[PATCH] Fix for Browser and server running both on localhost. Previously all requests from localhost where accepted w/o auth. Now they are only accepted when a HTTP header X_NO_GGINA_AUTH=TRUE is send, too. This is ddone when printing maps

Wald Commits scm-commit at wald.intevation.org
Mon Sep 9 18:22:59 CEST 2013 

# HG changeset patch
# User Sascha L. Teichmann <teichmann at intevation.de>
# Date 1378743767 -7200
# Node ID 3bff11208d3d00203f0a8c47fe5dda161eb9116b
# Parent  e1010a0f0b05c06237c971fd12ffcc64e0399f9e
Fix for Browser and server running both on localhost. Previously all requests from localhost where accepted w/o auth. Now they are only accepted when a HTTP header X_NO_GGINA_AUTH=TRUE is send, too. This is ddone when printing maps.

diff -r e1010a0f0b05 -r 3bff11208d3d gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java	Fri Sep 06 15:48:46 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java	Mon Sep 09 18:22:47 2013 +0200
@@ -427,6 +427,7 @@
         //        Currently this is not a problem because /flys/map-print
         //        is whitelisted in GGInAFilter.
         GetMethod get = new GetMethod(url);
+        get.addRequestHeader("X_NO_GGINA_AUTH", "TRUE");
         int result = client.executeMethod(get);
         InputStream in = get.getResponseBodyAsStream();
 
diff -r e1010a0f0b05 -r 3bff11208d3d gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java	Fri Sep 06 15:48:46 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java	Mon Sep 09 18:22:47 2013 +0200
@@ -100,9 +100,12 @@
 
         // Allow access to localhost
         if (isLocalAddress(req)) {
-            logger.debug("Request to localhost");
-            chain.doFilter(req, resp);
-            return;
+            String noAuth = sreq.getHeader("X_NO_GGINA_AUTH");
+            if (noAuth != null && noAuth.equals("TRUE")) {
+                logger.debug("Request to localhost");
+                chain.doFilter(req, resp);
+                return;
+            }
         }
 
         // Allow access to login pages

More information about the Dive4elements-commits mailing list