diff --git a/db_structure.sql b/db_structure.sql index afc9bfe..6b9ac04 100644 --- a/db_structure.sql +++ b/db_structure.sql @@ -126,6 +126,7 @@ ALTER TABLE `User` -- -- Data for table `User` +-- User: admin, Password: password -- INSERT INTO `User` (`name`, `email`, `emailVerified`, `passwordHash`, `passwordSalt`, `ipHost`, `dateCreated`, `dateLastLogin`, `cookieHash`, `superUser`, `enabled`) VALUES ('Admin Admin', 'admin', 1, '6e88be8bad7eae9d9e10aa061224034fed48d03fcbad968b56006784539d5214', 'salt', '', '1970-01-01 01:00:0', '1970-01-01 01:00:0', '', 1, 1); diff --git a/src/zall/Zallery.java b/src/zall/Zallery.java index 873264d..536d36e 100755 --- a/src/zall/Zallery.java +++ b/src/zall/Zallery.java @@ -32,6 +32,8 @@ public class Zallery extends HttpServlet{ public static String SMTP_HOST = ""; public static String DATA_PATH = ""; + public static String WEBSITE_PATH = "/zallery"; + /** * Config Options: *
- WEBSITE_NAME diff --git a/src/zall/ZalleryConstants.java b/src/zall/ZalleryConstants.java index 403e4ee..a6e89bb 100644 --- a/src/zall/ZalleryConstants.java +++ b/src/zall/ZalleryConstants.java @@ -9,14 +9,14 @@ public interface ZalleryConstants { /** Session Constants **/ - public static String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE"; - public static String ENV_KEY_WEBSITE_NAME = "WEBSITE_NAME"; - public static String ENV_KEY_WEBSITE_URL = "WEBSITE_URL"; - public static String ENV_KEY_ADMIN_EMAIL = "ADMIN_EMAIL"; - public static String ENV_KEY_ADMIN_NAME = "ADMIN_NAME"; - public static String ENV_KEY_SMTP_HOST = "SMTP_HOST"; - public static String ENV_KEY_ROOT_PATH = "ROOT_PATH"; - public static String ENV_KEY_DATA_PATH = "DATA_PATH"; + public static final String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE"; + public static final String ENV_KEY_WEBSITE_NAME = "WEBSITE_NAME"; + public static final String ENV_KEY_WEBSITE_URL = "WEBSITE_URL"; + public static final String ENV_KEY_ADMIN_EMAIL = "ADMIN_EMAIL"; + public static final String ENV_KEY_ADMIN_NAME = "ADMIN_NAME"; + public static final String ENV_KEY_SMTP_HOST = "SMTP_HOST"; + public static final String ENV_KEY_ROOT_PATH = "ROOT_PATH"; + public static final String ENV_KEY_DATA_PATH = "DATA_PATH"; /** Session Constants **/ @@ -33,5 +33,4 @@ public interface ZalleryConstants { String LANG_BASENAME = "zall.lang.zallery_lang"; Locale LANG_DEFAULT = Locale.ENGLISH; - } diff --git a/src/zall/ZalleryServlet.java b/src/zall/ZalleryServlet.java index f033359..691314b 100644 --- a/src/zall/ZalleryServlet.java +++ b/src/zall/ZalleryServlet.java @@ -85,8 +85,7 @@ public abstract class ZalleryServlet extends HttpServlet { url = "/" + url; String path = request.getRequestURI(); - if (!path.endsWith("/")) - path = path.substring(0, path.lastIndexOf("/")); + path = path.substring(0, path.indexOf("/", 1)); response.sendRedirect(path + url); } diff --git a/src/zall/filter/AuthenticationFilter.java b/src/zall/filter/AuthenticationFilter.java index f70e841..ce356ee 100755 --- a/src/zall/filter/AuthenticationFilter.java +++ b/src/zall/filter/AuthenticationFilter.java @@ -1,5 +1,6 @@ package zall.filter; +import zall.Zallery; import zall.ZalleryServlet; import zall.bean.User; import zall.manager.AuthenticationManager; @@ -23,6 +24,10 @@ public class AuthenticationFilter implements Filter { private static final Logger logger = LogUtil.getLogger(); private static final String[] WHITELIST = new String[]{ + "/css", + "/fonts", + "/img", + "/js", LoginServlet.URI, RegisterServlet.URI }; @@ -32,33 +37,33 @@ public class AuthenticationFilter implements Filter { @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { - String requestURI = ((HttpServletRequest) request).getRequestURI(); - User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession()); + HttpServletRequest httpRequest = (HttpServletRequest) request; + User user = AuthenticationManager.getUserSession(httpRequest.getSession()); // continue the request via the filter pipeline if it is login page or it is a isValid User - if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) { + if (AuthenticationManager.isValid(user, httpRequest)) { logger.finest("User already authenticated, continuing filter chain."); chain.doFilter(request, response); } else { - AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession()); + AuthenticationManager.rmUserSession(httpRequest.getSession()); - if (isWhitelisted(requestURI)){ - logger.finer("Continuing filtering chain for whitelisted page: " + requestURI); + if (isWhitelisted(httpRequest)){ + logger.finer("Continuing filtering chain for whitelisted page: " + httpRequest); chain.doFilter(request, response); } else { // do not continue the filter pipeline forward to login page logger.fine("User not authenticated, redirecting to login page."); - ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response); + ZalleryServlet.redirect(LoginServlet.URI, httpRequest, (HttpServletResponse) response); } } } - private boolean isWhitelisted(String requestURI) { - if (ObjectUtil.isEmpty(requestURI)) + private boolean isWhitelisted(HttpServletRequest request) { + if (ObjectUtil.isEmpty(request)) return false; for (String whitelistURI : WHITELIST) { - if (requestURI.endsWith(whitelistURI)) + if (request.getRequestURI().startsWith(Zallery.WEBSITE_PATH + whitelistURI)) return true; } return false;