You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2014/11/01 23:56:06 UTC
[2/2] git commit: JUDDI-886 fixed JUDDI-884 fixed
JUDDI-886 fixed
JUDDI-884 fixed
Project: http://git-wip-us.apache.org/repos/asf/juddi/repo
Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/b72eba07
Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/b72eba07
Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/b72eba07
Branch: refs/heads/master
Commit: b72eba072c3f35fd296df441072d14d6d22d3c59
Parents: f24df6e
Author: alexoree <al...@apache.org>
Authored: Sat Nov 1 18:55:36 2014 -0400
Committer: alexoree <al...@apache.org>
Committed: Sat Nov 1 18:55:36 2014 -0400
----------------------------------------------------------------------
juddi-gui-dsig/pom.xml | 4 ++++
juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF | 3 +++
juddi-gui/src/main/webapp/ajax/deletebinding.jsp | 1 +
juddi-gui/src/main/webapp/ajax/getCert.jsp | 1 +
juddi-gui/src/main/webapp/ajax/opInfo.jsp | 1 +
juddi-gui/src/main/webapp/ajax/saveFromXML.jsp | 1 +
juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp | 1 +
juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp | 1 +
juddi-gui/src/main/webapp/ajax/toXML.jsp | 10 ++++------
juddi-gui/src/main/webapp/ajax/validateSignature.jsp | 1 +
10 files changed, 18 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui-dsig/pom.xml
----------------------------------------------------------------------
diff --git a/juddi-gui-dsig/pom.xml b/juddi-gui-dsig/pom.xml
index 8847cdf..d76e601 100644
--- a/juddi-gui-dsig/pom.xml
+++ b/juddi-gui-dsig/pom.xml
@@ -27,6 +27,9 @@ language governing permissions and * limitations under the License. * */ -->
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
+ <archive>
+ <manifestFile>src/main/resources/META-INF/MANIFEST.MF</manifestFile>
+ </archive>
</configuration>
<executions>
<execution>
@@ -48,6 +51,7 @@ language governing permissions and * limitations under the License. * */ -->
</goals>
<phase>package</phase>
<configuration>
+
<archive>${project.build.directory}/${artifactId}-${version}-jar-with-dependencies.jar</archive>
<keystore>src/main/keystore/signing-jar.keystore</keystore>
<alias>applet</alias>
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF
----------------------------------------------------------------------
diff --git a/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF b/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF
new file mode 100644
index 0000000..05cd93f
--- /dev/null
+++ b/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Permissions: all-permissions
+Application-Name: Apache jUDDI Digital Signature Applet
+Codebase: *
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/deletebinding.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/deletebinding.jsp b/juddi-gui/src/main/webapp/ajax/deletebinding.jsp
index d56602f..66452df 100644
--- a/juddi-gui/src/main/webapp/ajax/deletebinding.jsp
+++ b/juddi-gui/src/main/webapp/ajax/deletebinding.jsp
@@ -7,6 +7,7 @@
<%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%>
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<%@include file="../csrf.jsp" %>
<!DOCTYPE html>
<%
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/getCert.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/getCert.jsp b/juddi-gui/src/main/webapp/ajax/getCert.jsp
index d5232b2..9a4f108 100644
--- a/juddi-gui/src/main/webapp/ajax/getCert.jsp
+++ b/juddi-gui/src/main/webapp/ajax/getCert.jsp
@@ -3,6 +3,7 @@
Created on : Mar 28, 2013, 6:39:09 PM
Author : Alex O'Ree
--%><%@page import="org.apache.juddi.webconsole.hub.UddiHub"%><%
+ //note CSRF left off due to additiona endlines being injected (screws with parsing of the x509 cert)
String type = request.getParameter("type");
String id = request.getParameter("id");
int index = 0;
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/opInfo.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/opInfo.jsp b/juddi-gui/src/main/webapp/ajax/opInfo.jsp
index 1bd0491..14bbcf2 100644
--- a/juddi-gui/src/main/webapp/ajax/opInfo.jsp
+++ b/juddi-gui/src/main/webapp/ajax/opInfo.jsp
@@ -7,6 +7,7 @@
<%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%>
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<%@include file="../csrf.jsp" %>
<!DOCTYPE html>
<%
String id=null;
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp b/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
index a684efa..01cce50 100644
--- a/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
+++ b/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
@@ -19,6 +19,7 @@
<%@page import="org.apache.juddi.jaxb.EntityCreator"%>
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page import="org.apache.juddi.jaxb.PrintUDDI"%>
+<%@include file="../csrf.jsp" %>
<%@page contentType="text/html" pageEncoding="UTF-8"%><%
UddiHub x = UddiHub.getInstance(application, session);
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp b/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp
index e7c8c6e..fdd8d1c 100644
--- a/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp
+++ b/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp
@@ -10,6 +10,7 @@
<%@page import="javax.xml.datatype.DatatypeFactory"%>
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<%@include file="../csrf.jsp" %>
<!DOCTYPE html>
<%
UddiHub x = UddiHub.getInstance(application, session);
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp b/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp
index 7b8b7d1..870858f 100644
--- a/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp
+++ b/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp
@@ -9,6 +9,7 @@
<%@page import="org.apache.juddi.webconsole.hub.PagableContainer"%>
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<%@include file="../csrf.jsp" %>
<!DOCTYPE html>
<%
UddiHub x = UddiHub.getInstance(application, request.getSession());
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/toXML.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/toXML.jsp b/juddi-gui/src/main/webapp/ajax/toXML.jsp
index 7882f78..e36c0de 100644
--- a/juddi-gui/src/main/webapp/ajax/toXML.jsp
+++ b/juddi-gui/src/main/webapp/ajax/toXML.jsp
@@ -3,10 +3,10 @@
Created on : Mar 14, 2013, 9:17:21 PM
Author : Alex O'Ree
--%><%@page import="javax.xml.bind.JAXB"%><%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%><%@page import="org.apache.juddi.jaxb.JAXBMarshaller"%><%@page import="org.apache.juddi.jaxb.EntityCreator"%><%@page import="org.apache.juddi.webconsole.hub.UddiHub"%><%@page import="org.apache.juddi.jaxb.PrintUDDI"%><%@page contentType="text/html" pageEncoding="UTF-8"%><%
-//<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-//NO NOT UNCOMMENT
-// response.setContentType("text/xml");
- UddiHub x = UddiHub.getInstance(application, session);
+
+ //do we need cross site request forgery project here? probably but it's left out due to adding additional end lines
+ //its low risk here since nothing actually changes server side for these functions
+ UddiHub x = UddiHub.getInstance(application, session);
String type = request.getParameter("type");
String id = request.getParameter("id");
@@ -26,8 +26,6 @@
}
if (j != null) {
JAXB.marshal(j, out);
- // out.write(JAXBMarshaller.marshallToString(j, JAXBMarshaller.PACKAGE_UDDIAPI));
- // out.write(EntityCreator.outputEntityToString(j, "org.apache.juddi.api_v3"));
} else {
out.write(ResourceLoader.GetResource(session, "items.unknown"));
response.setStatus(406);
http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/validateSignature.jsp
----------------------------------------------------------------------
diff --git a/juddi-gui/src/main/webapp/ajax/validateSignature.jsp b/juddi-gui/src/main/webapp/ajax/validateSignature.jsp
index 53782bc..1992888 100644
--- a/juddi-gui/src/main/webapp/ajax/validateSignature.jsp
+++ b/juddi-gui/src/main/webapp/ajax/validateSignature.jsp
@@ -14,6 +14,7 @@
<%@page import="org.apache.juddi.webconsole.hub.UddiHub"%>
<%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<%@include file="../csrf.jsp" %>
<%
//org.apache.juddi.jaxb.PrintUDDI p = new PrintUDDI();
UddiHub x = UddiHub.getInstance(application, session);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org