Arthur Bogaart pushed to branch master at cms-community / hippo-cms
Commits: 0bc8127c by Arthur Bogaart at 2017-02-17T10:59:31+01:00 CMS-10613 Fix NPE when retrieving class name Class#getCanonicalName returns null if "it is a local or anonymous class or an array whose componenttype does not have a canonical name)." In that case Class#getName should be used as fallback. Apart from that I did a bit of performance testing and it seems that the check if the userIsLoggedIn is almost always faster than the isWhitelisted check (probably because the getCanonicalName can be a bit expensive). - - - - - 1 changed file: - engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java Changes: ===================================== engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java +++ b/engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java @@ -40,10 +40,10 @@ public class WhitelistedClassesResourceGuard extends SecurePackageResourceGuard private final List<String> classNamePrefixes; public WhitelistedClassesResourceGuard() { - this.classNamePrefixes = new ArrayList<>(); + classNamePrefixes = new ArrayList<>(); } - public void addClassNamePrefixes(String... prefixes) { + public void addClassNamePrefixes(final String... prefixes) { if (prefixes != null) { classNamePrefixes.addAll(Arrays.asList(prefixes)); } @@ -51,14 +51,27 @@ public class WhitelistedClassesResourceGuard extends SecurePackageResourceGuard @Override public boolean accept(final Class<?> scope, final String absolutePath) { - if (isWhitelisted(scope) || isUserLoggedIn()) { + if (isUserLoggedIn() || isWhitelisted(scope)) { return super.accept(scope, absolutePath); } log.error("Public access denied to non-whitelisted (static) package resource: {}", absolutePath); return false; } - private boolean isUserLoggedIn() { + private boolean isWhitelisted(final Class<?> scope) { + String scopeClassName = scope.getCanonicalName(); + if (scopeClassName == null) { + scopeClassName = scope.getName(); + } + for (final String prefix : classNamePrefixes) { + if (scopeClassName.startsWith(prefix)) { + return true; + } + } + return false; + } + + private static boolean isUserLoggedIn() { final HttpServletRequest servletRequest = WebApplicationHelper.retrieveWebRequest().getContainerRequest(); final HttpSession httpSession = servletRequest.getSession(false); @@ -69,14 +82,4 @@ public class WhitelistedClassesResourceGuard extends SecurePackageResourceGuard final CmsSessionContext cmsSessionContext = CmsSessionContext.getContext(httpSession); return cmsSessionContext != null; } - - private boolean isWhitelisted(final Class<?> scope) { - final String scopeClassName = scope.getCanonicalName(); - for (String prefix : classNamePrefixes) { - if (scopeClassName.startsWith(prefix)) { - return true; - } - } - return false; - } } View it on GitLab: https://code.onehippo.org/cms-community/hippo-cms/commit/0bc8127c6ed68dcfe55ac701bf2f131c8d2d9f43
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn