; } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy