Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
package com.netiq.ag;import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.net.URL;import java.text.DateFormat;import java.text.SimpleDateFormat;import java.util.Date;import java.util.Enumeration;/** * Created by IntelliJ IDEA. * User: Gary L. Gilbert * Date: July 01, 2015 * Time: 11:24:06 PM * Description: Use this filter to capture unvalidated redirects on the Access Gateway. */public class Filter implements javax.servlet.Filter {
protected FilterConfig config;
protected ServletContext ctx;
protected String targetDomains[];
protected boolean debug = true;
private static final DateFormat LOG_TIMESTAMP_FORMAT = new SimpleDateFormat(“yyyy-MM-dd,HH:mm:ss.SSS”);
public void init(FilterConfig config) throws ServletException {
try {
debug = Boolean.parseBoolean(config.getInitParameter("debug"));
log ("FILTER: ====================================================");
log ("FILTER: Initializing");
ctx = config.getServletContext();
targetDomains = config.getInitParameter("target_domains").replaceAll("\\s","").toLowerCase().split(",");
for (String targetDomain : targetDomains) {
log ("FILTER: Target Domain: " targetDomain);
}
this.config = config;
log ("FILTER: End Initializing");
log ("FILTER: ====================================================");
} catch (Exception e) {
log ("FILTER: **** ERROR: Retrieving config parameters. Check init parameters in web.xml.");
}
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
boolean validURL = true;
String paramName = "";
Enumeration<String> parameterNames = request.getParameterNames();
mainloop:
while (parameterNames.hasMoreElements()) {
paramName = parameterNames.nextElement();
log ("FILTER: Parameter Name: " paramName);
if ( paramName.toLowerCase().startsWith("\"http") ) {
URL turl = new URL(paramName.replaceAll("\"", ""));
paramName = turl.getHost().toLowerCase();
log ("FILTER: Parsed Domain: " paramName);
validURL = false;
for (String targetDomain : targetDomains) {
log ("FILTER: Target Domain: " targetDomain);
if ( paramName.endsWith( targetDomain ) ) {
validURL = true;
break mainloop;
}
}
break;
}
}
if ( validURL ) {
log ("FILTER: **** Valid Target Domain ****: " paramName);
filterChain.doFilter(request, response);
} else {
log ("FILTER: **** Invalid Target Domain ****: " paramName);
response.sendRedirect("/AGLogout");
}
}
public void destroy() {
config = null;
}
protected void log(String message) {
if (debug) {
System.out.print(LOG_TIMESTAMP_FORMAT.format(new Date()));
System.out.print(" Thread-");
System.out.print(Thread.currentThread().getId());
System.out.print(": ");
System.out.println(message);
}
}
}
<filter>
<filter-name>UnvalidatedTargetFilter</filter-name>
<filter-class>com.netiq.ag.Filter</filter-class>
<init-param>
<param-name>target_domains</param-name>
<param-value>.netiq.com,.novell.com</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UnvalidatedTargetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
/opt/novell/nesp/lib/webapp/WEB-INF/lib
chmod 644 agfilter.jar
chown novlwww:novlwww agfilter
/opt/novell/nesp/lib/webapp/WEB-INF/web.xml
rcnovell-appliance restart
2015-07-10,00:57:40.375 Thread-11: FILTER: ====================================================
2015-07-10,00:57:40.375 Thread-11: FILTER: Initializing
2015-07-10,00:57:40.376 Thread-11: FILTER: Target Domain: .netiq.com
2015-07-10,00:57:40.376 Thread-11: FILTER: Target Domain: .novell.com
2015-07-10,00:57:40.383 Thread-11: FILTER: End Initializing
2015-07-10,00:57:40.383 Thread-11: FILTER: ====================================================
Filter initialized! 'nidpJspFilter'
Jul 10, 2015 12:57:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /opt/novell/nam/mag/webapps/nesp has finished in 14,777 ms
tail –f /var/opt/novell/nam/logs/mag/tomcat/catalina.out | grep “FILTER:”