Parsing a simple XML document using JAXP (JEE6)

Question

Parsing a simple XML document using JAXP (JEE6)

I want to create an authorization filter for my web application (in order to be able to restrict access to certain pages).

I created a simple .xml file with pages that every user is allowed to:

<access> <buyer> <page>buyoffer.xhtml</page> <page>faq.xhtml</page> <page>index.jsp</page> <page>login.xhtml</page> <page>main.xhtml</page> <page>registrationSucceded.xhtml</page> </buyer> <seller> <page>sellerpanel.xhtml</page> <page>faq.xhtml</page> <page>index.jsp</page> <page>login.xhtml</page> <page>main.xhtml</page> <page>registrationSucceded.xhtml</page> </seller> <administrator> <page>sellerpanel.xhtml</page> <page>faq.xhtml</page> <page>index.jsp</page> <page>login.xhtml</page> <page>main.xhtml</page> <page>registrationSucceded.xhtml</page> </administrator> </access>

Then I need to do a parsing to extract the meaning of the pages, to create conditions for permission or redirection (depending). I just need someone to tell how to extract the values of these pages from xml. This is what I have done so far:

 public class RestrictPageFilter implements Filter { private FilterConfig fc; private DocumentBuilder builder; private Document document; public void init(FilterConfig filterConfig) throws ServletException { // The easiest way to initialize the filter fc = filterConfig; // Get the file that contains the allowed pages File f = new File("/allowedpages.xml"); // Prepare the file parsing try { builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); document = builder.parse(f); } catch (ParserConfigurationException e) { e.printStackTrace(); } catch (SAXException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; HttpSession session = req.getSession(true); String pageRequested = req.getRequestURL().toString(); // Get the value of the current logged user Role currentUser = (Role) session.getAttribute("userRole"); if (currentUser != null) { if(currentUser.getType().equals("BUYER")) { //Loop BUYER Element of the .xml //if pageRequested.contains(value of the page at buyer element) // chain.doFilter(request, response); // Else // Redirect the user to the main page } else if(currentUser.getType().equals("SELLER")) { //Same as above just for seller element } else if(currentUser.getType().equals("ADMINISTRATOR")) { //Same as above just for administrator element } } } public void destroy() { // Not needed } }

The comments inside the doFilter method explain what I need to do. Can someone give me advice on how I should iterate over the file to find the page names for each of the user types? I try to follow JAXP examples from the Internet, but they are more complicated than I need.

Xml update is stored in WEB-INF / classes

+5

java java-ee xml parsing

sfrj Apr 14 '11 at 12:57

source share

3 answers

May I ask why you are reinventing the wheel? If you use Java EE 6, why not use the built-in security mechanism, similar to what you are doing, but declarative in nature?

Read this article .

Essentially, this will work to write this to web.xml :

 <security-constraint> <display-name>For users in buyer role</display-name> <web-resource-collection> <web-resource-name>Restricted Access - Buyers Only</web-resource-name> <url-pattern>buyoffer.xhtml</url-pattern> <url-pattern>faq.xhtml</url-pattern> <url-pattern>index.jsp</url-pattern> <url-pattern>login.xhtml</url-pattern> <url-pattern>main.xhtml</url-pattern> <url-pattern>registrationSucceded.xhtml</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>Buyer</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>

The example above is for the buyer role.

+1

darioo Apr 14 '11 at 13:12

source share

use NodeList nodes = document.getElementsByTagName(tagname); , the tag must be a buyer or seller, and so on, as you need it. Go to the node list and read the data.

0

Manoj Apr 14 '11 at 13:05

source share

Balusc · Accepted Answer · 2011-04-14T13:12:50+0000

Rather, use JAXB. JAXP is an old and very verbose API. JAXB relies on Javabeans and is therefore clean and relatively simple. First create a Javabean that maps 1: 1 to an XML file using javax.xml.bind annotations.

 @XmlRootElement public class Access { @XmlElement private User buyer; @XmlElement private User seller; @XmlElement private User administrator; public User getBuyer() { return buyer; } public User getSeller() { return seller; } public User getAdministrator() { return administrator; } public static class User { @XmlElement(name="page") private List<String> pages; public List<String> getPages() { return pages; } } }

Then do the next part to map it (provided that allowedpages.xml is placed at the root of the class path).

 InputStream input = Thread.currentThread().getContextClassLoader().getResourceAsStream("allowedpages.xml"); Access access = (Access) JAXBContext.newInstance(Access.class).createUnmarshaller().unmarshal(input);

Note that you should not use new File() for this. See Also getResourceAsStream() vs FileInputStream .

Finally, you can access all of the buyer’s pages as follows:

 List<String> buyerPages = access.getBuyer().getPages(); // ...

Needless to say, home security is not always the best practice. Java EE 6 comes with container protection.

Parsing a simple XML document using JAXP (JEE6)

More articles: