You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/02/09 20:31:40 UTC
svn commit: r1566366 -
/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
Author: scottbw
Date: Sun Feb 9 19:31:39 2014
New Revision: 1566366
URL: http://svn.apache.org/r1566366
Log:
Use AuthToken instead of WidgetInstance for validating proxy requests
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
Modified: wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java?rev=1566366&r1=1566365&r2=1566366&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java (original)
+++ wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java Sun Feb 9 19:31:39 2014
@@ -33,9 +33,8 @@ import org.apache.commons.configuration.
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.log4j.Logger;
-import org.apache.wookie.beans.IWidgetInstance;
-import org.apache.wookie.beans.util.IPersistenceManager;
-import org.apache.wookie.beans.util.PersistenceManagerFactory;
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
/**
* A web proxy servlet which will translate calls for content and return them as if they came from
@@ -85,13 +84,16 @@ public class ProxyServlet extends HttpSe
//
// Check that the request is coming from a valid widget
//
- IPersistenceManager persistenceManager = PersistenceManagerFactory.getPersistenceManager();
- IWidgetInstance instance = persistenceManager.findWidgetInstanceByIdKey(request.getParameter("instanceid_key"));
- if(instance == null && !isDefaultGadget(request)){
- response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");
- return;
+ AuthToken authToken = null;
+ try {
+ authToken = AuthTokenUtils.decryptAuthToken(request.getParameter("instanceid_key"));
+ } catch (Exception e1) {
+ if (!isDefaultGadget(request)){
+ response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");
+ return;
+ }
}
-
+
//
// Create the proxy bean for the request
//
@@ -106,9 +108,9 @@ public class ProxyServlet extends HttpSe
//
// should we filter urls?
//
- if (properties.getBoolean("widget.proxy.usewhitelist") && !isAllowed(bean.getNewUrl().toURI(), instance)){
+ if (properties.getBoolean("widget.proxy.usewhitelist") && !isAllowed(bean.getNewUrl().toURI(), authToken.getWidgetId())){
response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>URL Blocked</error>");
- fLogger.warn("URL " + bean.getNewUrl().toExternalForm() + " Blocked for scope "+instance.getWidget().getIdentifier());
+ fLogger.warn("URL " + bean.getNewUrl().toExternalForm() + " Blocked for scope "+ authToken.getWidgetId());
return;
}
@@ -188,9 +190,9 @@ public class ProxyServlet extends HttpSe
* @param aUrl
* @return
*/
- public boolean isAllowed(URI requestedUri, IWidgetInstance instance){
+ public boolean isAllowed(URI requestedUri, String widgetId){
try {
- return Policies.getInstance().validate(requestedUri, instance.getWidget().getIdentifier());
+ return Policies.getInstance().validate(requestedUri, widgetId);
} catch (ConfigurationException e) {
fLogger.error("Problem with policies configuration", e);
return false;