KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > batik > bridge > DefaultExternalResourceSecurity


1 /*
2
3    Copyright 2002 The Apache Software Foundation
4
5    Licensed under the Apache License, Version 2.0 (the "License");
6    you may not use this file except in compliance with the License.
7    You may obtain a copy of the License at
8
9        http://www.apache.org/licenses/LICENSE-2.0
10
11    Unless required by applicable law or agreed to in writing, software
12    distributed under the License is distributed on an "AS IS" BASIS,
13    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14    See the License for the specific language governing permissions and
15    limitations under the License.
16
17  */
18 package org.apache.batik.bridge;
19
20 import org.apache.batik.util.ParsedURL;
21
22 /**
23  * Default implementation for the <tt>ExternalResourceSecurity</tt> interface.
24  * It allows all types of external resources to be loaded, but only if they
25  * come from the same server as the document they are referenced from.
26  *
27  * @author <a HREF="mailto:vhardy@apache.org">Vincent Hardy</a>
28  * @version $Id: DefaultExternalResourceSecurity.java,v 1.5 2004/08/18 07:12:31 vhardy Exp $
29  */
30 public class DefaultExternalResourceSecurity implements ExternalResourceSecurity {
31     public static final String JavaDoc DATA_PROTOCOL = "data";
32     /**
33      * Message when trying to load a external resource file and the Document
34      * does not have a URL
35      */
36     public static final String JavaDoc ERROR_CANNOT_ACCESS_DOCUMENT_URL
37         = "DefaultExternalResourceSecurity.error.cannot.access.document.url";
38
39     /**
40      * Message when trying to load a externalResource file from a server
41      * different than the one of the document.
42      */
43     public static final String JavaDoc ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL
44         = "DefaultExternalResourceSecurity.error.external.resource.from.different.url";
45
46     /**
47      * The exception is built in the constructor and thrown if
48      * not null and the checkLoadExternalResource method is called.
49      */
50     protected SecurityException JavaDoc se;
51
52     /**
53      * Controls whether the externalResource should be loaded or not.
54      *
55      * @throws SecurityException if the externalResource should not be loaded.
56      */
57     public void checkLoadExternalResource(){
58         if (se != null) {
59             se.fillInStackTrace();
60             throw se;
61         }
62     }
63
64     /**
65      * @param externalResourceURL url for the externalResource, as defined in
66      * the externalResource's xlink:href attribute. If that
67      * attribute was empty, then this parameter should
68      * be null
69      * @param docURL url for the document into which the
70      * externalResource was found.
71      */
72     public DefaultExternalResourceSecurity(ParsedURL externalResourceURL,
73                                            ParsedURL docURL){
74         // Make sure that the archives comes from the same host
75 // as the document itself
76 if (docURL == null) {
77             se = new SecurityException JavaDoc
78                 (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
79                                         new Object JavaDoc[]{externalResourceURL}));
80         } else {
81             String JavaDoc docHost = docURL.getHost();
82             String JavaDoc externalResourceHost = externalResourceURL.getHost();
83             
84             if ((docHost != externalResourceHost) &&
85                 ((docHost == null) || (!docHost.equals(externalResourceHost)))){
86                 
87                 if ( externalResourceURL == null
88                      ||
89                      !DATA_PROTOCOL.equals(externalResourceURL.getProtocol()) ) {
90                 se = new SecurityException JavaDoc
91                     (Messages.formatMessage(ERROR_EXTERNAL_RESOURCE_FROM_DIFFERENT_URL,
92                                             new Object JavaDoc[]{externalResourceURL}));
93                 }
94                 
95             }
96         }
97     }
98 }
99
100
101     
102
Popular Tags