You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ju...@apache.org on 2011/08/31 17:12:01 UTC

svn commit: r1163660 - in /sling/trunk/contrib/extensions/security: pom.xml src/main/java/org/apache/sling/security/impl/ReferrerFilter.java

Author: justin
Date: Wed Aug 31 15:12:00 2011
New Revision: 1163660

URL: http://svn.apache.org/viewvc?rev=1163660&view=rev
Log:
SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes)

Modified:
    sling/trunk/contrib/extensions/security/pom.xml
    sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java

Modified: sling/trunk/contrib/extensions/security/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security/pom.xml?rev=1163660&r1=1163659&r2=1163660&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/security/pom.xml (original)
+++ sling/trunk/contrib/extensions/security/pom.xml Wed Aug 31 15:12:00 2011
@@ -58,6 +58,9 @@
                 <configuration>
                     <instructions>
                         <Bundle-Category>sling</Bundle-Category>
+                        <Embed-Dependency>
+                            org.apache.sling.commons.osgi;inline=org/apache/sling/commons/osgi/PropertiesUtil.*
+                        </Embed-Dependency>
                         <Private-Package>
                             org.apache.sling.security.impl
                         </Private-Package>

Modified: sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java?rev=1163660&r1=1163659&r2=1163660&view=diff
==============================================================================
--- sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java (original)
+++ sling/trunk/contrib/extensions/security/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java Wed Aug 31 15:12:00 2011
@@ -282,6 +282,12 @@ public class ReferrerFilter implements F
             return false;
         }
 
+        // allow the request if the host name of the referrer is
+        // the same as the request's host name
+        if ( info.host.equals(request.getServerName()) ) {
+            return true;
+        }
+
         boolean valid = false;
         for(final URL ref : this.allowedReferrers) {
             if ( info.host.equals(ref.getHost()) && info.scheme.equals(ref.getProtocol()) ) {