You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xu...@apache.org on 2009/12/22 15:30:58 UTC
svn commit: r893183 -
/geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
Author: xuhaihong
Date: Tue Dec 22 14:30:57 2009
New Revision: 893183
URL: http://svn.apache.org/viewvc?rev=893183&view=rev
Log:
Make sure the URLRebuildFilter could work correctly with XSSXSRFFilter
Modified:
geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
Modified: geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java?rev=893183&r1=893182&r2=893183&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java (original)
+++ geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java Tue Dec 22 14:30:57 2009
@@ -51,8 +51,13 @@
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletRequest wrappedHttpServletRequest = httpServletRequest;
+ HttpSession httpSession = httpServletRequest.getSession();
+ String actionParameters = null;
+ if (httpSession != null) {
+ actionParameters = "formId=" + (String) httpSession.getAttribute("formId");
+ }
HttpServletResponse wrappedHttpServletResponse = new PlutoUrlResponse((HttpServletResponse) response,
- httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
+ httpServletRequest.getContextPath() + httpServletRequest.getServletPath(), actionParameters);
/*
* 1. if it is file uploading, skip it, we must not invoke any method on it, or it will corrupt the request
* object. Maybe, in the future, we could handler file uploading uniformly here
@@ -94,10 +99,12 @@
protected static class PlutoUrlResponse extends HttpServletResponseWrapper {
private String requestContextServletPath;
+
+ private String actionParameters;
- public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath) {
+ public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath, String actionParameters) {
super(response);
-
+ this.actionParameters = actionParameters;
this.requestContextServletPath = requestContextServletPath;
}
@@ -111,6 +118,9 @@
writer
.write("<html><head></head><body onload='document.hform.submit()'><form name='hform' method='POST' action='");
writer.write(requestContextServletPath);
+ if (actionParameters != null) {
+ writer.write("?" + actionParameters);
+ }
writer.write("'><input type='hidden' name='" + HIDDEN_URL_ELEMENT_NAME + "' value='" + location
+ "'/></form>");
writer.write("</body></html>");