[mapguide-commits] r10038 - trunk/MgDev/Web/src/HttpHandler

svn_mapguide at osgeo.org svn_mapguide at osgeo.org
Sat Mar 25 04:02:19 PDT 2023 

Author: jng
Date: 2023-03-25 04:02:18 -0700 (Sat, 25 Mar 2023)
New Revision: 10038

Added:
   trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.cpp
   trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.h
Log:
#2864: Forgot to add the actual new files

Added: trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.cpp
===================================================================
--- trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.cpp	                        (rev 0)
+++ trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.cpp	2023-03-25 11:02:18 UTC (rev 10038)
@@ -0,0 +1,193 @@
+//
+//  Copyright (C) 2004-2023 by Autodesk, Inc.
+//
+//  This library is free software; you can redistribute it and/or
+//  modify it under the terms of version 2.1 of the GNU Lesser
+//  General Public License as published by the Free Software Foundation.
+//
+//  This library is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+//  Lesser General Public License for more details.
+//
+//  You should have received a copy of the GNU Lesser General Public
+//  License along with this library; if not, write to the Free Software
+//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+//
+
+#include "HttpHandler.h"
+
+// Process-wide MgHttpAnonymousCheck
+Ptr<MgHttpAnonymousCheck> MgHttpAnonymousCheck::sm_anonCheck = (MgHttpAnonymousCheck*)nullptr;
+
+MgHttpAnonymousCheck::MgHttpAnonymousCheck()
+{
+	m_denyGetResourceContent = new MgStringCollection();
+	m_denyGetResourceData = new MgStringCollection();
+	m_denyGetResourceHeader = new MgStringCollection();
+}
+
+MgHttpAnonymousCheck::~MgHttpAnonymousCheck()
+{
+    m_denyGetResourceContent = nullptr;
+    m_denyGetResourceData = nullptr;
+    m_denyGetResourceHeader = nullptr;
+}
+
+void MgHttpAnonymousCheck::Dispose()
+{
+	delete this;
+}
+
+MgHttpAnonymousCheck* MgHttpAnonymousCheck::GetInstance()
+{
+    MG_TRY()
+
+    ACE_TRACE("MgHttpAnonymousCheck::GetInstance");
+
+    if (MgHttpAnonymousCheck::sm_anonCheck == nullptr)
+    {
+        // Perform Double-Checked Locking Optimization.
+        ACE_MT(ACE_GUARD_RETURN(ACE_Recursive_Thread_Mutex, ace_mon, *ACE_Static_Object_Lock::instance(), 0));
+        if (MgHttpAnonymousCheck::sm_anonCheck == NULL)
+        {
+            MgHttpAnonymousCheck::sm_anonCheck = new MgHttpAnonymousCheck();
+        }
+    }
+
+    MG_CATCH_AND_THROW(L"MgHttpAnonymousCheck.GetInstance")
+
+    // To avoid overheads and maintain thread safety,
+    // do not assign this returned static singleton to a Ptr object.
+    return MgHttpAnonymousCheck::sm_anonCheck;
+}
+
+void MgHttpAnonymousCheck::Init(MgConfiguration* config)
+{
+    CHECKARGUMENTNULL(config, L"MgHttpAnonymousCheck.Init");
+
+    // Process deny list for GETRESOURCE
+    STRING sDenyGetResourceContent;
+    config->GetStringValue(MgConfigProperties::AgentPropertiesSection,
+        MgConfigProperties::AgentAnonymousDenyGetResourceContent,
+        sDenyGetResourceContent,
+        MgConfigProperties::DefaultAgentAnonymousDenyGetResourceContent);
+
+    if (!sDenyGetResourceContent.empty())
+    {
+        Ptr<MgStringCollection> denyList;
+        denyList = MgStringCollection::ParseCollection(sDenyGetResourceContent, L",");
+
+        auto const count = denyList->GetCount();
+        for (auto i = 0; i < count; i++)
+        {
+            auto const check = denyList->GetItem(i);
+            m_denyGetResourceContent->Add(check);
+        }
+    }
+
+    // Process deny list for GETRESOURCEDATA
+    STRING sDenyGetResourceData;
+    config->GetStringValue(MgConfigProperties::AgentPropertiesSection,
+        MgConfigProperties::AgentAnonymousDenyGetResourceData,
+        sDenyGetResourceData,
+        MgConfigProperties::DefaultAgentAnonymousDenyGetResourceData);
+
+    if (!sDenyGetResourceData.empty())
+    {
+        Ptr<MgStringCollection> denyList;
+        denyList = MgStringCollection::ParseCollection(sDenyGetResourceData, L",");
+
+        auto const count = denyList->GetCount();
+        for (auto i = 0; i < count; i++)
+        {
+            auto const check = denyList->GetItem(i);
+            m_denyGetResourceData->Add(check);
+        }
+    }
+
+    // Process deny list for GETRESOURCEHEADER
+    STRING sDenyGetResourceHeader;
+    config->GetStringValue(MgConfigProperties::AgentPropertiesSection,
+        MgConfigProperties::AgentAnonymousDenyGetResourceHeader,
+        sDenyGetResourceHeader,
+        MgConfigProperties::DefaultAgentAnonymousDenyGetResourceHeader);
+
+    if (!sDenyGetResourceHeader.empty())
+    {
+        Ptr<MgStringCollection> denyList;
+        denyList = MgStringCollection::ParseCollection(sDenyGetResourceHeader, L",");
+
+        auto const count = denyList->GetCount();
+        for (auto i = 0; i < count; i++)
+        {
+            auto const check = denyList->GetItem(i);
+            m_denyGetResourceHeader->Add(check);
+        }
+    }
+}
+
+bool MgHttpAnonymousCheck::StartsWith(CREFSTRING str, CREFSTRING find)
+{
+    return str.rfind(find, 0) == 0;
+}
+
+bool MgHttpAnonymousCheck::ShouldDenyGetResourceContent(MgResourceIdentifier* resId)
+{
+    if (m_denyGetResourceContent->GetCount() == 0)
+	    return false;
+
+    CHECKARGUMENTNULL(resId, L"MgHttpAnonymousCheck.ShouldDenyGetResourceContent");
+
+    auto const sResId = resId->ToString();
+    auto const count = m_denyGetResourceContent->GetCount();
+    for (auto i = 0; i < count; i++)
+    {
+        auto const check = m_denyGetResourceContent->GetItem(i);
+        // If the given resource id matches the current prefix, deny
+        if (StartsWith(sResId, check))
+            return true;
+    }
+
+    return false;
+}
+
+bool MgHttpAnonymousCheck::ShouldDenyGetResourceData(MgResourceIdentifier* resId)
+{
+    if (m_denyGetResourceData->GetCount() == 0)
+        return false;
+
+    CHECKARGUMENTNULL(resId, L"MgHttpAnonymousCheck.ShouldDenyGetResourceData");
+
+    auto const sResId = resId->ToString();
+    auto const count = m_denyGetResourceData->GetCount();
+    for (auto i = 0; i < count; i++)
+    {
+        auto const check = m_denyGetResourceData->GetItem(i);
+        // If the given resource id matches the current prefix, deny
+        if (StartsWith(sResId, check))
+            return true;
+    }
+
+	return false;
+}
+
+bool MgHttpAnonymousCheck::ShouldDenyGetResourceHeader(MgResourceIdentifier* resId)
+{
+    if (m_denyGetResourceHeader->GetCount() == 0)
+        return false;
+
+    CHECKARGUMENTNULL(resId, L"MgHttpAnonymousCheck.ShouldDenyGetResourceHeader");
+
+    auto const sResId = resId->ToString();
+    auto const count = m_denyGetResourceHeader->GetCount();
+    for (auto i = 0; i < count; i++)
+    {
+        auto const check = m_denyGetResourceHeader->GetItem(i);
+        // If the given resource id matches the current prefix, deny
+        if (StartsWith(sResId, check))
+            return true;
+    }
+
+	return false;
+}

Added: trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.h
===================================================================
--- trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.h	                        (rev 0)
+++ trunk/MgDev/Web/src/HttpHandler/HttpAnonymousCheck.h	2023-03-25 11:02:18 UTC (rev 10038)
@@ -0,0 +1,77 @@
+//
+//  Copyright (C) 2004-2023 by Autodesk, Inc.
+//
+//  This library is free software; you can redistribute it and/or
+//  modify it under the terms of version 2.1 of the GNU Lesser
+//  General Public License as published by the Free Software Foundation.
+//
+//  This library is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+//  Lesser General Public License for more details.
+//
+//  You should have received a copy of the GNU Lesser General Public
+//  License along with this library; if not, write to the Free Software
+//  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+//
+
+#ifndef _HTTP_ANONYMOUS_CHECK_H
+#define _HTTP_ANONYMOUS_CHECK_H
+
+class MgConfiguration;
+
+class MG_MAPAGENT_API MgHttpAnonymousCheck : public MgGuardDisposable
+{
+INTERNAL_API:
+    /// \brief
+    /// Constructor
+    ///
+    MgHttpAnonymousCheck();
+
+    /// \brief
+    /// Destructor
+    ///
+    virtual ~MgHttpAnonymousCheck();
+
+    /// \brief
+    /// Self Destructor
+    ///
+    virtual void Dispose();
+
+    /// \brief
+    /// Get pointer to a process-wide MgHttpAnonymousCheck.
+    ///
+    static MgHttpAnonymousCheck* GetInstance();
+
+    /// \brief
+    /// Initialize this check from a loaded configuration
+    ///
+    void Init(MgConfiguration* config);
+
+    /// \brief
+    /// Gets whether GETRESOURCE mapagent calls should be denied for this particular resource id
+    ///
+    bool ShouldDenyGetResourceContent(MgResourceIdentifier* resId);
+
+    /// \brief
+    /// Gets whether GETRESOURCEDATA mapagent calls should be denied for this particular resource id
+    ///
+    bool ShouldDenyGetResourceData(MgResourceIdentifier* resId);
+
+    /// \brief
+    /// Gets whether GETRESOURCEHEADER mapagent calls should be denied for this particular resource id
+    ///
+    bool ShouldDenyGetResourceHeader(MgResourceIdentifier* resId);
+
+private:
+    static bool StartsWith(CREFSTRING str, CREFSTRING find);
+
+    Ptr<MgStringCollection> m_denyGetResourceContent;
+    Ptr<MgStringCollection> m_denyGetResourceData;
+    Ptr<MgStringCollection> m_denyGetResourceHeader;
+
+    /// Pointer to a process-wide singleton.
+    static Ptr<MgHttpAnonymousCheck> sm_anonCheck;
+};
+
+#endif
\ No newline at end of file

More information about the mapguide-commits mailing list