1 /**
2 * This file Copyright (c) 2003-2011 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.filters;
35
36 import java.io.IOException;
37 import java.util.ArrayList;
38 import java.util.List;
39
40 import javax.servlet.FilterChain;
41 import javax.servlet.ServletException;
42 import javax.servlet.http.HttpServletRequest;
43 import javax.servlet.http.HttpServletResponse;
44
45 import org.apache.commons.lang.StringUtils;
46
47
48 /**
49 * <p>
50 * A filter that hides urls dependending on the request host name. This filter can be useful if you want to serve
51 * multiple public websites with a single magnolia instance, filtering out only the content that belong to the correct
52 * host. For example this filter may be configured to only show the "/de/" website tree only on the acme.de website and
53 * the "/en/" site tree only on the acme.com website.
54 * </p>
55 * <p>
56 * The filter configuration should be added to server/filters (an appropriate location is just after the contentType
57 * filter)
58 * </p>
59 *
60 * <pre>
61 * [] hostsecurity
62 * [] default
63 * - class info.magnolia.cms.filters.HostSecurityFilter
64 * [] mappings
65 * - 1 /en/=acme.com
66 * - 2 /en/=acme.de
67 *
68 * </pre>
69 * @author fgiust
70 * @version $Id$
71 */
72 public class HostSecurityFilter extends OncePerRequestAbstractMgnlFilter {
73
74 private final ArrayList<String[]> uriToHost;
75
76 public HostSecurityFilter() {
77 uriToHost = new ArrayList<String[]>();
78 }
79
80 // required by content2bean in order to make addMapping work, do not remove!
81 @Override
82 public List<String> getMappings() {
83 return null;
84 }
85
86 public void setMappings(List<String> mappings) {
87 for (String mapping : mappings) {
88 this.addMapping(mapping);
89 }
90 }
91
92 /**
93 * Adds a mapping (used by content2bean).
94 * @param mapping in the form /path=host
95 */
96 @Override
97 public void addMapping(String mapping) {
98 String[] pathToHost = StringUtils.split(mapping, "=");
99 if (pathToHost != null && pathToHost.length == 2) {
100 synchronized (uriToHost) {
101 uriToHost.add(pathToHost);
102 }
103 }
104 }
105
106 @Override
107 public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
108 throws IOException, ServletException {
109
110 String uri = request.getRequestURI();
111 String host = request.getServerName();
112 Boolean isHostValid = null;
113
114 for (String[] mapping : uriToHost) {
115 if (uri.startsWith(mapping[0])) {
116 // set to false only if exist at least one matching pattern
117 if (isHostValid == null) {
118 isHostValid = false;
119 }
120 // url allowed on this host
121 if (host.endsWith(mapping[1])) {
122 isHostValid = true;
123 break;
124 }
125
126 }
127 }
128 if (isHostValid != null && !isHostValid.booleanValue()) {
129 response.setStatus(404);
130 return;
131 }
132
133 chain.doFilter(request, response);
134
135 }
136
137 }