cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [2/3] git commit: updated refs/heads/4.5-samlfixes to b6782a0
Date Mon, 03 Aug 2015 19:46:28 GMT
CLOUDSTACK-8702: Add/refactor sessionkey checking code to HttpUtils

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c067b516
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c067b516
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c067b516

Branch: refs/heads/4.5-samlfixes
Commit: c067b51624eb855990ef19171664a3870c5d324d
Parents: 2ed9539
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Mon Aug 3 14:34:20 2015 +0530
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Tue Aug 4 01:16:09 2015 +0530

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServlet.java |  8 +-------
 utils/src/com/cloud/utils/HttpUtils.java | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c067b516/server/src/com/cloud/api/ApiServlet.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index d9e77bd..070545d 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -237,13 +237,7 @@ public class ApiServlet extends HttpServlet {
                 userId = (Long)session.getAttribute("userid");
                 final String account = (String) session.getAttribute("account");
                 final Object accountObj = session.getAttribute("accountobj");
-                final String sessionKey = (String) session.getAttribute(ApiConstants.SESSIONKEY);
-                final String sessionKeyFromCookie = HttpUtils.findCookie(req.getCookies(),
ApiConstants.SESSIONKEY);
-                final String[] sessionKeyFromParams = (String[]) params.get(ApiConstants.SESSIONKEY);
-                if ((sessionKey == null)
-                        || (sessionKeyFromParams == null && sessionKeyFromCookie
== null)
-                        || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
-                        || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie)))
{
+                if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY))
{
                     try {
                         session.invalidate();
                     } catch (final IllegalStateException ise) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c067b516/utils/src/com/cloud/utils/HttpUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/HttpUtils.java b/utils/src/com/cloud/utils/HttpUtils.java
index 6077c44..379b117 100644
--- a/utils/src/com/cloud/utils/HttpUtils.java
+++ b/utils/src/com/cloud/utils/HttpUtils.java
@@ -23,7 +23,9 @@ import org.apache.log4j.Logger;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Map;
 
 public class HttpUtils {
 
@@ -89,4 +91,18 @@ public class HttpUtils {
             }
         }
     }
+
+    public static boolean validateSessionKey(final HttpSession session, final Map<String,
Object[]> params, final Cookie[] cookies, final String sessionKeyString) {
+        final String sessionKey = (String) session.getAttribute(sessionKeyString);
+        final String sessionKeyFromCookie = HttpUtils.findCookie(cookies, sessionKeyString);
+        final String[] sessionKeyFromParams = (String[]) params.get(sessionKeyString);
+        if ((sessionKey == null)
+                || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
+                || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
+                || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie)))
{
+            return false;
+        }
+        return true;
+    }
+
 }


Mime
View raw message