Author: scottbw
Date: Sun Feb 9 19:31:39 2014
New Revision: 1566366
URL: http://svn.apache.org/r1566366
Log:
Use AuthToken instead of WidgetInstance for validating proxy requests
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
Modified:
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
URL:
http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java?rev=1566366&r1=1566365&r2=1566366&view=diff
==============================================================================
---
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
(original)
+++
wookie/trunk/wookie-server/src/main/java/org/apache/wookie/proxy/ProxyServlet.java
Sun Feb 9 19:31:39 2014
@@ -33,9 +33,8 @@ import org.apache.commons.configuration.
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.log4j.Logger;
-import org.apache.wookie.beans.IWidgetInstance;
-import org.apache.wookie.beans.util.IPersistenceManager;
-import org.apache.wookie.beans.util.PersistenceManagerFactory;
+import org.apache.wookie.auth.AuthToken;
+import org.apache.wookie.auth.AuthTokenUtils;
/**
* A web proxy servlet which will translate calls for content and return them
as if they came from
@@ -85,13 +84,16 @@ public class ProxyServlet extends HttpSe
//
// Check that the request is coming from a valid widget
//
- IPersistenceManager persistenceManager =
PersistenceManagerFactory.getPersistenceManager();
- IWidgetInstance instance =
persistenceManager.findWidgetInstanceByIdKey(request.getParameter("instanceid_key"));
- if(instance == null && !isDefaultGadget(request)){
-
response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");
- return;
+ AuthToken authToken = null;
+ try {
+ authToken =
AuthTokenUtils.decryptAuthToken(request.getParameter("instanceid_key"));
+ } catch (Exception e1) {
+ if (!isDefaultGadget(request)){
+
response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>"+UNAUTHORISED_MESSAGE+"</error>");
+ return;
+ }
}
-
+
//
// Create the proxy bean for the request
//
@@ -106,9 +108,9 @@ public class ProxyServlet extends HttpSe
//
// should we filter urls?
//
- if (properties.getBoolean("widget.proxy.usewhitelist")
&& !isAllowed(bean.getNewUrl().toURI(), instance)){
+ if (properties.getBoolean("widget.proxy.usewhitelist")
&& !isAllowed(bean.getNewUrl().toURI(), authToken.getWidgetId())){
response.sendError(HttpServletResponse.SC_FORBIDDEN,"<error>URL
Blocked</error>");
- fLogger.warn("URL " +
bean.getNewUrl().toExternalForm() + " Blocked for scope
"+instance.getWidget().getIdentifier());
+ fLogger.warn("URL " +
bean.getNewUrl().toExternalForm() + " Blocked for scope "+
authToken.getWidgetId());
return;
}
@@ -188,9 +190,9 @@ public class ProxyServlet extends HttpSe
* @param aUrl
* @return
*/
- public boolean isAllowed(URI requestedUri, IWidgetInstance instance){
+ public boolean isAllowed(URI requestedUri, String widgetId){
try {
- return Policies.getInstance().validate(requestedUri,
instance.getWidget().getIdentifier());
+ return Policies.getInstance().validate(requestedUri, widgetId);
} catch (ConfigurationException e) {
fLogger.error("Problem with policies configuration", e);
return false;
