You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by gh...@apache.org on 2014/06/16 17:16:55 UTC
svn commit: r1602892 -
/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Author: ghuber
Date: Mon Jun 16 15:16:55 2014
New Revision: 1602892
URL: http://svn.apache.org/r1602892
Log:
Improve logging as its not initially obvious when the filter is in operation, especially wrt media files.
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1602892&r1=1602891&r2=1602892&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java Mon Jun 16 15:16:55 2014
@@ -31,6 +31,8 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
@@ -40,58 +42,67 @@ import org.apache.roller.weblogger.ui.re
* instance.
*/
public class ValidateSaltFilter implements Filter {
- private Set<String> ignored = new HashSet<String>();
- // @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
- HttpServletRequest httpReq = (HttpServletRequest) request;
-
- // note enctype="multipart/form-data" does not send parameters (see ROL-1956)
- // requests of this type are stored in salt.ignored.urls in roller.properties
- if (httpReq.getMethod().equals("POST") &&
- !isIgnoredURL(((HttpServletRequest) request).getServletPath())) {
+ private static Log log = LogFactory.getLog(ValidateSaltFilter.class);
+
+ private Set<String> ignored = new HashSet<String>();
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+
+ // note enctype="multipart/form-data" does not send parameters (see
+ // ROL-1956) requests of this type are stored in salt.ignored.urls in
+ // roller.properties
+ if (httpReq.getMethod().equals("POST")
+ && !isIgnoredURL(httpReq.getServletPath())) {
+
String salt = httpReq.getParameter("salt");
SaltCache saltCache = SaltCache.getInstance();
if (salt == null || saltCache.get(salt) == null
|| saltCache.get(salt).equals(false)) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Salt value not found on POST to URL : "
+ + httpReq.getServletPath());
+ }
+
throw new ServletException("Security Violation");
}
}
- chain.doFilter(request, response);
- }
+ chain.doFilter(request, response);
+ }
- // @Override
- public void init(FilterConfig filterConfig) throws ServletException {
+ public void init(FilterConfig filterConfig) throws ServletException {
- // Construct our list of ignored urls
- String urls = WebloggerConfig.getProperty("salt.ignored.urls");
- String[] urlsArray = StringUtils.stripAll(StringUtils.split(urls, ","));
- for (int i = 0; i < urlsArray.length; i++) {
+ // Construct our list of ignored urls
+ String urls = WebloggerConfig.getProperty("salt.ignored.urls");
+ String[] urlsArray = StringUtils.stripAll(StringUtils.split(urls, ","));
+ for (int i = 0; i < urlsArray.length; i++) {
this.ignored.add(urlsArray[i]);
}
- }
+ }
+
+ public void destroy() {
+ }
- // @Override
- public void destroy() {
- }
-
- /**
- * Checks if this is an ignored url defined in the salt.ignored.urls property
- *
- * @param theUrl
- * the the url
- *
- * @return true, if is ignored resource
- */
- private boolean isIgnoredURL(String theUrl) {
- int i = theUrl.lastIndexOf('/');
+ /**
+ * Checks if this is an ignored url defined in the salt.ignored.urls
+ * property
+ *
+ * @param theUrl
+ * the the url
+ *
+ * @return true, if is ignored resource
+ */
+ private boolean isIgnoredURL(String theUrl) {
+ int i = theUrl.lastIndexOf('/');
- // If it's not a resource then don't ignore it
- if (i <= 0 || i == theUrl.length() - 1) {
+ // If it's not a resource then don't ignore it
+ if (i <= 0 || i == theUrl.length() - 1) {
return false;
}
- return ignored.contains(theUrl.substring(i + 1));
- }
+ return ignored.contains(theUrl.substring(i + 1));
+ }
}
\ No newline at end of file