ziver/zallery
1
0
Fork 0
Code Pull requests Releases Activity

Fixed filter blocking resources

Browse source
This commit is contained in:
Ziver Koc 2018-10-15 22:24:54 +02:00
parent 969bcbdf19
commit 886b4cdb88
5 changed files with 27 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

1
db_structure.sql
View file

@ -126,6 +126,7 @@ ALTER TABLE `User`
--
-- Data for table `User`
-- User: admin, Password: password
--
INSERT INTO `User` (`name`, `email`, `emailVerified`, `passwordHash`, `passwordSalt`, `ipHost`, `dateCreated`, `dateLastLogin`, `cookieHash`, `superUser`, `enabled`) VALUES
('Admin Admin', 'admin', 1, '6e88be8bad7eae9d9e10aa061224034fed48d03fcbad968b56006784539d5214', 'salt', '', '1970-01-01 01:00:0', '1970-01-01 01:00:0', '', 1, 1);

2
src/zall/Zallery.java
View file

@ -32,6 +32,8 @@ public class Zallery extends HttpServlet{
public static String SMTP_HOST = "";
public static String DATA_PATH = "";
public static String WEBSITE_PATH = "/zallery";
/**
* Config Options:
* <br>- WEBSITE_NAME

17
src/zall/ZalleryConstants.java
View file

@ -9,14 +9,14 @@ public interface ZalleryConstants {
/** Session Constants **/
public static String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE";
public static String ENV_KEY_WEBSITE_NAME = "WEBSITE_NAME";
public static String ENV_KEY_WEBSITE_URL = "WEBSITE_URL";
public static String ENV_KEY_ADMIN_EMAIL = "ADMIN_EMAIL";
public static String ENV_KEY_ADMIN_NAME = "ADMIN_NAME";
public static String ENV_KEY_SMTP_HOST = "SMTP_HOST";
public static String ENV_KEY_ROOT_PATH = "ROOT_PATH";
public static String ENV_KEY_DATA_PATH = "DATA_PATH";
public static final String ENV_KEY_WEBSITE_TITLE = "WEBSITE_TITLE";
public static final String ENV_KEY_WEBSITE_NAME = "WEBSITE_NAME";
public static final String ENV_KEY_WEBSITE_URL = "WEBSITE_URL";
public static final String ENV_KEY_ADMIN_EMAIL = "ADMIN_EMAIL";
public static final String ENV_KEY_ADMIN_NAME = "ADMIN_NAME";
public static final String ENV_KEY_SMTP_HOST = "SMTP_HOST";
public static final String ENV_KEY_ROOT_PATH = "ROOT_PATH";
public static final String ENV_KEY_DATA_PATH = "DATA_PATH";
/** Session Constants **/
@ -33,5 +33,4 @@ public interface ZalleryConstants {
String LANG_BASENAME = "zall.lang.zallery_lang";
Locale LANG_DEFAULT = Locale.ENGLISH;
}

3
src/zall/ZalleryServlet.java
View file

@ -85,8 +85,7 @@ public abstract class ZalleryServlet extends HttpServlet {
url = "/" + url;
String path = request.getRequestURI();
if (!path.endsWith("/"))
path = path.substring(0, path.lastIndexOf("/"));
path = path.substring(0, path.indexOf("/", 1));
response.sendRedirect(path + url);
}

25
src/zall/filter/AuthenticationFilter.java
View file

@ -1,5 +1,6 @@
package zall.filter;
import zall.Zallery;
import zall.ZalleryServlet;
import zall.bean.User;
import zall.manager.AuthenticationManager;
@ -23,6 +24,10 @@ public class AuthenticationFilter implements Filter {
private static final Logger logger = LogUtil.getLogger();
private static final String[] WHITELIST = new String[]{
"/css",
"/fonts",
"/img",
"/js",
LoginServlet.URI,
RegisterServlet.URI
};
@ -32,33 +37,33 @@ public class AuthenticationFilter implements Filter {
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
String requestURI = ((HttpServletRequest) request).getRequestURI();
User user = AuthenticationManager.getUserSession(((HttpServletRequest) request).getSession());
HttpServletRequest httpRequest = (HttpServletRequest) request;
User user = AuthenticationManager.getUserSession(httpRequest.getSession());
// continue the request via the filter pipeline if it is login page or it is a isValid User
if (AuthenticationManager.isValid(user, (HttpServletRequest) request)) {
if (AuthenticationManager.isValid(user, httpRequest)) {
logger.finest("User already authenticated, continuing filter chain.");
chain.doFilter(request, response);
} else {
AuthenticationManager.rmUserSession(((HttpServletRequest) request).getSession());
AuthenticationManager.rmUserSession(httpRequest.getSession());
if (isWhitelisted(requestURI)){
logger.finer("Continuing filtering chain for whitelisted page: " + requestURI);
if (isWhitelisted(httpRequest)){
logger.finer("Continuing filtering chain for whitelisted page: " + httpRequest);
chain.doFilter(request, response);
} else {
// do not continue the filter pipeline forward to login page
logger.fine("User not authenticated, redirecting to login page.");
ZalleryServlet.redirect(LoginServlet.URI, (HttpServletRequest) request, (HttpServletResponse) response);
ZalleryServlet.redirect(LoginServlet.URI, httpRequest, (HttpServletResponse) response);
}
}
}
private boolean isWhitelisted(String requestURI) {
if (ObjectUtil.isEmpty(requestURI))
private boolean isWhitelisted(HttpServletRequest request) {
if (ObjectUtil.isEmpty(request))
return false;
for (String whitelistURI : WHITELIST) {
if (requestURI.endsWith(whitelistURI))
if (request.getRequestURI().startsWith(Zallery.WEBSITE_PATH + whitelistURI))
return true;
}
return false;