modsecurity loader

2025-11-20 02:57:12 +03:00 · 2013-08-09 15:48:00 +03:00
parent b1755c5b84
commit a662d8fe4c
10 changed files with 299 additions and 43 deletions
--- a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
+++ b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java
@@ -22,22 +22,14 @@ public final class ModSecurity {
    private long confTime;

    static {
-//        try {
-//            Class.forName("org.modsecurity.loader.ModSecurityLoader");
-//            System.out.println("MS loader found");
-//        } catch (ClassNotFoundException ex) {
-//            Logger.getLogger(ModSecurity.class.getName()).log(Level.SEVERE, null, ex);
-//        }
-
-        //TODO: bad practice (if we have two webapps using ModSecurity, one will raise UnsatisfiedLinkError), 
-        //native libraries should be loaded in server's root classloader
-        System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll");
-        System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
-        System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
-        System.load("c:\\work\\mod_security\\java\\libs\\libapr-1.dll");
-        System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll");
-        System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
-        System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
+        try {
+            //ModSecurityLoader calls System.load() for every native library needed by ModSecurity
+            Class.forName("org.modsecurity.loader.ModSecurityLoader");
+            System.out.println("ModSecurity libraries loaded.");
+        } catch (ClassNotFoundException ex) {
+            java.util.logging.Logger.getLogger(ModSecurity.class.getName()).log(java.util.logging.Level.SEVERE,
+                    "ModSecurityLoader was not found, please make sure that you have \"ModSecurityLoader.jar\" in your server lib folder.", ex);
+        }
    }

    public ModSecurity(FilterConfig fc, String confFile) throws ServletException {
--- a/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
+++ b/java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java
@@ -25,7 +25,7 @@ public class ModSecurityFilter implements Filter {
            throw new ServletException("ModSecurity: parameter 'conf' not available in web.xml");
        }

-        
+
        modsecurity = new ModSecurity(fc, confFilename);
    }

@@ -39,28 +39,25 @@ public class ModSecurityFilter implements Filter {
            int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified

            if (status != ModSecurity.DECLINED) {
-                if (status > 0) {
-                    httpTran.getHttpResponse().setStatus(status);
-                    httpTran.getHttpResponse().sendError(status);
-                }
+                httpTran.getHttpResponse().sendError(403);
                return;
            }

            //process request
            fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse());
-            
-            
+
+
            status = modsecurity.onResponse(httpTran);
-            
-            if(status != ModSecurity.OK && status != ModSecurity.DECLINED) {
+
+            if (status != ModSecurity.OK && status != ModSecurity.DECLINED) {
                httpTran.getMsHttpResponse().reset();
                httpTran.getMsHttpResponse().setStatus(status);
            }
-            
+
        } finally {
            httpTran.destroy();
        }
-        
+
    }

    @Override
--- a/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
+++ b/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java
@@ -16,7 +16,6 @@ import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -28,7 +27,6 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.DefaultFileItem;
 import org.apache.commons.fileupload.DiskFileUpload;
 import org.apache.commons.fileupload.FileItem;
--- a/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpTransaction.java
+++ b/java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpTransaction.java
@@ -19,6 +19,7 @@ public class MsHttpTransaction {

    public MsHttpTransaction(ServletRequest req, ServletResponse res) {
        tranID = UUID.randomUUID().toString();
+        tranID = tranID.replace('-', '0');
        this.req = (HttpServletRequest)req;
        this.res = (HttpServletResponse)res;
        this.msReq = new MsHttpServletRequest(this.req);