All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.gwt.user.server.Util Maven / Gradle / Ivy

/*
 * Copyright 2011 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package com.google.gwt.user.server;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

/**
 * A bunch of useful methods.
 */
public class Util {

  /**
   * Find an instance of the specified annotation, walking up the inheritance
   * tree if necessary. Copied from {@link
   * com.google.gwt.i18n.rebind.AnnotationUtil}.
   *
   * 

The super chain is walked first, so if an ancestor superclass has the * requested annotation, it will be preferred over a directly implemented * interface. * * @param Annotation type to search for * @param clazz root class to search, may be null * @param annotationClass class object of Annotation subclass to search for * @return the requested annotation or null if none */ public static T getClassAnnotation(Class clazz, Class annotationClass) { if (clazz == null) { return null; } T annot = clazz.getAnnotation(annotationClass); if (annot == null) { annot = getClassAnnotation(clazz.getSuperclass(), annotationClass); if (annot != null) { return annot; } for (Class intf : clazz.getInterfaces()) { annot = getClassAnnotation(intf, annotationClass); if (annot != null) { return annot; } } } return annot; } /** * Retrieves named cookie from supplied request. If {@code allowDuplicates} is * set to {@code true}, method will throw {@link IllegalStateException} if * duplicate cookies are found, which can be a sign of a cookie overwrite * attack. * * @param request HTTP request to retrieve cookie from. * @param cookieName Cookie name. * @param allowDuplicates if {@code true} duplicate cookies are allowed, * otherwise {@link IllegalStateException} is thrown if duplicate * cookies are detected. * @return {@link Cookie} if specified cookie is present, {@code null} * otherwise. * @throws IllegalArgumentException if duplicate cookies are detected. */ public static Cookie getCookie(HttpServletRequest request, String cookieName, boolean allowDuplicates) { Cookie cookieToReturn = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookieName.equals(cookie.getName())) { // ensure that it's the only one cookie, since duplicate cookies // can be a sign of a cookie overriding attempt. if (cookieToReturn == null) { if (allowDuplicates) { // do not attempt to detect duplicate cookies return cookie; } else { cookieToReturn = cookie; } } else { throw new IllegalArgumentException("Duplicate cookie! " + "Cookie override attack?"); } } } } return cookieToReturn; } /** * Checks if specified method is XSRF protected based on the following logic: * *

    *
  • Method level annotations override class level annotations. *
  • If method is annotated with {@code xsrfAnnotation} this * method returns {@code true} *
  • If method is annotated with {@code noXsrfAnnotation}, this method * returns {@code false}. *
  • If class is annotated with {@code xsrfAnnotation} and method is not * annotated, this method returns {@code true}. *
  • If class is annotated with {@code noXsrfAnnotation} and method is not * annotated, this method returns {@code false}. *
  • If no annotations are present and class has a method with return value * assignable from {@code xsrfTokenInterface}, this method returns * {@code true}. *
  • If no annotations are present this method returns {@code false}. *
* * @see com.google.gwt.user.server.rpc.AbstractXsrfProtectedServiceServlet */ public static boolean isMethodXsrfProtected(Method method, Class xsrfAnnotation, Class noXsrfAnnotation, Class xsrfTokenInterface) { Class declaringClass = method.getDeclaringClass(); if (method.getAnnotation(noXsrfAnnotation) != null || (Util.getClassAnnotation( declaringClass, noXsrfAnnotation) != null && method.getAnnotation(xsrfAnnotation) == null)) { // XSRF protection is disabled return false; } if (Util.getClassAnnotation(declaringClass, xsrfAnnotation) != null || method.getAnnotation(xsrfAnnotation) != null) { return true; } // if no explicit annotation is given no XSRF token verification is done, // unless there's a method returning RpcToken in which case XSRF token // verification is performed for all methods Method[] classMethods = declaringClass.getMethods(); for (Method classMethod : classMethods) { if (xsrfTokenInterface.isAssignableFrom(classMethod.getReturnType()) && !method.equals(classMethod)) { return true; } } return false; } private Util() { } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy