Internal rest stuff to not explode on ':' in url

code/MoyaBeans/ejbModule/fi/codecrew/moya/beans/JaasBean.java

@@ -150,11 +150,13 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	}
 
 	private String restAuth(String restauth) {
-		String[] authsplit = restauth.split(":");
+		String[] authsplit = restauth.split(":", 6);
+		logger.info("Trying to auth with rest {}", (Object) authsplit);
 		if (authsplit.length != 6 || !authsplit[0].equals("rest")) {
 			return null;
 		}
-		return authenticateApp(authsplit[1], authsplit[2], authsplit[3], authsplit[4], authsplit[5]);
+
+		return authenticateApp(authsplit[5], authsplit[1], authsplit[2], authsplit[3], authsplit[4]);
 	}
 
 	@Override
@@ -233,20 +235,33 @@ public class JaasBean implements MoyaRealmBeanRemote {
 	}
 
 	public String authenticateApp(String pathInfo, String appId, String userId, String appStamp, String mac) {
-		if (mac == null)
+
+		logger.info("Authenticat app with pathinfo {}, appid {}, userid {}, appstamp {}, mac {}",
+				pathInfo, appId, userId, appStamp, mac
+				);
+		if (mac == null) {
+			logger.warn("Rest auth failed: Mac is null");
 			return null;
+		}
 		ApiApplication app = appfacade.findByAppid(appId);
-		if (app == null)
+		if (app == null) {
+			logger.warn("Rest auth failed: Application not found for appid {}", appId);
 			return null;
+		}
 		ApiApplicationInstance apiInstance = appInstanceFacade.findInstance(app, userId);
-		if (apiInstance == null)
+		if (apiInstance == null) {
+			logger.warn("Rest auth failed; because appInstance not found for app{} and user {}", app, userId);
 			return null;
-		if (!app.isEnabled() || !apiInstance.isEnabled())
+		}
+		if (!app.isEnabled() || !apiInstance.isEnabled()) {
+			logger.warn("Rest auth failed: app or api-instance is disabled: app {}, apiInstance: {}", app, apiInstance);
 			return null;
+		}
 
 		String ret = null;
 		String macSource = PasswordFunctions.mkSeparatedString("+", pathInfo, appId, userId, appStamp, apiInstance.getSecretKey());
 		String macHash = PasswordFunctions.calculateSha1(macSource);
+		logger.info("Calculated hash {}, comparing to {}", macHash, mac);
 		if (mac.equalsIgnoreCase(macHash))
 		{
 			switch (app.getAuthtype()) {
@@ -261,7 +276,10 @@ public class JaasBean implements MoyaRealmBeanRemote {
 			default:
 				throw new RuntimeException("Unknown application authtype!");
 			}
+		} else {
+			logger.warn("Rest auth failed: Calculated hash does not match received mac: Calculated {}, received {}", machash, mac);
 		}
+
 		return ret;
 	}
 }

code/MoyaWeb/src/fi/codecrew/moya/HostnameFilter.java

@@ -140,11 +140,11 @@ public class HostnameFilter implements Filter {
 
 		StringBuilder hashBuilder = new StringBuilder();
 		hashBuilder.append("rest:");
-		hashBuilder.append(httpRequest.getPathInfo()).append(":");
 		hashBuilder.append(httpRequest.getParameter("appkey")).append(":");
 		hashBuilder.append(httpRequest.getParameter("appuser")).append(":");
 		hashBuilder.append(httpRequest.getParameter("appstamp")).append(":");
-		hashBuilder.append(httpRequest.getParameter("appmac"));
+		hashBuilder.append(httpRequest.getParameter("appmac")).append(":");
+		hashBuilder.append(httpRequest.getPathInfo());
 
 		boolean ret = true;
 		try {