Skip to content

Codecrew / Moya

Go to a project
Commit 6698126b by Tuomas Riihimäki
Options

Check that hostname has not changed in this session

1 parent 74c97cfb
Inline Side-by-side
Showing with 13 additions and 6 deletions
code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
......@@ -19,9 +19,8 @@
package fi.codecrew.moya;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
import java.nio.charset.Charset;
import java.security.Principal;
import javax.ejb.EJB;
import javax.faces.application.ProjectStage;
......@@ -35,8 +34,8 @@ import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.HttpRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
......@@ -53,6 +52,7 @@ import fi.codecrew.moya.rest.RestApplicationEntrypoint;
@WebFilter(filterName = "hostnameFilter", displayName = "hostname and authentication filter", urlPatterns = { "/*" })
public class HostnameFilter implements Filter {
private static final String SESSION_HOSTNAMESTORE = "moya-session-hostname";
private static final Logger logger = LoggerFactory.getLogger(HostnameFilter.class);
private static final String HTTP_HOSTNAME_ID = "moya_hostname_session_id";
private boolean developmentMode = false;
......@@ -137,7 +137,7 @@ public class HostnameFilter implements Filter {
*/
private static final String[] NOAUTH_RESTPATHS = new String[] {
"/reader/EventRole/","/user/auth"
"/reader/EventRole/", "/user/auth"
};
......@@ -147,6 +147,7 @@ public class HostnameFilter implements Filter {
// logger.info("HostnameFilter called!");
HttpServletRequest httpRequest = null;
AuthType authtype = AuthType.UNKNOWN;
if (request != null && request instanceof HttpServletRequest) {
httpRequest = ((HttpServletRequest) request);
parseHostname(httpRequest);
......@@ -208,7 +209,6 @@ public class HostnameFilter implements Filter {
private boolean restAuth(HttpServletRequest httpRequest, ServletResponse response) {
String sp = httpRequest.getPathInfo();
for (String s : NOAUTH_RESTPATHS) {
if (sp.startsWith(s)) {
......@@ -274,9 +274,16 @@ public class HostnameFilter implements Filter {
boolean ssl = proto.equals("https");
BortalLocalContextHolder.setSsl(ssl);
HttpSession session = httpRequest.getSession();
Object sessionHostname = session.getAttribute(SESSION_HOSTNAMESTORE);
if (sessionHostname == null) {
session.setAttribute(SESSION_HOSTNAMESTORE, hostname);
} else if (!hostname.equals(sessionHostname)) {
throw new RuntimeException("Hostname mismatch!");
}
BortalLocalContextHolder.setHostname(hostname);
BortalLocalContextHolder.setInDevelopmentMode(developmentMode);
}
}
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!