[OpenbravoERP-commits] devel/pi: Fixes issue 34331: Support pre-defined allowed domains...

Mon, 26 Dec 2016 22:02:30 -0800 

details:   https://code.openbravo.com/erp/devel/pi/rev/3871cdf1a2e9
changeset: 31044:3871cdf1a2e9
user:      Martin Taal <martin.taal <at> openbravo.com>
date:      Tue Dec 27 07:01:53 2016 +0100
summary:   Fixes issue 34331: Support pre-defined allowed domains for 
cross-domain requests in a multi-server environment
Added new public method to validate that an invalid origin is set on the 
header, other method is made private
again to limit public methods.

diffstat:

 src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java |  27 
+++++++++-
 1 files changed, 26 insertions(+), 1 deletions(-)

diffs (44 lines):

diff -r a86d5ba912d6 -r 3871cdf1a2e9 
src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java
--- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java  Mon Dec 
26 21:17:14 2016 +0000
+++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java  Tue Dec 
27 07:01:53 2016 +0100
@@ -60,7 +60,7 @@
    * @param request
    * @return true if the origin if the request is in the list of allowed 
domains
    */
-  public boolean fromAllowedOrigin(HttpServletRequest request) {
+  private boolean fromAllowedOrigin(HttpServletRequest request) {
     final String origin = request.getHeader("Origin");
 
     if (origin == null) {
@@ -75,6 +75,31 @@
     return false;
   }
 
+  /**
+   * Checks if an origin is set on the header, if not then false is returned. 
If there are no checkers installed then also false
+   * is returned. If there are checkers installed then the origin is checked 
and the result is returned.
+   * 
+   * Note: will return true if there is indeed an invalid confirmed origin.
+   */
+  public boolean isCheckedInvalidOrigin(HttpServletRequest request) {
+    final String origin = request.getHeader("Origin");
+
+    if (origin == null) {
+      return false;
+    }
+
+    if (getCheckers().isEmpty()) {
+      return false;
+    }
+
+    for (AllowedCrossDomainsChecker checker : getCheckers()) {
+      if (checker.isAllowedOrigin(request, origin)) {
+        return false;
+      }
+    }
+    return true;
+  }
+
   private Collection<AllowedCrossDomainsChecker> getCheckers() {
     if (checkers == null) {
       setCheckers();

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

Reply via email to