Save This Page
1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
3 *
4 * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
5 *
6 * Portions Copyright Apache Software Foundation.
7 *
8 * The contents of this file are subject to the terms of either the GNU
9 * General Public License Version 2 only ("GPL") or the Common Development
10 * and Distribution License("CDDL") (collectively, the "License"). You
11 * may not use this file except in compliance with the License. You can obtain
12 * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
13 * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
14 * language governing permissions and limitations under the License.
15 *
16 * When distributing the software, include this License Header Notice in each
17 * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
18 * Sun designates this particular file as subject to the "Classpath" exception
19 * as provided by Sun in the GPL Version 2 section of the License file that
20 * accompanied this code. If applicable, add the following below the License
21 * Header, with the fields enclosed by brackets [] replaced by your own
22 * identifying information: "Portions Copyrighted [year]
23 * [name of copyright owner]"
24 *
25 * Contributor(s):
26 *
27 * If you wish your version of this file to be governed by only the CDDL or
28 * only the GPL Version 2, indicate your decision by adding "[Contributor]
29 * elects to include this software in this distribution under the [CDDL or GPL
30 * Version 2] license." If you don't indicate a single choice of license, a
31 * recipient has the option to distribute your version of this file under
32 * either the CDDL, the GPL Version 2 or to extend the choice of license to
33 * its licensees as provided above. However, if you add GPL Version 2 code
34 * and therefore, elected the GPL Version 2 license, then the option applies
35 * only if the new code is made subject to such option by the copyright
36 * holder.
37 */
38
39 package javax.servlet.jsp.jstl.tlv;
40
41 import java.io.IOException;
42 import java.util.HashSet;
43 import java.util.Set;
44 import java.util.StringTokenizer;
45
46 import javax.servlet.jsp.tagext.PageData;
47 import javax.servlet.jsp.tagext.TagLibraryValidator;
48 import javax.servlet.jsp.tagext.ValidationMessage;
49 import javax.xml.parsers.ParserConfigurationException;
50 import javax.xml.parsers.SAXParser;
51 import javax.xml.parsers.SAXParserFactory;
52
53 import org.xml.sax.Attributes;
54 import org.xml.sax.SAXException;
55 import org.xml.sax.helpers.DefaultHandler;
56
57 /**
58 * <p>A TagLibraryValidator class to allow a TLD to restrict what
59 * taglibs (in addition to itself) may be imported on a page where it's
60 * used.</p>
61 *
62 * <p>This TLV supports the following initialization parameter:</p>
63 * <ul>
64 * <li><b>permittedTaglibs</b>: A whitespace-separated list of URIs corresponding
65 * to tag libraries permitted to be imported on the page in addition to the tag
66 * library that references PermittedTaglibsTLV (which is allowed implicitly).
67 * </ul>
68 *
69 * @author Shawn Bayern
70 */
71 public class PermittedTaglibsTLV extends TagLibraryValidator {
72
73 //*********************************************************************
74 // Constants
75
76 // parameter names
77 private final String PERMITTED_TAGLIBS_PARAM = "permittedTaglibs";
78
79 // URI for "<jsp:root>" element
80 private final String JSP_ROOT_URI = "http://java.sun.com/JSP/Page";
81
82 // local name of "<jsp:root>" element
83 private final String JSP_ROOT_NAME = "root";
84
85 // QName for "<jsp:root>" element
86 private final String JSP_ROOT_QN = "jsp:root";
87
88
89 //*********************************************************************
90 // Validation and configuration state (protected)
91
92 private Set permittedTaglibs; // what URIs are allowed?
93 private boolean failed; // did the page fail?
94 private String uri; // our taglib's URI
95
96 //*********************************************************************
97 // Constructor and lifecycle management
98
99 public PermittedTaglibsTLV() {
100 super();
101 init();
102 }
103
104 private void init() {
105 permittedTaglibs = null;
106 failed = false;
107 }
108
109 public void release() {
110 super.release();
111 init();
112 }
113
114
115 //*********************************************************************
116 // Validation entry point
117
118 public synchronized ValidationMessage[] validate(
119 String prefix, String uri, PageData page) {
120 try {
121
122 // initialize
123 this.uri = uri;
124 permittedTaglibs = readConfiguration();
125
126 // get a handler
127 DefaultHandler h = new PermittedTaglibsHandler();
128
129 // parse the page
130 SAXParserFactory f = SAXParserFactory.newInstance();
131 f.setValidating(true);
132 SAXParser p = f.newSAXParser();
133 p.parse(page.getInputStream(), h);
134
135 if (failed)
136 return vmFromString(
137 "taglib " + prefix + " (" + uri + ") allows only the "
138 + "following taglibs to be imported: " + permittedTaglibs);
139 else
140 return null;
141
142 } catch (SAXException ex) {
143 return vmFromString(ex.toString());
144 } catch (ParserConfigurationException ex) {
145 return vmFromString(ex.toString());
146 } catch (IOException ex) {
147 return vmFromString(ex.toString());
148 }
149 }
150
151
152 //*********************************************************************
153 // Utility functions
154
155 /** Returns Set of permitted taglibs, based on configuration data. */
156 private Set readConfiguration() {
157
158 // initialize the Set
159 Set s = new HashSet();
160
161 // get the space-separated list of taglibs
162 String uris = (String) getInitParameters().get(PERMITTED_TAGLIBS_PARAM);
163
164 // separate the list into individual uris and store them
165 StringTokenizer st = new StringTokenizer(uris);
166 while (st.hasMoreTokens())
167 s.add(st.nextToken());
168
169 // return the new Set
170 return s;
171
172 }
173
174 // constructs a ValidationMessage[] from a single String and no ID
175 private ValidationMessage[] vmFromString(String message) {
176 return new ValidationMessage[] {
177 new ValidationMessage(null, message)
178 };
179 }
180
181
182 //*********************************************************************
183 // SAX handler
184
185 /** The handler that provides the base of our implementation. */
186 private class PermittedTaglibsHandler extends DefaultHandler {
187
188 // if the element is <jsp:root>, check its "xmlns:" attributes
189 public void startElement(
190 String ns, String ln, String qn, Attributes a) {
191
192 // ignore all but <jsp:root>
193 if (!qn.equals(JSP_ROOT_QN) &&
194 (!ns.equals(JSP_ROOT_URI) || !ln.equals(JSP_ROOT_NAME)))
195 return;
196
197 // for <jsp:root>, check the attributes
198 for (int i = 0; i < a.getLength(); i++) {
199 String name = a.getQName(i);
200
201 // ignore non-namespace attributes, and xmlns:jsp
202 if (!name.startsWith("xmlns:") || name.equals("xmlns:jsp"))
203 continue;
204
205 String value = a.getValue(i);
206 // ignore our own namespace declaration
207 if (value.equals(uri))
208 continue;
209
210 // otherwise, ensure that 'value' is in 'permittedTaglibs' set
211 if (!permittedTaglibs.contains(value))
212 failed = true;
213 }
214 }
215 }
216
217 }