qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject svn commit: r1751433 - /qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
Date Tue, 05 Jul 2016 10:17:46 GMT
Author: kwall
Date: Tue Jul  5 10:17:46 2016
New Revision: 1751433

URL: http://svn.apache.org/viewvc?rev=1751433&view=rev
Log:
QPID-7342: [Java Broker] Strengthen request path matching in forbidding filter

Modified:
    qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java?rev=1751433&r1=1751432&r2=1751433&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/filter/ForbiddingAuthorisationFilter.java
Tue Jul  5 10:17:46 2016
@@ -40,7 +40,7 @@ import org.apache.qpid.server.model.Brok
 
 public class ForbiddingAuthorisationFilter implements Filter
 {
-    public static String INIT_PARAM_ALLOWED = "allowed";
+    public static final String INIT_PARAM_ALLOWED = "allowed";
     private String _allowed = null;
 
     private Broker _broker;
@@ -55,7 +55,7 @@ public class ForbiddingAuthorisationFilt
     public void init(FilterConfig config) throws ServletException
     {
         String allowed = config.getInitParameter(INIT_PARAM_ALLOWED);
-        if (allowed != null)
+        if (allowed != null && !"".equals(allowed))
         {
             _allowed = allowed;
         }
@@ -71,7 +71,7 @@ public class ForbiddingAuthorisationFilt
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpServletResponse httpResponse = (HttpServletResponse) response;
         String servletPath = httpRequest.getServletPath();
-        if (_allowed == null || "".equals(_allowed) || servletPath.indexOf(_allowed) == -1)
+        if (_allowed == null || !servletPath.startsWith(_allowed))
         {
             try
             {



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message