Package org.pentaho.platform.web.servlet.matchers

Class RequireJsConfigRequestMatcher

java.lang.Object
org.pentaho.platform.web.servlet.matchers.RequireJsConfigRequestMatcher
All Implemented Interfaces:
org.springframework.security.web.util.matcher.RequestMatcher
public class RequireJsConfigRequestMatcher extends Object implements org.springframework.security.web.util.matcher.RequestMatcher
A request matcher that matches requests for Require JS configuration files of Pentaho plugins.

The matcher checks if the request's method is `GET` and its path info ends with `(*-)require(-js)(-bundles)(-cfg).js`, and, additionally, if the request is for a static resource.

This is used to ensure that these files are not accessed in a way that bypasses security restrictions (see PPP-4794).

  • Nested Class Summary

    Nested classes/interfaces inherited from interface org.springframework.security.web.util.matcher.RequestMatcher

    org.springframework.security.web.util.matcher.RequestMatcher.MatchResult

  • Constructor Summary

    Constructors
    Constructor
    Description
    RequireJsConfigRequestMatcher()
     
    RequireJsConfigRequestMatcher(RepositoryResource repositoryResource, GenericServlet genericServlet)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    isRequireJsConfigRequest(jakarta.servlet.http.HttpServletRequest request)
    Checks if the request's method is `GET` and its path info matches REQUIRE_JS_CFG_PATTERN.
    protected boolean
    isStaticResource(jakarta.servlet.http.HttpServletRequest request)
    Checks if the request is for a static resource of a Pentaho plugin.
    boolean
    matches(jakarta.servlet.http.HttpServletRequest request)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.springframework.security.web.util.matcher.RequestMatcher

    matcher

  • Constructor Details

    • RequireJsConfigRequestMatcher

      public RequireJsConfigRequestMatcher()

    • RequireJsConfigRequestMatcher

      public RequireJsConfigRequestMatcher(@NonNull RepositoryResource repositoryResource, @NonNull GenericServlet genericServlet)

  • Method Details

    • matches

      public boolean matches(@NonNull jakarta.servlet.http.HttpServletRequest request)
      Specified by:
      matches in interface org.springframework.security.web.util.matcher.RequestMatcher

    • isRequireJsConfigRequest

      protected boolean isRequireJsConfigRequest(@NonNull jakarta.servlet.http.HttpServletRequest request)
      Checks if the request's method is `GET` and its path info matches REQUIRE_JS_CFG_PATTERN.
      Parameters:
      request - The request.
      Returns:
      true if the request method and path info match; false, otherwise.

    • isStaticResource

      protected boolean isStaticResource(@NonNull jakarta.servlet.http.HttpServletRequest request)
      Checks if the request is for a static resource of a Pentaho plugin.
      Parameters:
      request - The request.
      Returns:
      true if the request is for a static resource; false, otherwise.