You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by sn...@apache.org on 2012/05/06 23:52:59 UTC
svn commit: r1334797 - in /roller/branches/roller_5.0:
weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/
weblogger-webapp/src/main/webapp/WEB-INF/
Author: snoopdave
Date: Sun May 6 21:52:59 2012
New Revision: 1334797
URL: http://svn.apache.org/viewvc?rev=1334797&view=rev
Log:
Beginnings of a Salt filter
Added:
roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Modified:
roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml
Added: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java?rev=1334797&view=auto
==============================================================================
--- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java (added)
+++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java Sun May 6 21:52:59 2012
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. The ASF licenses this file to You
+ * under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. For additional information regarding
+ * copyright in this work, please see the NOTICE file in the top level
+ * directory of this distribution.
+ */
+
+package org.apache.roller.weblogger.ui.core.filters;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.RandomStringUtils;
+import org.apache.roller.weblogger.util.LRUCache2;
+
+public class LoadSaltFilter implements Filter {
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+
+ LRUCache2 saltCache = (LRUCache2)
+ httpReq.getSession().getAttribute("saltCache");
+ if (saltCache == null){
+ saltCache = new LRUCache2(10000,3000);
+ httpReq.getSession().setAttribute("saltCache", saltCache);
+ }
+ String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
+ saltCache.put(salt, Boolean.TRUE);
+ httpReq.setAttribute("salt", salt);
+
+ chain.doFilter(request, response);
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void destroy() {
+ }
+}
\ No newline at end of file
Added: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1334797&view=auto
==============================================================================
--- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java (added)
+++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java Sun May 6 21:52:59 2012
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. The ASF licenses this file to You
+ * under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. For additional information regarding
+ * copyright in this work, please see the NOTICE file in the top level
+ * directory of this distribution.
+ */
+
+package org.apache.roller.weblogger.ui.core.filters;
+
+import java.io.IOException;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.roller.weblogger.util.LRUCache2;
+
+public class ValidateSaltFilter implements Filter {
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+
+ String salt = (String) httpReq.getParameter("salt");
+ LRUCache2 saltCache = (LRUCache2)
+ httpReq.getSession().getAttribute("saltCache");
+
+ if (saltCache != null && salt != null && saltCache.get(salt) != null){
+ chain.doFilter(request, response);
+ } else {
+ throw new ServletException("Security Violation");
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void destroy() {
+ }
+}
\ No newline at end of file
Modified: roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml?rev=1334797&r1=1334796&r2=1334797&view=diff
==============================================================================
--- roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml (original)
+++ roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml Sun May 6 21:52:59 2012
@@ -81,6 +81,15 @@
<filter-class>org.apache.roller.weblogger.ui.core.filters.CharEncodingFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>LoadSaltFilter</filter-name>
+ <filter-class>org.apache.roller.weblogger.ui.core.filters.LoadSaltFilter</filter-class>
+ </filter>
+
+ <filter>
+ <filter-name>ValidateSaltFilter</filter-name>
+ <filter-class>org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter</filter-class>
+ </filter>
<!-- ******************************************
Filter mappings - order IS important here.
@@ -151,6 +160,18 @@
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
+<!--
+ <filter-mapping>
+ <filter-name>LoadSaltFilter</filter-name>
+ <url-pattern>/roller-ui</url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
+ <filter-name>ValidateSaltFilter</filter-name>
+ <url-pattern>/roller-ui</url-pattern>
+ </filter-mapping>
+-->
+
<!-- Request mapping. this is what allows the urls to work -->
<filter-mapping>
<filter-name>RequestMappingFilter</filter-name>