You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ju...@apache.org on 2011/08/31 17:12:01 UTC
svn commit: r1163660 - in /sling/trunk/contrib/extensions/security: pom.xml
src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
Author: justin
Date: Wed Aug 31 15:12:00 2011
New Revision: 1163660
URL: http://svn.apache.org/viewvc?rev=1163660&view=rev
Log:
SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes)
Modified:
sling/trunk/contrib/extensions/security/pom.xml
sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
Modified: sling/trunk/contrib/extensions/security/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security/pom.xml?rev=1163660&r1=1163659&r2=1163660&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/security/pom.xml (original)
+++ sling/trunk/contrib/extensions/security/pom.xml Wed Aug 31 15:12:00 2011
@@ -58,6 +58,9 @@
<configuration>
<instructions>
<Bundle-Category>sling</Bundle-Category>
+ <Embed-Dependency>
+ org.apache.sling.commons.osgi;inline=org/apache/sling/commons/osgi/PropertiesUtil.*
+ </Embed-Dependency>
<Private-Package>
org.apache.sling.security.impl
</Private-Package>
Modified: sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java?rev=1163660&r1=1163659&r2=1163660&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java (original)
+++ sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java Wed Aug 31 15:12:00 2011
@@ -282,6 +282,12 @@ public class ReferrerFilter implements F
return false;
}
+ // allow the request if the host name of the referrer is
+ // the same as the request's host name
+ if ( info.host.equals(request.getServerName()) ) {
+ return true;
+ }
+
boolean valid = false;
for(final URL ref : this.allowedReferrers) {
if ( info.host.equals(ref.getHost()) && info.scheme.equals(ref.getProtocol()) ) {