Write request & response callbacks

java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurity.java

@@ -12,18 +12,25 @@ import javax.servlet.ServletException;
  * @author Mihai Pitu
  */
 public final class ModSecurity {
+    //From build/classes: >"c:\Program Files\Java\jdk1.7.0_05\bin\javah.exe" -classpath c:\work\apache-tomcat-7.0.39\lib\servlet-api.jar;. org.modsecurity.ModSecurity
 
     public static final int DONE = -2;
     public static final int DECLINED = -1;
     public static final int OK = 0;
-    //From build/classes: >"c:\Program Files\Java\jdk1.7.0_05\bin\javah.exe" -classpath c:\work\apache-tomcat-7.0.39\lib\servlet-api.jar;. org.modsecurity.ModSecurity
     private FilterConfig filterConfig;
     private String confFilename;
     private long confTime;
-    private final static String pathToLib = "c:\\work\\mod_security\\java\\Debug\\";
 
     static {
-        //TODO: bad practice, native libraries should be loaded in server's classloader
+//        try {
+//            Class.forName("org.modsecurity.loader.ModSecurityLoader");
+//            System.out.println("MS loader found");
+//        } catch (ClassNotFoundException ex) {
+//            Logger.getLogger(ModSecurity.class.getName()).log(Level.SEVERE, null, ex);
+//        }
+
+        //TODO: bad practice (if we have two webapps using ModSecurity, one will raise UnsatisfiedLinkError), 
+        //native libraries should be loaded in server's root classloader
         System.load("c:\\work\\mod_security\\java\\libs\\zlib1.dll");
         System.load("c:\\work\\mod_security\\java\\libs\\libxml2.dll");
         System.load("c:\\work\\mod_security\\java\\libs\\pcre.dll");
@@ -31,9 +38,6 @@ public final class ModSecurity {
         System.load("c:\\work\\mod_security\\java\\libs\\libapriconv-1.dll");
         System.load("c:\\work\\mod_security\\java\\libs\\libaprutil-1.dll");
         System.load("c:\\work\\mod_security\\java\\Debug\\ModSecurityJNI.dll");
-        //java.lang.reflect.Field loadedLibraries = ClassLoader.class.getDeclaredField("loadedLibraryNames");
-        //loadedLibraries.setAccessible(true);
-        //final Vector<String> libraries = (Vector<String>) loadedLibraries.get(ClassLoader.getSystemClassLoader());
     }
 
     public ModSecurity(FilterConfig fc, String confFile) throws ServletException {
@@ -41,11 +45,11 @@ public final class ModSecurity {
         this.confFilename = confFile;
         confTime = new File(confFilename).lastModified();
 
-        this.initialize();
+        this.initialize(fc.getFilterName());
         filterConfig.getServletContext().log("ModSecurity started.");
     }
 
-    private native int initialize();
+    private native int initialize(String serverName);
 
     public native int destroy();
 

java/ModSecurityTestApp/src/java/org/modsecurity/ModSecurityFilter.java

@@ -23,10 +23,9 @@ public class ModSecurityFilter implements Filter {
         String confFilename = fc.getInitParameter("conf");
         if (confFilename == null) {
             throw new ServletException("ModSecurity: parameter 'conf' not available in web.xml");
-        } else {
-            confFilename = fc.getServletContext().getRealPath(confFilename);
         }
 
+        
         modsecurity = new ModSecurity(fc, confFilename);
     }
 
@@ -40,14 +39,24 @@ public class ModSecurityFilter implements Filter {
             int status = modsecurity.onRequest(modsecurity.getConfFilename(), httpTran, modsecurity.checkModifiedConfig()); //modsecurity reloads only if primary config file is modified
 
             if (status != ModSecurity.DECLINED) {
+                if (status > 0) {
+                    httpTran.getHttpResponse().setStatus(status);
+                    httpTran.getHttpResponse().sendError(status);
+                }
                 return;
             }
 
             //process request
             fc.doFilter(httpTran.getMsHttpRequest(), httpTran.getMsHttpResponse());
             
+            
             status = modsecurity.onResponse(httpTran);
             
+            if(status != ModSecurity.OK && status != ModSecurity.DECLINED) {
+                httpTran.getMsHttpResponse().reset();
+                httpTran.getMsHttpResponse().setStatus(status);
+            }
+            
         } finally {
             httpTran.destroy();
         }

java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletRequest.java

@@ -81,7 +81,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
             bodyFile.delete();
         }
     }
-    
+
     public static String[][] getHttpRequestHeaders(HttpServletRequest req) {
 
         ArrayList<String> aList = Collections.list(req.getHeaderNames());
@@ -97,7 +97,7 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
 
         return result;
     }
-    
+
     public String getTmpPath() {
         return tmpPath;
     }
@@ -130,10 +130,28 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
         return bodyBytes;
     }
 
-    public void readBody(int maxContentLength) throws IOException, ServletException {
-        
+    public void setBodyBytes(byte[] bytes) throws IOException {
         String contentType = req.getContentType();
+        bodyBytes = new byte[bytes.length];
+        System.arraycopy(bytes, 0, bodyBytes, 0, bytes.length);
         
+        body = new String(bodyBytes, encoding);
+        if ((contentType != null) && ((contentType.compareTo("application/x-www-form-urlencoded") == 0) || (contentType.compareTo("application/x-form-urlencoded") == 0))) {
+            addUrlEncoded(body);
+        }
+    }
+    
+    @Override
+    public int getContentLength() {
+        if (bodyBytes == null)
+            return req.getContentLength();
+        return bodyBytes.length;
+    }
+
+    public void readBody(int maxContentLength) throws IOException, ServletException {
+
+        String contentType = req.getContentType();
+
         if ((contentType != null) && (contentType.startsWith("multipart/form-data"))) {
             readBodyMultipart(maxContentLength);
         } else {
@@ -222,7 +240,6 @@ public class MsHttpServletRequest extends HttpServletRequestWrapper {
         }
     }
 
-
     /**
      * Parses the given URL-encoded string and adds the parameters to the
      * request parameter list.

java/ModSecurityTestApp/src/java/org/modsecurity/MsHttpServletResponse.java

@@ -202,9 +202,8 @@ public class MsHttpServletResponse extends HttpServletResponseWrapper {
             stream = new ByteArrayInputStream(new String(writer.toCharArray()).getBytes());
         } else if (msWriter == null) {
             stream = new ByteArrayInputStream(((MsOutputStream) this.getOutputStream()).toByteArray());
-        } else {
-            
         }
+
         return stream;
     }
 
@@ -287,6 +286,16 @@ public class MsHttpServletResponse extends HttpServletResponseWrapper {
         return super.isCommitted();
     }
 
+    public void setBodyBytes(byte[] bytes) throws IOException {
+        if (msOutputStream == null) {
+            msWriter.reset();
+            msWriter.write(new String(bytes));
+        } else if (msWriter == null) {
+            msOutputStream.reset();
+            msOutputStream.write(bytes, 0, bytes.length);
+        }
+    }
+
     @Override
     public void reset() throws IllegalStateException {
         if (interceptMode != INTERCEPT_ON) {