You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xu...@apache.org on 2009/12/22 15:30:58 UTC

svn commit: r893183 - /geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java

Author: xuhaihong
Date: Tue Dec 22 14:30:57 2009
New Revision: 893183

URL: http://svn.apache.org/viewvc?rev=893183&view=rev
Log:
Make sure the URLRebuildFilter could work correctly with XSSXSRFFilter

Modified:
    geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java

Modified: geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java?rev=893183&r1=893182&r2=893183&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java (original)
+++ geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java Tue Dec 22 14:30:57 2009
@@ -51,8 +51,13 @@
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
 
         HttpServletRequest wrappedHttpServletRequest = httpServletRequest;
+        HttpSession httpSession = httpServletRequest.getSession();
+        String actionParameters = null;
+        if (httpSession != null) {
+            actionParameters = "formId=" + (String) httpSession.getAttribute("formId");
+        }
         HttpServletResponse wrappedHttpServletResponse = new PlutoUrlResponse((HttpServletResponse) response,
-                httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
+                httpServletRequest.getContextPath() + httpServletRequest.getServletPath(), actionParameters);
         /*
          * 1. if it is file uploading, skip it, we must not invoke any method on it, or it will corrupt the request
          * object. Maybe, in the future, we could handler file uploading uniformly here         
@@ -94,10 +99,12 @@
     protected static class PlutoUrlResponse extends HttpServletResponseWrapper {
 
         private String requestContextServletPath;
+        
+        private String actionParameters;
 
-        public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath) {
+        public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath, String actionParameters) {
             super(response);
-
+            this.actionParameters = actionParameters;
             this.requestContextServletPath = requestContextServletPath;
         }
 
@@ -111,6 +118,9 @@
                 writer
                         .write("<html><head></head><body onload='document.hform.submit()'><form name='hform' method='POST' action='");
                 writer.write(requestContextServletPath);
+                if (actionParameters != null) {
+                    writer.write("?" + actionParameters);
+                }
                 writer.write("'><input type='hidden' name='" + HIDDEN_URL_ELEMENT_NAME + "' value='" + location
                         + "'/></form>");
                 writer.write("</body></html>");