From 8a0e3d0e9f3d824d9f074bad1e77a8dca518e417 Mon Sep 17 00:00:00 2001 From: Mihai Pitu Date: Wed, 28 Aug 2013 17:54:24 +0300 Subject: [PATCH] Loader improvement & request wrapper fix --- .../dist/ModSecurityLoader.jar | Bin 2497 -> 5181 bytes .../dist/ModSecurityTestApp.war | Bin 105607 -> 103994 bytes .../src/java/org/modsecurity/ModSecurity.java | 81 ++++++++++-------- .../org/modsecurity/ModSecurityFilter.java | 3 +- .../org/modsecurity/MsHttpServletRequest.java | 21 +++-- java/ModSecurityTestApp/web/WEB-INF/web.xml | 22 ++--- java/ModSecurityTestApp/web/help.html | 44 +++++++++- 7 files changed, 108 insertions(+), 63 deletions(-) diff --git a/java/ModSecurityLoader/dist/ModSecurityLoader.jar b/java/ModSecurityLoader/dist/ModSecurityLoader.jar index 867a2714135ccd7b6f32ee9d5ba6c75165156512..3b1f73f4bcb16e77218e4001ca551ea4f389b239 100644 GIT binary patch literal 5181 zcma)AYj_-08GcW)o0;rRXuC}>Td-_zG~IT0Tc8EfQccqYLUy;&q&IGLvO7(t-5ayB zZG$2fK~xkKDAKAZ*jle(Mbie5t5&I^{_+>kgO7iF{NWFO>Z8>6%*<{kmzK`6GjqQ0 ze7E!6&e<90Zw`b26$n3mO*ed3D+0*$40R>?vc0JfE&u}!(hy0N%A-&Go#gUv=iMO9 zbY=T`dj^M+ncj?EGWQ!*JF&~Ks%E*=8QYLt-xlgB`7m7-JvVB^h~wnV$s5~3-Ik%- zMn17^Ow!+!T)%Jq#>DXYO|gz0mYypZvF@@}DOo=krEBrq}Fpk?c9WP#B91^H(zq`L@s`LuagPjU+gBWdd2c#+Fgv9E0+%W(DPk%%{B`@ z>=I&q!MG#a=bLQVVwOyMt3Y$dnq2~c?sA@X%}JXjBU>vD8`h9MTp%WrE;FTf>6R&B z4;ipW&8k2=E%VTyWnSL+w7MBhmnd>BZ4L{p?wIManHXtRlW{~K=9|mb3Wb5PS+WhQ z=Sa?|$a1A@KgrHgm1S7nZyMBAI@n`bWs4+%lH+(yAFh@QHJfg>M;VtvThATL=oM#S zZaNBt8nU^_K#?Ucu(0DUpB-MH9nb032+8KpGA*EP$rb8;K4^>y1P{3h(JHY{I2;$# zjfZc@rSj!sD$797-XO`d1?qKt?4L}VRa+8Jk|Yo&?>@$n%+txYmvgnEQIh1%`QiOC zVlr8eq?miDif&ceLQ{33ZL(n*R-q?dC73#QoGQ!qT;O(oj7 zz~{b(e}DxA;_fk(!Cwx|!WY z!4DPuNWqWUI28PZ^{?Qk>=Vp^!E(*Y8NH?~f`u~@Iw}3AVKcTUctOL9_?f`c$wn|+ zo=zc{ElV|=kzy82igAti0z+5PNg95Rmo)qWzZ96~Q2HIk#b_AESqx+B>Y-3(zf zOl)A)a+*V@3rbjXVd)47&LiksIQyQ4ckxGd-AT=^XEkg?H%nZ$V!m8OK~GD_ucDPe zUH(;5g$s0CX&ank!j9nsM$Q&!_xrV8j1(%3y^=~5SoWc$)3nGQBijh=@hg|;DJBk% zRc(V^B_Mk@OL&&XEn8sNYweb9vBkCMm5Na!d15y58HMO&H%nZ#%Wha`ZO57!gro?U zjKh7-#+sv{>pY?>aT1v$WUjlnQBtd}LxMzhAS6L4yRkl(_+9-|4&5b)d_l1Dzgm6Je-&DQcKGQa;SGz~q z`6bNmOQt(nVHDGAT2{e;JR7V%pw%ac%WO)gQtopHt_f+y34p2@s|mc3`8MAUJ##(9q; zM7&FJhBknA&|wZh{vFdW7xVazpaX09ZiY0Y6Ibz>Cv1>5JRwDS4%EyW_Jyj@!}F zqu`Ei1^rFi`PeH5NOMMdQd*xumLutqwY;S_XL$0k&yxZ>FhC*|AFqd@`EOjXM!vUR zL70Bi`p=;)vu+$$WfPG(oQg+cbwtcV zEUP1yd5Gn8#BvX@qK;VMAy(EAD?P-jI%1WBh%9v!U-t%9pF@W|rADcx2f) z>d@MFggWccx_E>N{k(~Igc|Gf$#{h7Jm?G~sp37nkB^Am!Vsefh$qE!;v`cg;3V~H zOfTSSQY~f7uVn(quo%nvT*(Bwj!D0o$<)Dmi=&?jx)%wib`p=WaU5e>zR1?`Hk-n` zYy^KH{d+9u_sR8Fa{YrE{zcCJpi4CIP!YyPZx|PZE3EHDj z-_sc6NTt1xVF)`}6npUic40S*?il;V9*)9X!wbaU$&y^m6WU$4o5iBx&$tKovJB_( z)U}WDo9T&Hp<|f-TFb*|j=VvxPL^>Vf;NKfpqHal^$}Dt!S*mhc$By7ST07=$|8OU zk&9HXC^(?tpaPydiwa5#$^y7Z^TM;tD5yBU`$z`-7d)z$FS2)BN=gudQh;p=ThLth z8eq4OpB4ILW2n-SCfEc0qN%<4(x0YC#cMA9*(KkNuTSoWs!7(_K2=Eud7V5eTTz46 z_u=Yt%4J)2FR6SxT_bnf%W?1q(izqaA=AGB k)y14V`p%_=_|D5|N38orXrMnRw+Lsac%0nF<>r9@0~!|T=l}o! literal 2497 zcma)8OK%%h7(Lf^;>px*QnyXtWm;OWQ#?-kCP`b|G=Vg>V@Mh*kU(R5l1w}HSTp0& zu&acG#DWE4!xmM_x-3e?qDv(DBVfsjKY&o-T#p@3Wpg|zFEuO+>rWL^zqNfFJ&v^ zm$mewYgBDhn{nKx;~G9KW~go(o|i2f{`#brRPSbI7K_E%(( zB&jCV9x>ZFjFA{x%I&T(($NU{dX4s>9kheUwt?>c@!5hh$bIEs-yPJKj$V~)zIge| zbArxeMdjY+RE%Rn<@ACaT~u)imxtI~QE*koyO>lkC56**TvKpe!3_oPDab3hsbEII ztvF`mm=hSBwi=dyT_BpytO&$roSG>xT(BBusa3C-?y^y_DM=L^?#+tfT5{eI#{6~5 z6BsK!9qvz*+VWt&sM%r+Wpxh3DV8f#NBBw_JC zFEFr59eNwyhGOWpG?(g!3nZ6(qk6w+G`kVkS%CthUDw;4#SC|iKK6HfgqH=B>8jmf zD`Gwr&_W*XG(48Cw`!S8u5o|Xbscw#=<5)^y8D$dpCHa|1 z;EtS}Y%|`@Yp0Oq{#ccVb^APPp;>hqvO*P%C$u2fn%TcGr zhz|x1SoURBxz8v}qs~`je>anmm=_0&G4xeLZ2tSZv>$ETKS~ckhNspTgE@zjc!wco@HPXIJ~iq^aF+5n*wX_g zr`XHUX}n4QXE;_7{Ra_o@^1`ah}v&;;yTAQnN(jw7eWaMI!jYYq1!GSztWimPXC0# zRQxHF)X+1in}{u>5*(zGve_$};jVl{&i1j9kQ5>P++kB~wgHk}^um``C|>FiBo_B&kRsR*sXz z71=O{EM*bs%iN(QH9OmxtFmm*;Bm zNawdi_mu7V+AH=srpWvkp_zwrpCBXmy diff --git a/java/ModSecurityTestApp/dist/ModSecurityTestApp.war b/java/ModSecurityTestApp/dist/ModSecurityTestApp.war index 8525d7c34a30fc7de6cd4b7eb32b3fab0616ff82..e6819b76c3b05d483eff399b3edd476787e2a589 100644 GIT binary patch delta 5623 zcma)A3s}`f+W)=(!?|(*L6nP#2gM7>MZ5!sD2k$DUe|ERJjg+g9ykPeH-R#} z5*4WSpq8!L>)K}7`sxh-6QzK%F1t+%Fn8bP2ln)N-=apm8D4_|{yeah6fk!1O8>~k z%osm#V^}9YV95PZ3uVrEYZLcAoYW0S>ZT9>MUwuftQg;u&XZe_I%^O|SUnh`Lv; zNW=mQ7TUO7WX56(mRPXVf@Kygx8Mm2R@hL7dNUei`=l99*$|4A7CbH6RkC`C4~yI9Uv?>S}^xf_~~?d{{Oi*yDAUx~lWN3o1+X&-T3>&ZxUsYl2zMOmLUz4c9vB zRVO3#Jqv>jnrpG%yg!>7^l$h7k#_qo9Oy+sFR&o}hgaS812 zBPg=t6&xf)7J5sky5=mXcGoU()YLkwYh9&jW*oAk950&jf*ptPEB()hvJ6LHpQ&aDBN%x)w)a2*E|x-$E22tg8KrZR3i zkES6W{WzK#NMX|kD%!zJJqRN(1O*t1$;d_)bErZvwyeHK7z>hN-uh}~o%BI2vmU`rN5RUTuptk2WdCHaw_4SkL7H6W z01>P9bJZ5JaUnRdnjV^NlR7WN%lohacx8QNvzdz+PUc)ON5sMqWWBn8V73 zEAN#mwL8Ma@}L~m3ECZmno)L-r#P$yvYN|qIox{9(e#Yv9N-mg48bB=UEcxo&|5L= zfceZ&W7vZV{o|vV$qnd?ClQU6iqfvIVgrO_emM48a7H?BvJBo-{n_8Sy!eK& zLo-pvEFb5MwS*)66pydwsIB34EAsR&PQPOv!!a7mmXFh4J);gS-T>a zlMV)@P^x+LTfQ_vmMm6ih;P=XA5w~$mYQjq4PGj+p^TQ>;G!q2m_{pPRcEGp8$8ri zRyDqvpLMtB7q2Dh%fDJn^}6-if05buk86o01EI5imCuREExq*E76&Ejm)=VB?QS^{ zI{GNi;26%M86V&{ev1>hiZ^i`Z=nUJ@DH5E9mcqacgToyl#cV1iT5ZM?^7N=pb7Yp zCgUUD?mL@k#P2u<{+^fqWkli=PFh#d1ApQK^99HJ8mHDTIZJ-UOXfO9^9Co@zwkb9 z;pqPr%kd2#wl{rMcYjWG-*FPS&Aa6ehy6$1UH4!o14kkV4%VS3nb3!JIao9ldXe0+-padME?l?xtc%6FT zI3?i>^~H{@juarEH7~sWcb;$Sr0W z=ybvxZ0DP7+esF13b}NeZ9I!Y`fp64-(V)aFLHzEp`o{UqY2(_GQG?E7j*)zq7x`9 zN`4JBeSsZ3Kae98$0x&We9v*ycx%7J8(HHtos1uZ z%}6P+cQ}lsbUmulAfKEk;3;ZGg_vZd?sfB&=+{s=LrK5V_n)O-XW!o7o%9zZQVVL48H?FYsc}3V zW8!d5T^Ynkms0OLR9%NO6Ew|?j+zAyjkl7sI%}J+=2Egz*z)NO zaWWS{jyPLD=f#F`bVI#ZzIwLo>&yLs%l(>Hk0*DRt|2zZ{jZm& zHaj6TwQWpXDWxpqQodDZh*%e84_f4{o?l$yEq$yeaAPi>=UnJ4W`vqzg_c(8@klP| zRnBT>Me0JQXMszcFQdLeQi|edX6(fkp8kqs@1NorK$JX1or`*iD`gbZo>A4DYL{Y^ z_*0A|)_>w+VJXh4>QujleSV5fE9QS<72-#5&+%3+4Dbv87k)A-asSR7yPtYNt=khI zPWcz&2i*N2c6)_lS_3Kr;jVPormA4{np-PUT`W7)MV4?Tf8gOWZeoG*;=fUsmrmFF z>WWik6xsauGMaDcShB>ipmL74qQX^K>#m&Zs4aJiP4g(S&wZK0(rc=ml{pTV$0f09 z9PUbq=5UsH7rGo`#0=^s_T*7eXqnqn>#BCR7CS4dJTBp!&e8txQ8J5`YDyL#&!l+S zHHv!I~=99Cz6gR!^yx z_7kcta@Ur#Vl`gRf?AiO%2``pb6-J|Uvb4m46UZ{&UxO-GWXmxUdgRSvJDSt-prbN z{Cm2%mTaBn{uS=$XsG;SLo_`{!_~;O=V*We;?|J*+d|A-6PVh$hVs?aS8HgZ0tT<8 zA_a_CM_t6BwG^%Ad}&UK#H}Eh`6tAqK9;$zd``VY9n7n~9^!oTvk-DBD9P;*A ze(v1)Og4Qw7 zYGc5zIyrlAkenSTKHNyrisptK9gwL;_1s{S9+qR&yJjVbM|H9**~fY>tKOvnvhcg7 z?Q3dyc-Vtv-9*c#fMaH!p%rTwU6vVb1k$Ft!yhCu>W&eSVul_dyZ=wnKf7Y?$Tl+Z z`DW^@6nj17Li#nn`p6>RF|A)y!#B=W^f3MN5|gq;S?kf++U!yphJN~~xna7eEJn|9 z`7zYZe%qS0pNPkG>a2y7-$%=t7o&G@KftJd3p2VpzYRlN*+LOY#7#L2I6Fu11PTkb9=6=-iDE-Y>GWcf_?|611Iqi@VVjF3LBNT@n1T zY2~f(U_h3E?c|P)R0KUlaRNms+x$*^p1K%b=@yuKJB94Zh)1RLwp#<=95`rgUsJ>X z4j{}JJuELNFj|>LL`|qLWv|Hg(?Y&L21$?Z9)b@5<`$8Iz%xvLEs9X z6eTQCWS^|E0fM0Gf(6B0S)ZJThBf1p7won z{7Jtx&-evQo}@Qeh|EN54o7bZNYS^W8@XLCXKy5_?n0XEL^5Zoeg@~Lelr)U{tYe( z#{O99^LK+tJP;v@>Vx8(O<6u9e84h#z#;(Fw4}9pNvkikh}GpQBC~Z{W#4sP_eq2r zyc7MXpBgMn-0mI(r~JXJR?ZD+(kqU>I{oF3eoQ2vv67Tl^Z>_+<`LGej^W{~fS(z$ zTCWDhxl!)HoKgMVgVv%eIssuP@bZ-voqD<@$@w^{2b; zcWiYZh^{~DM)AeMrP1nSUHcZ38eH0#ZB@*5t_<7M-$W#zaXoqn>Z6C2re({;q4oje zM_VX>vMpqzq5f!wS!g(okkcF!-6;E!awS(bd9ulu%_tKUn5dA+Z90S&gH))!Edz7)VlPk4c@*q;GIEqOESlnr`+OCKEPF zfDY5et=Mri)&jb&Vaeip%u?irv8JJEv4hE4?Wk*Nam;9OwqnMOoJ^Lgx>iSvXC=74 zsk)0xK zR7Bw>Dz;ICoTO8v_|1aw7#n3!rd&&q%^({MrW6~cQVLV1IK-i&|BW`8q9u(ifPe{b z-j_VYh1D~KiMFIL7bW5@1C$r}6HBJh_QSl8bohrI+ta#<4`HOEV6+ysnnp(O7lL`X z8;U|H3^Tw}f2=`oQXK3_Tx-zl(Z|>gM@eTtO!@&w$si{#<9_llx2GQ^(;*xopzIG6 zdPORZV5W2!D4FHtT2^Bz!OQAE8O-P=veHCI zTms2ULAV?clc3=;x`A$1?Ak%yicun1)1h_saz5D0`CuAINgmEEWbiNMpJRRy5J=_j z0ZJqK1bb``!!a27%PCm4<{9i!(6mRtVYrq)`gP&pEF7PWd!K_FoQLhXQ0DE>RHfp0 zxKgg4Qm{di@v@oVVNGCP#* z;nW0E>)}-1Fp(4Y*nrgqP~k$zzDO}B4bZBXj3$=oJPdm7z4W?!hYxvK!2L@j_po67 zUs<>lEG!2LOF?oOSXlA@VZk8X-pzuGMu5Czp^uA6<0M+|MU73b(wWkfRreaQL52*E zK);A=*DoM*U5^c6$Ac{gbR}!LwC5F*(*51M?eBw5=jBbOjD&seJ4>A$;+u}AZW_Jk zER5-_LAb`G2J}XO(12+5t=~Clp{2OlqE-K0%?dG z4KY!+iH5?*t6QoXYY^U5MzMNw5>r+RGEBHQcWZ>W{K804mfGLt!$IF*iM-^Fmd2&- zbkLJvxZ0Cg`lKHd4eOg|^i6ej?yTj`Mk<~CY|@#8JmHfx!k~!0Y|%8yMRB!2ZuwoC^BP^7dtgQVoS@nGDy zv_Yarc;Ebv85j%o4AtESn1nCIOa1h4Y56I+55|B~Q z9lU|wg|O-N$Uuo-kI0}yL@-=SVi-sa2d5(x2^j$-@g5R^eImaM_Hl|tJfNfm)sRdE zvJiV(Ol&t96%83N{SJXXfO;h{2^P5nHF2nx0+~)neH^xQZp?x({eMdFw#O{u$z+cQJ%SQh}Pl^{h^7IF(Ve8&u9H+H0 z_ZM*otz!P(BvG{2B)UEd?b@>UIL9Z$V*GJorN1TKNfQiR#P$%K^v(Tb%rlFYeFI%) zdx(FOpLEv{OOy%yA>6M8eiH_ZNQa}|h+dBZj!?YG;1Yv05(|h_z@!1n4&zJ5N(Qu_ zDML8U48^HzoEZiW9FB@A2WN@ua4H;qK1xBe!kAAkIRuBO2n*56Q4x+xFDRvAjHF|h z0!_BE{!+MeHW-p?V=T zx%QQ?&%2T1TBs?frscAWsav#>$ z;?_2x-$rA^)x$6QPk=ez1j$Rp>qpeLm){;OW%cpk(}s`cHQ`d_GfiZ_Hd3rQ9^G}Y zd#%AAbu&Lf@q9oOK3l>E#oA|Y;(g*z&&~;yA18QG@v6 zcah>?cTiWybFb+Aw*kd=ieydPak7Yai9;s~c#HV@7^ON^$B{SJWyp^Su%j`UJ7(Q^c6h;IN;=W4^$( ze~J9~HO%sS*T!#Vv+Dx9{|C6qkGSv4aI2rl2Iq@JWJ_QJbZf+y1~a9zKZ;rljb$s1 zXB(9w4&K83sEUKh$sy25C@sRd#W3n+97QWRn%Z~(J;<@NljD)a66hc&(h*LjW1LLK zIfYKKopy-%-@a!YLLrK%;7tsxnKAT5V4m6O<9ZoL8 zEtgXe-%Mf9M;zZugLw*|rcxeHqX|5NN_eJt>3<%Hsw4|n0arD}at$P@r3|j4AzUx+ z`u=3%G01oVay<*|&r>n~9`e0F<@_Q|=F>EbUlVgL6o_vxWCu7+E9O&;*RF0BUeDgzO-A54iW0>>bXb^t_WGhc4<(sN7;U>b-Y^7`>+00h)d}%&uU;s4A!Ika1T>f8?gIE#?v^dr-#w1vVyOW zj(@_XU!?@3{B#{&^)Mfy^P@bSiAL$nRH5^yxjG9ubyjM{e1$GZ$tKH+1dm3IxV&to zQ9bmP;!-L#AR|U7h0FAwueJ?vu%T*K-sDP;=yLQA6p-@Oc?F$T7LZ3{*Z_~xt4oL^ zzn>7Qm=iCOQC9?oZF7uRIkfBVqTqR-UImU3X6l<4UVqI~LCq z!c=(7-QT|nl{MYfZ5_^bBM;R^Fh9~FregOD)M-zOG?$K$71P@HR_C)CAH=AkzDIfPYUiY!iw)eH- zwVae7^XcdNYVT;r8@_z{ve((xq6bGq#QE4DQKg4CPbmWds?y zZRP;)iJwwTqGPz9R=kdFN?8@_c!2Iwq6E-(uVcGfd{r)r6m@EHN|d=4t>+L$*yk4-AHr`92jqA~OhF!h@#zg|dLsF_UoCnh&(G1aH*lGvzG?%AoXV98 zd16(8QEbXh)UIssuwZ)tyC00|*^SpOZ1C_g>lEL!0f9TvdxzaY6aw?S^~ zuJ>%DY=6+h+ptfICr3pS$;bCP8yggG^UXn8#5ND~BO40(*%8O(Q|6UJUgbaA74*h+ zk=p0LEm_^Z86;P3lIvReW{y;v_W5DT2gB1l0GWL42P^Hv2RTli?ERKVc-QFt>uejm zSDy6!y4ZWp{lUTWy`lFQc%J^a^n)Z(xuc(UY_rE&Wm)~OjYvK>`hb6WqzBw0Dh}AR z*e#x$Pu~JT-##UGb2Qf$4paR4RM9?&l3rAx!gYLr79co86~3}|*5bAz+!@dGY#U|e ztUwe-SsO3J8?bz)`(TVd>pt?}%Q3y+soQS3bO`3}2{Yf)y=g_1I i{G{e=taU8QT(G!#@+2do8sQy3lOpgUKWn{A<^KZx<4*Jd diff --git a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java index 65621038..2eabdca1 100644 --- a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java +++ b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java @@ -18,41 +18,46 @@ public final class ModSecurity { private long confTime; private static boolean libsLoaded = false; - private void loadNativeLibs(String zlibPath, - String libxml2Path, - String libpcrePath, - String libaprPath, - String libapriconvPath, - String libaprutilPath, - String libModSecurityPath) { + private void loadNativeLibs(String zlibPath, + String libxml2Path, + String libpcrePath, + String libaprPath, + String libapriconvPath, + String libaprutilPath, + String libModSecurityPath) { if (!libsLoaded) { libsLoaded = true; //ModSecurityLoader calls System.load() for every native library needed by ModSecurity. -// try { -// Class.forName("org.modsecurity.loader.ModSecurityLoader"); -// } catch (ClassNotFoundException ex) { -// java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE, -// "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex); -// } - - //If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if - //ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running. - try { - loadLib("zlib1", zlibPath); - } catch (UnsatisfiedLinkError ex) { + boolean loaderFound = false; +// try { +// Class.forName("org.modsecurity.loader.ModSecurityLoader"); +// loaderFound = true; +// } catch (ClassNotFoundException ex) { +// //java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE, +// // "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex); +// } catch (NoClassDefFoundError ex) { +// } + + if (!loaderFound) { + //If the ModSecurityLoader is not used, native libraries can be loaded here, however this is bad practice since this will raise UnsatisfiedLinkError if + //ModSecurity is used in multiple webapps. This will also will raise problems when the web-app is redeployed and the server is running. + try { + loadLib("zlib1", zlibPath); + } catch (UnsatisfiedLinkError err) { + } + loadLib("xml2", libxml2Path); + loadLib("pcre", libpcrePath); + loadLib("apr-1", libaprPath); + try { + loadLib("apriconv-1", libapriconvPath); + } catch (UnsatisfiedLinkError err) { + } + loadLib("aprutil-1", libaprutilPath); + loadLib("ModSecurityJNI", libModSecurityPath); } - loadLib("xml2", libxml2Path); - loadLib("pcre", libpcrePath); - loadLib("apr-1", libaprPath); - try { - loadLib("apriconv-1", libapriconvPath); - } catch (UnsatisfiedLinkError ex) { - } - loadLib("aprutil-1", libaprutilPath); - loadLib("ModSecurityJNI", libModSecurityPath); } } - + private void loadLib(String name, String absolutePath) throws UnsatisfiedLinkError { try { System.load(absolutePath); @@ -73,15 +78,15 @@ public final class ModSecurity { } } - public ModSecurity(FilterConfig fc, - String confFile, - String zlibPath, - String libxml2Path, - String libpcrePath, - String libaprPath, - String libapriconvPath, - String libaprutilPath, - String libModSecurityPath) throws ServletException { + public ModSecurity(FilterConfig fc, + String confFile, + String zlibPath, + String libxml2Path, + String libpcrePath, + String libaprPath, + String libapriconvPath, + String libaprutilPath, + String libModSecurityPath) throws ServletException { loadNativeLibs(zlibPath, libxml2Path, libpcrePath, libaprPath, libapriconvPath, libaprutilPath, libModSecurityPath); this.filterConfig = fc; diff --git a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java index 76ef4420..058b987e 100644 --- a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java +++ b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java @@ -43,6 +43,7 @@ public class ModSecurityFilter implements Filter { MsHttpTransaction httpTran = new MsHttpTransaction(httpReq, httpResp); //transaction object used by native code try { + //onRequest is responsable of calling MsHttpServletRequest.readBody int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified if (status != ModSecurity.DECLINED) { @@ -52,7 +53,7 @@ public class ModSecurityFilter implements Filter { //process request fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse()); - + status = modsecurity.onResponse(httpTran); if (status != ModSecurity.OK && status != ModSecurity.DECLINED) { httpTran.getMsHttpResponse().reset(); diff --git a/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java b/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java index 3b543eea..30a7970d 100644 --- a/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java +++ b/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java @@ -33,7 +33,7 @@ import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileUploadException; public class MsHttpServletRequest extends HttpServletRequestWrapper { - + public final static int BODY_NOTYETREAD = 0; public final static int BODY_INTERCEPT = 1; public final static int BODY_DISK = 2; @@ -176,6 +176,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper { } body = new String(bodyBytes, encoding); + if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) { addUrlEncoded(body); } @@ -459,6 +460,14 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper { return sis; } + /** + * Replacement for the ServletRequest.getReader() method. + */ + @Override + public BufferedReader getReader() throws java.io.IOException { + return new BufferedReader(new InputStreamReader(getInputStream(), encoding)); + } + /** * Replacement for the ServletRequest.getParameter() method. */ @@ -513,6 +522,9 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper { count++; } } + + if (count == 0) + return null; // put them into a String array String values[] = new String[count]; @@ -527,11 +539,4 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper { return values; } - /** - * Replacement for the ServletRequest.getReader() method. - */ - @Override - public BufferedReader getReader() throws java.io.IOException { - return new BufferedReader(new InputStreamReader(getInputStream(), encoding)); - } } \ No newline at end of file diff --git a/java/ModSecurityTestApp/web/WEB-INF/web.xml b/java/ModSecurityTestApp/web/WEB-INF/web.xml index 1f94b3ab..e27407bf 100644 --- a/java/ModSecurityTestApp/web/WEB-INF/web.xml +++ b/java/ModSecurityTestApp/web/WEB-INF/web.xml @@ -17,8 +17,6 @@ --> - - - diff --git a/java/ModSecurityTestApp/web/help.html b/java/ModSecurityTestApp/web/help.html index d2531036..606ea900 100644 --- a/java/ModSecurityTestApp/web/help.html +++ b/java/ModSecurityTestApp/web/help.html @@ -128,6 +128,37 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/ Include activated_rules\*.conf --> </init-param> + + <!-- + <init-param> + <param-name>zlib1</param-name> + <param-value>c:\work\mod_security\java\libs\zlib1.dll</param-value> + </init-param> + <init-param> + <param-name>libxml2</param-name> + <param-value>c:\work\mod_security\java\libs\libxml2.dll</param-value> + </init-param> + <init-param> + <param-name>libpcre</param-name> + <param-value>c:\work\mod_security\java\libs\pcre.dll</param-value> + </init-param> + <init-param> + <param-name>libapr-1</param-name> + <param-value>c:\work\mod_security\java\libs\libapr-1.dll</param-value> + </init-param> + <init-param> + <param-name>libapriconv-1</param-name> + <param-value>c:\work\mod_security\java\libs\libapriconv-1.dll</param-value> + </init-param> + <init-param> + <param-name>libaprutil-1</param-name> + <param-value>c:\work\mod_security\java\libs\libaprutil-1.dll</param-value> + </init-param> + <init-param> + <param-name>libModSecurityJNI</param-name> + <param-value>c:\work\mod_security\java\libs\ModSecurityJNI.dll</param-value> + </init-param> + --> </filter> <filter-mapping> @@ -158,7 +189,8 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/

You can specify multiple folders for the java.library.path variable by using : (colon) or ; (semi-colon), depending on your environment. Also, the libraries can be loaded using - their absolute path using System.load(). + their absolute path by uncommenting the init-param elements in the above + filter example.

@@ -167,8 +199,14 @@ sudo cp ./java/.libs/libModSecurityJNI.so /usr/lib/

ModSecurityLoader.jar should be placed in the Java server library loader folder (for example, in Tomcat 7: $CATALINA_HOME/lib). - You can build or modify the load directory of ModSecurityLoader from - /mod_security/java/ModSecurityLoader/src/. + The server has to be started with the VM options: +

+ 
+-Djava.library.path=/path/to/libraries/folder/
+
+

+ or alternatively by specifying init-param elements with absolute paths + in the ModSecurityLoaderConfig.xml file.