[Dive4elements-commits] [PATCH] Remove authentication from MapPrintServiceImpl

Wald Commits scm-commit at wald.intevation.org
Tue Nov 6 14:50:35 CET 2012


# HG changeset patch
# User Christian Lins <christian.lins at intevation.de>
# Date 1352209826 -3600
# Node ID 6ef48927df38add83f509b9fdbde0257845fc35f
# Parent  687b7a6f09aa6652b4780c179422a30813f4d174
Remove authentication from MapPrintServiceImpl.

Printing maps was broken because the called service
required user authentication. The /flys/mapfish-print/print.pdf URI
is now whitelisted in GGInAFilter.
TODO: Support user authentication in MapPrintServiceImpl.

diff -r 687b7a6f09aa -r 6ef48927df38 flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java
--- a/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java	Tue Nov 06 13:39:00 2012 +0100
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java	Tue Nov 06 14:50:26 2012 +0100
@@ -1,22 +1,39 @@
 package de.intevation.flys.client.server;
 
 import de.intevation.artifacts.common.ArtifactNamespaceContext;
-
 import de.intevation.artifacts.common.utils.ClientProtocolUtils;
 import de.intevation.artifacts.common.utils.JSON;
 import de.intevation.artifacts.common.utils.StringUtils;
 import de.intevation.artifacts.common.utils.XMLUtils;
-
 import de.intevation.artifacts.httpclient.exceptions.ConnectionException;
-
 import de.intevation.artifacts.httpclient.http.HttpClient;
 import de.intevation.artifacts.httpclient.http.HttpClientImpl;
+import de.intevation.artifacts.httpclient.http.response.DocumentResponseHandler;
+import de.intevation.flys.client.shared.MapUtils;
+import de.intevation.flys.client.shared.model.MapConfig;
 
-import de.intevation.artifacts.httpclient.http.response.DocumentResponseHandler;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 
-import de.intevation.flys.client.shared.model.MapConfig;
-import de.intevation.flys.client.shared.MapUtils;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 /*
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -24,31 +41,6 @@
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 */
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-
-import java.net.URLEncoder;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-
-import org.apache.commons.httpclient.methods.GetMethod;
-
-import org.apache.log4j.Logger;
-
 /* Used by direct API call. -> Enforce GPLv3
 import org.mapfish.print.MapPrinter;
 import org.mapfish.print.output.OutputFactory;
@@ -57,10 +49,6 @@
 import org.mapfish.print.utils.PJsonObject;
 */
 
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
 public class MapPrintServiceImpl
 extends      HttpServlet
 {
@@ -371,6 +359,9 @@
             new org.apache.commons.httpclient.HttpClient(
                 new MultiThreadedHttpConnectionManager());
 
+        // FIXME: The request is not authenticated.
+        //        Currently this is not a problem because /flys/map-print
+        //        is whitelisted in GGInAFilter.
         GetMethod get = new GetMethod(url);
         int result = client.executeMethod(get);
         InputStream in = get.getResponseBodyAsStream();
diff -r 687b7a6f09aa -r 6ef48927df38 flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java
--- a/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java	Tue Nov 06 13:39:00 2012 +0100
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java	Tue Nov 06 14:50:26 2012 +0100
@@ -1,5 +1,11 @@
 package de.intevation.flys.client.server.filter;
 
+import de.intevation.flys.client.server.auth.Authentication;
+import de.intevation.flys.client.server.auth.AuthenticationException;
+import de.intevation.flys.client.server.auth.AuthenticationFactory;
+import de.intevation.flys.client.server.auth.User;
+import de.intevation.flys.client.server.features.Features;
+
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -10,19 +16,12 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 
-import de.intevation.flys.client.server.auth.Authentication;
-import de.intevation.flys.client.server.auth.AuthenticationException;
-import de.intevation.flys.client.server.auth.AuthenticationFactory;
-import de.intevation.flys.client.server.auth.User;
-import de.intevation.flys.client.server.features.Features;
-
 
 /** ServletFilter used for GGInA authentification and certain authorisation. */
 public class GGInAFilter implements Filter {
@@ -38,6 +37,8 @@
     public static final String LOGIN_JSP     = "/login.jsp";
     public static final String LOGIN_SERVLET = "/flys/login";
     public static final String FLYS_CSS      = "/FLYS.css";
+    public static final String MAP_PRINT     = "/flys/map-print";
+    public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf";
 
 
     /**
@@ -89,9 +90,11 @@
         // Allow access to login pages
         // TODO Maybe replace with Filter <url-pattern>
         String path = this.sc.getContextPath();
-        if (requesturi.equals(path + "/login.jsp") ||
-                requesturi.equals(path + "/flys/login")
-                || requesturi.equals(path + "/FLYS.css")) {
+        if (requesturi.equals(path + LOGIN_JSP)
+                || requesturi.equals(path + LOGIN_SERVLET)
+                || requesturi.equals(path + FLYS_CSS)
+                || requesturi.equals(path + MAP_PRINT)
+                || requesturi.equals(path + MAPFISH_PRINT)) {
             logger.debug("Request for login " + requesturi);
             chain.doFilter(req, resp);
             return;


More information about the Dive4elements-commits mailing list