geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r893183 - /geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
Date Tue, 22 Dec 2009 14:30:58 GMT
Author: xuhaihong
Date: Tue Dec 22 14:30:57 2009
New Revision: 893183

URL: http://svn.apache.org/viewvc?rev=893183&view=rev
Log:
Make sure the URLRebuildFilter could work correctly with XSSXSRFFilter

Modified:
    geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java

Modified: geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java?rev=893183&r1=893182&r2=893183&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
(original)
+++ geronimo/server/branches/2.1/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/filter/PlutoURLRebuildFilter.java
Tue Dec 22 14:30:57 2009
@@ -51,8 +51,13 @@
         HttpServletRequest httpServletRequest = (HttpServletRequest) request;
 
         HttpServletRequest wrappedHttpServletRequest = httpServletRequest;
+        HttpSession httpSession = httpServletRequest.getSession();
+        String actionParameters = null;
+        if (httpSession != null) {
+            actionParameters = "formId=" + (String) httpSession.getAttribute("formId");
+        }
         HttpServletResponse wrappedHttpServletResponse = new PlutoUrlResponse((HttpServletResponse)
response,
-                httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
+                httpServletRequest.getContextPath() + httpServletRequest.getServletPath(),
actionParameters);
         /*
          * 1. if it is file uploading, skip it, we must not invoke any method on it, or it
will corrupt the request
          * object. Maybe, in the future, we could handler file uploading uniformly here 
       
@@ -94,10 +99,12 @@
     protected static class PlutoUrlResponse extends HttpServletResponseWrapper {
 
         private String requestContextServletPath;
+        
+        private String actionParameters;
 
-        public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath)
{
+        public PlutoUrlResponse(HttpServletResponse response, String requestContextServletPath,
String actionParameters) {
             super(response);
-
+            this.actionParameters = actionParameters;
             this.requestContextServletPath = requestContextServletPath;
         }
 
@@ -111,6 +118,9 @@
                 writer
                         .write("<html><head></head><body onload='document.hform.submit()'><form
name='hform' method='POST' action='");
                 writer.write(requestContextServletPath);
+                if (actionParameters != null) {
+                    writer.write("?" + actionParameters);
+                }
                 writer.write("'><input type='hidden' name='" + HIDDEN_URL_ELEMENT_NAME
+ "' value='" + location
                         + "'/></form>");
                 writer.write("</body></html>");



Mime
View raw message