Arthur Bogaart pushed to branch master at cms-community / hippo-cms
Commits:
0bc8127c by Arthur Bogaart at 2017-02-17T10:59:31+01:00
CMS-10613 Fix NPE when retrieving class name
Class#getCanonicalName returns null if "it is a local or anonymous
class or an array whose componenttype does not have a canonical name)."
In that case Class#getName should be used as fallback.
Apart from that I did a bit of performance testing and it seems that
the check if the userIsLoggedIn is almost always faster than the
isWhitelisted check (probably because the getCanonicalName can be a
bit expensive).
- - - - -
1 changed file:
-
engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java
Changes:
=====================================
engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java
=====================================
---
a/engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java
+++
b/engine/src/main/java/org/hippoecm/frontend/WhitelistedClassesResourceGuard.java
@@ -40,10 +40,10 @@ public class WhitelistedClassesResourceGuard extends
SecurePackageResourceGuard
private final List<String> classNamePrefixes;
public WhitelistedClassesResourceGuard() {
- this.classNamePrefixes = new ArrayList<>();
+ classNamePrefixes = new ArrayList<>();
}
- public void addClassNamePrefixes(String... prefixes) {
+ public void addClassNamePrefixes(final String... prefixes) {
if (prefixes != null) {
classNamePrefixes.addAll(Arrays.asList(prefixes));
}
@@ -51,14 +51,27 @@ public class WhitelistedClassesResourceGuard extends
SecurePackageResourceGuard
@Override
public boolean accept(final Class<?> scope, final String absolutePath) {
- if (isWhitelisted(scope) || isUserLoggedIn()) {
+ if (isUserLoggedIn() || isWhitelisted(scope)) {
return super.accept(scope, absolutePath);
}
log.error("Public access denied to non-whitelisted (static) package
resource: {}", absolutePath);
return false;
}
- private boolean isUserLoggedIn() {
+ private boolean isWhitelisted(final Class<?> scope) {
+ String scopeClassName = scope.getCanonicalName();
+ if (scopeClassName == null) {
+ scopeClassName = scope.getName();
+ }
+ for (final String prefix : classNamePrefixes) {
+ if (scopeClassName.startsWith(prefix)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private static boolean isUserLoggedIn() {
final HttpServletRequest servletRequest =
WebApplicationHelper.retrieveWebRequest().getContainerRequest();
final HttpSession httpSession = servletRequest.getSession(false);
@@ -69,14 +82,4 @@ public class WhitelistedClassesResourceGuard extends
SecurePackageResourceGuard
final CmsSessionContext cmsSessionContext =
CmsSessionContext.getContext(httpSession);
return cmsSessionContext != null;
}
-
- private boolean isWhitelisted(final Class<?> scope) {
- final String scopeClassName = scope.getCanonicalName();
- for (String prefix : classNamePrefixes) {
- if (scopeClassName.startsWith(prefix)) {
- return true;
- }
- }
- return false;
- }
}
View it on GitLab:
https://code.onehippo.org/cms-community/hippo-cms/commit/0bc8127c6ed68dcfe55ac701bf2f131c8d2d9f43
_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn
