Skip to content

O
Openfire
Commit 0ecaa2d3 authored by Dave Cridland's avatar Dave Cridland Committed by GitHub
Browse files
Options

Merge pull request #846 from guusdk/OF-1367_BOSH-url-based-on-FQDN 

Admin console: apply JSTL to http-bind page.
parents d99ae522 e3a6cc6e
Show whitespace changes
Inline Side-by-side
Showing with 130 additions and 219 deletions
src/web/http-bind.jsp
View file @ 0ecaa2d3
......@@ -14,110 +14,99 @@
- See the License for the specific language governing permissions and
- limitations under the License.
--%>
<%@ page import="org.jivesoftware.openfire.http.FlashCrossDomainServlet" %>
<%@ page import="org.jivesoftware.openfire.http.HttpBindManager" %>
<%@ page import="org.jivesoftware.util.CookieUtils" %>
<%@ page import="org.jivesoftware.util.Log" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
<%@ page import="org.jivesoftware.util.StringUtils" %>
<%@ page import="java.io.File" %>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.jivesoftware.util.Log" %>
<%@ page import="org.jivesoftware.util.CookieUtils" %>
<%@ page import="org.jivesoftware.openfire.http.FlashCrossDomainServlet" %>
<%@ page import="org.jivesoftware.openfire.http.HttpBindManager" %>
<%@ page import="java.util.Map" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager" />
<% webManager.init(request, response, session, application, out ); %>
<%!
HttpBindManager serverManager = HttpBindManager.getInstance();
Map<String, String> handleUpdate(HttpServletRequest request) {
Map<String, String> errorMap = new HashMap<String, String>();
boolean isEnabled = ParamUtils.getBooleanParameter(request, "httpBindEnabled",
serverManager.isHttpBindEnabled());
// CORS
boolean isCORSEnabled = ParamUtils.getBooleanParameter(request, "CORSEnabled",
serverManager.isCORSEnabled());
// XFF
boolean isXFFEnabled = ParamUtils.getBooleanParameter(request, "XFFEnabled",
serverManager.isXFFEnabled());
if (isEnabled) {
int requestedPort = ParamUtils.getIntParameter(request, "port",
serverManager.getHttpBindUnsecurePort());
int requestedSecurePort = ParamUtils.getIntParameter(request, "securePort",
serverManager.getHttpBindSecurePort());
// CORS
String CORSDomains = ParamUtils.getParameter(request, "CORSDomains", true);
try {
serverManager.setHttpBindPorts(requestedPort, requestedSecurePort);
// CORS
serverManager.setCORSEnabled(isCORSEnabled);
serverManager.setCORSAllowOrigin(CORSDomains);
// XFF
serverManager.setXFFEnabled(isXFFEnabled);
String param = ParamUtils.getParameter(request, "XFFHeader");
serverManager.setXFFHeader(param);
param = ParamUtils.getParameter(request, "XFFServerHeader");
serverManager.setXFFServerHeader(param);
param = ParamUtils.getParameter(request, "XFFHostHeader");
serverManager.setXFFHostHeader(param);
param = ParamUtils.getParameter(request, "XFFHostName");
serverManager.setXFFHostName(param);
Map<String, String> handleUpdate( HttpServletRequest request )
{
final Map<String, String> errorMap = new HashMap<>();
final boolean isEnabled = ParamUtils.getBooleanParameter( request, "httpBindEnabled", serverManager.isHttpBindEnabled() );
if ( isEnabled )
{
final int requestedPort = ParamUtils.getIntParameter( request, "port", serverManager.getHttpBindUnsecurePort() );
final int requestedSecurePort = ParamUtils.getIntParameter( request, "securePort", serverManager.getHttpBindSecurePort() );
final boolean isCORSEnabled = ParamUtils.getBooleanParameter( request, "CORSEnabled", serverManager.isCORSEnabled() );
final boolean isXFFEnabled = ParamUtils.getBooleanParameter( request, "XFFEnabled", serverManager.isXFFEnabled() );
final String CORSDomains = ParamUtils.getParameter( request, "CORSDomains", true );
try
{
serverManager.setHttpBindPorts( requestedPort, requestedSecurePort );
serverManager.setCORSEnabled( isCORSEnabled );
serverManager.setCORSAllowOrigin( CORSDomains );
serverManager.setXFFEnabled( isXFFEnabled );
serverManager.setXFFHeader( ParamUtils.getParameter( request, "XFFHeader" ) );
serverManager.setXFFServerHeader( ParamUtils.getParameter( request, "XFFServerHeader" ) );
serverManager.setXFFHostHeader( ParamUtils.getParameter( request, "XFFHostHeader" ) );
serverManager.setXFFHostName( ParamUtils.getParameter( request, "XFFHostName" ) );
}
catch (Exception e) {
Log.error("An error has occured configuring the HTTP binding ports", e);
errorMap.put("port", e.getMessage());
catch ( Exception e )
{
Log.error( "An error has occured configuring the HTTP binding ports", e );
errorMap.put( "port", e.getMessage() );
}
boolean isScriptSyntaxEnabled = ParamUtils.getBooleanParameter(request,
"scriptSyntaxEnabled", serverManager.isScriptSyntaxEnabled());
serverManager.setScriptSyntaxEnabled(isScriptSyntaxEnabled);
boolean isScriptSyntaxEnabled = ParamUtils.getBooleanParameter( request, "scriptSyntaxEnabled", serverManager.isScriptSyntaxEnabled() );
serverManager.setScriptSyntaxEnabled( isScriptSyntaxEnabled );
}
if (errorMap.size() <= 0) {
serverManager.setHttpBindEnabled(isEnabled);
if ( errorMap.isEmpty() )
{
serverManager.setHttpBindEnabled( isEnabled );
}
return errorMap;
}
%>
<%
Map<String, String> errorMap = new HashMap<String, String>();
Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
String csrfParam = ParamUtils.getParameter(request, "csrf");
if (request.getParameter("update") != null) {
if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
errorMap.put("csrf", "CSRF Failure!");
} else {
errorMap = handleUpdate(request);
final Map<String, String> errorMap = new HashMap<>();
final Cookie csrfCookie = CookieUtils.getCookie( request, "csrf" );
String csrfParam = ParamUtils.getParameter( request, "csrf" );
if ( request.getParameter( "update" ) != null )
{
if ( csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals( csrfParam ) )
{
errorMap.put( "csrf", "CSRF Failure!" );
}
else
{
errorMap.putAll( handleUpdate( request ) );
// Log the event
webManager.logEvent("updated HTTP bind settings", null);
webManager.logEvent( "updated HTTP bind settings", null );
}
}
csrfParam = StringUtils.randomString(15);
CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
pageContext.setAttribute("csrf", csrfParam);
boolean isHttpBindEnabled = serverManager.isHttpBindEnabled();
int port = serverManager.getHttpBindUnsecurePort();
int securePort = serverManager.getHttpBindSecurePort();
boolean isScriptSyntaxEnabled = serverManager.isScriptSyntaxEnabled();
// CORS
boolean isCORSEnabled = serverManager.isCORSEnabled();
// XFF
boolean isXFFEnabled = serverManager.isXFFEnabled();
String xffHeader = serverManager.getXFFHeader();
String xffServerHeader = serverManager.getXFFServerHeader();
String xffHostHeader = serverManager.getXFFHostHeader();
String xffHostName = serverManager.getXFFHostName();
csrfParam = StringUtils.randomString( 15 );
CookieUtils.setCookie( request, response, "csrf", csrfParam, -1 );
pageContext.setAttribute( "csrf", csrfParam );
pageContext.setAttribute( "errors", errorMap );
pageContext.setAttribute( "serverManager", serverManager );
pageContext.setAttribute( "crossDomainContent", FlashCrossDomainServlet.getCrossDomainContent() );
%>
<%@page import="org.jivesoftware.openfire.http.FlashCrossDomainServlet"%><html>
<html>
<head>
<title>
<fmt:message key="httpbind.settings.title"/>
</title>
<meta name="pageID" content="http-bind"/>
<script type="text/javascript">
var enabled = <%=isHttpBindEnabled%>;
var enabled = ${serverManager.httpBindEnabled ? 'true' : 'false'};
var setEnabled = function() {
$("port").disabled = !enabled;
$("securePort").disabled = !enabled;
......@@ -133,7 +122,7 @@
$("XFFHostHeader").disabled = !enabled;
$("XFFHostName").disabled = !enabled;
$("crossdomain").disabled = !enabled;
}
};
window.onload = setTimeout("setEnabled()", 500);
</script>
</head>
......@@ -141,237 +130,159 @@
<p>
<fmt:message key="httpbind.settings.info"/>
</p>
<% if (errorMap.size() > 0) {
for (String key : errorMap.keySet()) { %>
<div class="error" style="width: 400px">
<% if (key.equals("port")) { %>
<fmt:message key="httpbind.settings.error.port"/>
<% }
else { %>
<c:forEach var="err" items="${errors}">
<admin:infobox type="error">
<c:choose>
<c:when test="${err.key eq 'port'}"><fmt:message key="httpbind.settings.error.port"/></c:when>
<c:when test="${err.key eq 'missingMotdMessage'}"><fmt:message key="motd.message.missing"/></c:when>
<c:otherwise>
<c:if test="${not empty err.value}">
<fmt:message key="httpbind.settings.error.general"/>
<% } %>
</div>
<% }
} %>
</c:if>
(<c:out value="${err.key}"/>)
</c:otherwise>
</c:choose>
</admin:infobox>
</c:forEach>
<form action="http-bind.jsp" method="post">
<input type="hidden" name="csrf" value="${csrf}">
<div class="jive-contentBox" style="-moz-border-radius: 3px;">
<fmt:message key="httpbind.settings.title" var="general_settings_boxtitle"/>
<admin:contentBox title="${general_settings_boxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tbody>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="httpBindEnabled" value="true" id="rb02"
onclick="enabled = true; setEnabled();"
<%= (isHttpBindEnabled ? "checked" : "") %>>
<input type="radio" name="httpBindEnabled" value="true" id="rb02" onclick="enabled = true; setEnabled();" ${serverManager.httpBindEnabled ? "checked" : ""}>
</td>
<td width="99%" colspan="2">
<label for="rb02">
<b>
<fmt:message key="httpbind.settings.label_enable"/>
</b> -
<fmt:message key="httpbind.settings.label_enable_info"/>
</label>
<label for="rb02"><b><fmt:message key="httpbind.settings.label_enable"/></b> - <fmt:message key="httpbind.settings.label_enable_info"/></label>
<table border="0">
<tr>
<td>
<label for="port">
<fmt:message key="httpbind.settings.vanilla_port"/>
</label>
</td><td>
<input id="port" type="text" size="5" maxlength="10" name="port"
value="<%=port%>" />
</td>
<td>( <%=serverManager.getHttpBindUnsecureAddress()%> )</td>
<td><label for="port"><fmt:message key="httpbind.settings.vanilla_port"/></label></td>
<td><input id="port" type="text" size="5" maxlength="10" name="port" value="${serverManager.httpBindUnsecurePort}" /></td>
<td>( <c:out value="${serverManager.httpBindUnsecureAddress}"/> )</td>
</tr>
<tr>
<td>
<label for="securePort">
<fmt:message key="httpbind.settings.secure_port"/>
</label>
</td><td>
<input id="securePort" type="text" size="5" maxlength="10" name="securePort"
value="<%=securePort%>" />
</td>
<td>( <%=serverManager.getHttpBindSecureAddress()%> )</td>
<td><label for="securePort"><fmt:message key="httpbind.settings.secure_port"/></label></td>
<td><input id="securePort" type="text" size="5" maxlength="10" name="securePort" value="${serverManager.httpBindSecurePort}" /></td>
<td>( <c:out value="${serverManager.httpBindSecureAddress}"/> )</td>
</tr>
</table>
</td>
</tr>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="httpBindEnabled" value="false" id="rb01"
onclick="enabled = false; setEnabled();"
<%= (!isHttpBindEnabled ? "checked" : "") %>>
<input type="radio" name="httpBindEnabled" value="false" id="rb01" onclick="enabled = false; setEnabled();" ${serverManager.httpBindEnabled ? "" : "checked"} %>
</td>
<td width="99%" colspan="2">
<label for="rb01">
<b>
<fmt:message key="httpbind.settings.label_disable"/>
</b> -
<fmt:message key="httpbind.settings.label_disable_info"/>
</label>
<label for="rb01"><b><fmt:message key="httpbind.settings.label_disable"/></b> - <fmt:message key="httpbind.settings.label_disable_info"/></label>
</td>
</tr>
</tbody>
</table>
</div>
<div class="jive-contentBoxHeader">Script Syntax</div>
<div class="jive-contentbox">
</admin:contentBox>
<admin:contentBox title="Script Syntax">
<table cellpadding="3" cellspacing="0" border="0">
<tbody>
<tr valign="middle">
<td width="1%" nowrap>
<input type="radio" name="scriptSyntaxEnabled" value="true" id="rb03"
<%= (isScriptSyntaxEnabled ? "checked" : "") %>>
</td>
<td width="99%">
<label for="rb03">
<b><fmt:message key="httpbind.settings.script.label_enable" /></b> - <fmt:message key="httpbind.settings.script.label_enable_info" />
</label>
</td>
<td width="1%" nowrap><input type="radio" name="scriptSyntaxEnabled" value="true" id="rb03" ${serverManager.scriptSyntaxEnabled ? "checked" : ""}></td>
<td width="99%"><label for="rb03"><b><fmt:message key="httpbind.settings.script.label_enable" /></b> - <fmt:message key="httpbind.settings.script.label_enable_info" /></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap>
<input type="radio" name="scriptSyntaxEnabled" value="false" id="rb04"
<%= (!isScriptSyntaxEnabled ? "checked" : "") %>>
</td>
<td width="99%">
<label for="rb04">
<b><fmt:message key="httpbind.settings.script.label_disable" /></b> - <fmt:message key="httpbind.settings.script.label_disable_info" />
</label>
</td>
<td width="1%" nowrap><input type="radio" name="scriptSyntaxEnabled" value="false" id="rb04" ${serverManager.scriptSyntaxEnabled ? "" : "checked"}></td>
<td width="99%"><label for="rb04"><b><fmt:message key="httpbind.settings.script.label_disable" /></b> - <fmt:message key="httpbind.settings.script.label_disable_info" /></label></td>
</tr>
</tbody>
</table>
</div>
</admin:contentBox>
<!-- CORS -->
<div class="jive-contentBoxHeader"><fmt:message key="httpbind.settings.cors.group"/></div>
<div class="jive-contentbox">
<fmt:message key="httpbind.settings.cors.group" var="cors_boxtitle"/>
<admin:contentBox title="${cors_boxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tbody>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="CORSEnabled" value="true" id="rb05"
<%= (isCORSEnabled ? "checked" : "") %>>
<input type="radio" name="CORSEnabled" value="true" id="rb05" ${serverManager.CORSEnabled ? "checked" : ""}>
</td>
<td width="99%">
<label for="rb05">
<b><fmt:message key="httpbind.settings.cors.label_enable"/></b> - <fmt:message key="httpbind.settings.cors.label_enable_info"/>
</label>
<label for="rb05"><b><fmt:message key="httpbind.settings.cors.label_enable"/></b> - <fmt:message key="httpbind.settings.cors.label_enable_info"/></label>
<table border="0">
<tr>
<td>
<label for="CORSDomains">
<fmt:message key="httpbind.settings.cors.domain_list"/>
</label>
</td>
</tr>
<tr>
<td>
<input id="CORSDomains" type="text" size="80" name="CORSDomains" value="<%= StringUtils.escapeForXML(serverManager.getCORSAllowOrigin()) %>">
</td>
</tr>
<tr><td><label for="CORSDomains"><fmt:message key="httpbind.settings.cors.domain_list"/></label></td></tr>
<tr><td><input id="CORSDomains" type="text" size="80" name="CORSDomains" value="${fn:escapeXml(serverManager.CORSAllowOrigin)}"></td></tr>
</table>
</td>
</tr>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="CORSEnabled" value="false" id="rb06"
<%= (!isCORSEnabled ? "checked" : "") %>>
<input type="radio" name="CORSEnabled" value="false" id="rb06" ${serverManager.CORSEnabled ? "" : "checked"}>
</td>
<td width="99%">
<label for="rb06">
<b><fmt:message key="httpbind.settings.cors.label_disable"/></b> - <fmt:message key="httpbind.settings.cors.label_disable_info"/>
</label>
<label for="rb06"><b><fmt:message key="httpbind.settings.cors.label_disable"/></b> - <fmt:message key="httpbind.settings.cors.label_disable_info"/></label>
</td>
</tr>
</tbody>
</table>
</div>
</admin:contentBox>
<!-- CORS -->
<!-- XFF -->
<div class="jive-contentBoxHeader"><fmt:message key="httpbind.settings.xff.group"/></div>
<div class="jive-contentbox">
<fmt:message key="httpbind.settings.xff.group" var="xff_boxtitle"/>
<admin:contentBox title="${xff_boxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tbody>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="XFFEnabled" value="true" id="rb07"
<%= (isXFFEnabled ? "checked" : "") %>>
<input type="radio" name="XFFEnabled" value="true" id="rb07" ${serverManager.XFFEnabled ? "checked" : ""}>
</td>
<td width="99%">
<label for="rb07">
<b><fmt:message key="httpbind.settings.xff.label_enable"/></b> - <fmt:message key="httpbind.settings.xff.label_enable_info"/>
</label>
<label for="rb07"><b><fmt:message key="httpbind.settings.xff.label_enable"/></b> - <fmt:message key="httpbind.settings.xff.label_enable_info"/></label>
<table border="0">
<tr>
<td>
<label for="XFFHeader"><fmt:message key="httpbind.settings.xff.forwarded_for"/></label>
</td>
<td>
<input id="XFFHeader" type="text" size="40" name="XFFHeader" value="<%= xffHeader == null ? "" : StringUtils.escapeForXML(xffHeader) %>">
</td>
<td><label for="XFFHeader"><fmt:message key="httpbind.settings.xff.forwarded_for"/></label></td>
<td><input id="XFFHeader" type="text" size="40" name="XFFHeader" value="${fn:escapeXml(serverManager.XFFHeader == null ? "" : serverManager.XFFHeader)}"></td>
</tr>
<tr>
<td>
<label for="XFFServerHeader"><fmt:message key="httpbind.settings.xff.forwarded_server"/></label>
</td>
<td>
<input id="XFFServerHeader" type="text" size="40" name="XFFServerHeader" value="<%= xffServerHeader == null ? "" : StringUtils.escapeForXML(xffServerHeader) %>">
</td>
<td><label for="XFFServerHeader"><fmt:message key="httpbind.settings.xff.forwarded_server"/></label></td>
<td><input id="XFFServerHeader" type="text" size="40" name="XFFServerHeader" value="${fn:escapeXml(serverManager.XFFServerHeader == null ? "" : serverManager.XFFServerHeader)}"></td>
</tr>
<tr>
<td>
<label for="XFFHostHeader"><fmt:message key="httpbind.settings.xff.forwarded_host"/></label>
</td>
<td>
<input id="XFFHostHeader" type="text" size="40" name="XFFHostHeader" value="<%= xffHostHeader == null ? "" : StringUtils.escapeForXML(xffHostHeader) %>">
</td>
<td><label for="XFFHostHeader"><fmt:message key="httpbind.settings.xff.forwarded_host"/></label></td>
<td><input id="XFFHostHeader" type="text" size="40" name="XFFHostHeader" value="${fn:escapeXml(serverManager.XFFHostHeader == null ? "" : serverManager.XFFHostHeader)}"></td>
</tr>
<tr>
<td>
<label for="XFFHostName"><fmt:message key="httpbind.settings.xff.host_name"/></label>
</td>
<td>
<input id="XFFHostName" type="text" size="40" name="XFFHostName" value="<%= xffHostName == null ? "" : StringUtils.escapeForXML(xffHostName) %>">
</td>
<td><label for="XFFHostName"><fmt:message key="httpbind.settings.xff.host_name"/></label></td>
<td><input id="XFFHostName" type="text" size="40" name="XFFHostName" value="${fn:escapeXml(serverManager.XFFHostName == null ? "" : serverManager.XFFHostName)}"></td>
</tr>
</table>
</td>
</tr>
<tr valign="top">
<td width="1%" nowrap>
<input type="radio" name="XFFEnabled" value="false" id="rb08"
<%= (!isXFFEnabled ? "checked" : "") %>>
<input type="radio" name="XFFEnabled" value="false" id="rb08" ${serverManager.XFFEnabled ? "" : "checked"}>
</td>
<td width="99%">
<label for="rb08">
<b><fmt:message key="httpbind.settings.xff.label_disable"/></b> - <fmt:message key="httpbind.settings.xff.label_disable_info"/>
</label>
<label for="rb08"><b><fmt:message key="httpbind.settings.xff.label_disable"/></b> - <fmt:message key="httpbind.settings.xff.label_disable_info"/></label>
</td>
</tr>
</tbody>
</table>
</div>
</admin:contentBox>
<!-- XFF -->
<div class="jive-contentBoxHeader">Cross-domain policy</div>
<div class="jive-contentbox">
<admin:contentBox title="Cross-domain policy">
<p><fmt:message key="httpbind.settings.crossdomain.info.general" /></p>
<p><fmt:message key="httpbind.settings.crossdomain.info.override">
<fmt:param value="<tt>&lt;openfireHome&gt;/conf/crossdomain.xml</tt>" />
</fmt:message></p>
<p><fmt:message key="httpbind.settings.crossdomain.info.override"><fmt:param value="<tt>&lt;openfireHome&gt;/conf/crossdomain.xml</tt>" /></fmt:message></p>
<p><fmt:message key="httpbind.settings.crossdomain.info.policy" /></p>
<textarea id="crossdomain" cols="120" rows="10" wrap="virtual" readonly="readonly"><%= (isHttpBindEnabled ? StringUtils.escapeForXML(FlashCrossDomainServlet.getCrossDomainContent()) : "") %></textarea>
</div>
<textarea id="crossdomain" cols="120" rows="10" wrap="virtual" readonly="readonly"><c:out value="${crossDomainContent}"/></textarea>
</admin:contentBox>
<input type="submit" id="settingsUpdate" name="update"
value="<fmt:message key="global.save_settings" />">
<input type="submit" id="settingsUpdate" name="update" value="<fmt:message key="global.save_settings" />">
</form>
</body>
</html>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023