You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/02/09 20:31:40 UTC

svn commit: r1566366 - /wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java

Author: scottbw
Date: Sun Feb  9 19:31:39 2014
New Revision: 1566366

URL: http://svn.apache.org/r1566366
Log:
Use AuthToken instead of WidgetInstance for validating proxy requests

Modified:
    wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java

Modified: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java?rev=1566366&r1=1566365&r2=1566366&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java (original)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java Sun Feb  9 19:31:39 2014
@@ -33,9 +33,8 @@ import org.apache.commons.configuration.
 import org.apache.commons.httpclient.Header;
 import org.apache.commons.httpclient.auth.AuthenticationException;
 import org.apache.log4j.Logger;
-import org.apache.wookie.beans.IWidgetInstance;
-import org.apache.wookie.beans.util.IPersistenceManager;
-import org.apache.wookie.beans.util.PersistenceManagerFactory;
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
 
 /**
  * A web proxy servlet which will translate calls for content and return them as if they came from
@@ -85,13 +84,16 @@ public class ProxyServlet extends HttpSe
 			//
 			// Check that the request is coming from a valid widget
 			//
-			IPersistenceManager persistenceManager = PersistenceManagerFactory.getPersistenceManager();
-			IWidgetInstance instance = persistenceManager.findWidgetInstanceByIdKey(request.getParameter("instanceid_key"));	
-			if(instance == null && !isDefaultGadget(request)){
-				response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");	
-				return;
+			AuthToken authToken = null;
+			try {
+				authToken = AuthTokenUtils.decryptAuthToken(request.getParameter("instanceid_key"));
+			} catch (Exception e1) {
+				if (!isDefaultGadget(request)){
+					response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");	
+					return;
+				}
 			}
-
+			
 			//
 			// Create the proxy bean for the request
 			//
@@ -106,9 +108,9 @@ public class ProxyServlet extends HttpSe
 			//
 			// should we filter urls?
 			//
-			if (properties.getBoolean("widget.proxy.usewhitelist") && !isAllowed(bean.getNewUrl().toURI(), instance)){
+			if (properties.getBoolean("widget.proxy.usewhitelist") && !isAllowed(bean.getNewUrl().toURI(), authToken.getWidgetId())){
 				response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>URL Blocked</error>");
-				fLogger.warn("URL " + bean.getNewUrl().toExternalForm() + " Blocked for scope "+instance.getWidget().getIdentifier());
+				fLogger.warn("URL " + bean.getNewUrl().toExternalForm() + " Blocked for scope "+ authToken.getWidgetId());
 				return;
 			}	
 
@@ -188,9 +190,9 @@ public class ProxyServlet extends HttpSe
 	 * @param aUrl
 	 * @return
 	 */
-	public boolean isAllowed(URI requestedUri, IWidgetInstance instance){
+	public boolean isAllowed(URI requestedUri, String widgetId){
 	  try {
-      return Policies.getInstance().validate(requestedUri, instance.getWidget().getIdentifier());
+      return Policies.getInstance().validate(requestedUri, widgetId);
     } catch (ConfigurationException e) {
       fLogger.error("Problem with policies configuration", e);
       return false;