roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject svn commit: r1347316 - in /roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters: LoadSaltFilter.java ValidateSaltFilter.java
Date Thu, 07 Jun 2012 02:25:07 GMT
Author: snoopdave
Date: Thu Jun  7 02:25:07 2012
New Revision: 1347316

URL: http://svn.apache.org/viewvc?rev=1347316&view=rev
Log:
per user salt values

Modified:
    roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
    roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java

Modified: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java?rev=1347316&r1=1347315&r2=1347316&view=diff
==============================================================================
--- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
(original)
+++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
Thu Jun  7 02:25:07 2012
@@ -25,6 +25,10 @@ import javax.servlet.http.HttpServletReq
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.roller.weblogger.WebloggerException;
+import org.apache.roller.weblogger.business.UserManager;
+import org.apache.roller.weblogger.business.WebloggerFactory;
+import org.apache.roller.weblogger.pojos.User;
 import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
 
 /**
@@ -37,12 +41,33 @@ public class LoadSaltFilter implements F
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
         throws IOException, ServletException {
-        HttpServletRequest httpReq = (HttpServletRequest) request;
 
-		SaltCache saltCache = SaltCache.getInstance();
-        String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
-        saltCache.put(salt, Boolean.TRUE);
-        httpReq.setAttribute("salt", salt);
+		try {
+
+			HttpServletRequest httpReq = (HttpServletRequest) request;
+			final User authenticUser;
+			UserManager umgr = WebloggerFactory.getWeblogger().getUserManager();
+			if (httpReq.getUserPrincipal() != null) {
+				try {
+					authenticUser = umgr.getUserByUserName(httpReq.getUserPrincipal().getName(), Boolean.TRUE);
+				} catch (WebloggerException ex) {
+					log.error("ERROR checking user rile", ex);
+					throw new ServletException("Security Violation");
+				}
+			} else {
+				authenticUser = null;
+			}
+
+			if (authenticUser != null) {
+				SaltCache saltCache = SaltCache.getInstance();
+				String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
+				saltCache.put(salt, authenticUser.getId());
+				httpReq.setAttribute("salt", salt);
+			}
+
+		} catch (Exception e) {
+			log.error("Error loading salt", e);
+		}
 
         chain.doFilter(request, response);
     }

Modified: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1347316&r1=1347315&r2=1347316&view=diff
==============================================================================
--- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
(original)
+++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Thu Jun  7 02:25:07 2012
@@ -23,6 +23,10 @@ import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.roller.weblogger.WebloggerException;
+import org.apache.roller.weblogger.business.UserManager;
+import org.apache.roller.weblogger.business.WebloggerFactory;
+import org.apache.roller.weblogger.pojos.User;
 import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
 
 /**
@@ -36,15 +40,34 @@ public class ValidateSaltFilter implemen
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
         throws IOException, ServletException {
-        HttpServletRequest httpReq = (HttpServletRequest) request;
- 
-		if (httpReq.getMethod().equals("POST")) {
-        	String salt = (String) httpReq.getParameter("salt");
-			SaltCache saltCache = SaltCache.getInstance();
-			if (salt == null || saltCache.get(salt) == null || saltCache.get(salt).equals(false))
{
-            	throw new ServletException("Security Violation");
+
+		try {
+			HttpServletRequest httpReq = (HttpServletRequest) request;
+			final User authenticUser;
+			UserManager umgr = WebloggerFactory.getWeblogger().getUserManager();
+			if (httpReq.getUserPrincipal() != null) {
+				try {
+					authenticUser = umgr.getUserByUserName(httpReq.getUserPrincipal().getName(), Boolean.TRUE);
+				} catch (WebloggerException ex) {
+					log.error("ERROR checking user rile", ex);
+					throw new ServletException("Security Violation");
+				}
+			} else {
+				authenticUser = null;
 			}
+
+			if (httpReq.getMethod().equals("POST") && authenticUser != null) {
+				String salt = (String) httpReq.getParameter("salt");
+				SaltCache saltCache = SaltCache.getInstance();
+				if (salt == null || saltCache.get(salt) == null || !saltCache.get(salt).equals(authenticUser.getId()))
{
+					throw new ServletException("Security Violation");
+				}
+			}
+		
+		} catch (Exception e) {
+			log.error("Error validating salt", e);
 		}
+
         chain.doFilter(request, response);
     }
  



Mime
View raw message