Changeset 33619

Show
Ignore:
Timestamp:
04.11.2019 11:36:56 (10 days ago)
Author:
kjdon
Message:

need to handle the case where a collection file (eg image) gets library in its url, but its not as assoc file. It doesn't need to go through the security checking, but we do need to remove library from its url

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java

    r33406 r33619  
    4949  protected static final String USERS_DB_URL = "etc/usersDB/.*"; 
    5050  protected static final ArrayList<String> _restrictedURLs; 
     51 
    5152  static 
    5253  { 
     
    5657    _restrictedURLs = restrictedURLs; 
    5758  } 
    58  
     59   
    5960  //Constants 
    6061  protected static final String DOCUMENT_PATH = "document"; 
     
    6566  protected static final String BROWSE_PATH = "browse"; 
    6667  protected static final String SEARCH_PATH = "search"; 
    67  
     68  protected static final ArrayList<String> _keywords; 
     69 
     70  static 
     71  { 
     72    ArrayList<String> keywords = new ArrayList<String>(); 
     73    keywords.add(PAGE_PATH); 
     74    keywords.add(BROWSE_PATH); 
     75    keywords.add(SEARCH_PATH); 
     76    keywords.add(DOCUMENT_PATH); 
     77    _keywords = keywords; 
     78  } 
     79   
    6880  protected static final String METADATA_RETRIEVAL_SERVICE = "DocumentMetadataRetrieve"; 
    6981  protected static final String ASSOCIATED_FILE_PATH = "/index/assoc/"; 
     
    116128      return; 
    117129    } 
    118   
     130      
    119131    // Run security checks on files requested from a collection's index/assoc folder 
    120132    if (url.contains(ASSOCIATED_FILE_PATH)) { 
     
    128140      return; 
    129141    } 
     142 
     143    // 
     144    if (url.contains(SITES_PATH)) { 
     145      // there are some site/collection images that are not associated files. 
     146      // these dont need to be security checked, but we need to remove the library name from the url if its there 
     147      String context_path = context.getContextPath(); 
     148      String regex = context_path+"/.+"+SITES_PATH+".*"; 
     149      if (url.matches(regex)) { 
     150    // a forward doesn't want the context path 
     151    String new_url = url.substring(url.indexOf(SITES_PATH)); 
     152    request.getRequestDispatcher(new_url).forward(request, response); 
     153    return; 
     154      } 
     155      // else if it doesn't match, ie the url was /greenstone3/sites/... 
     156      // we don't do anything and just let it continue 
     157    } 
     158     
     159       
    130160 
    131161    // if we are asking for an interface file, and it doesn't exist, then 
     
    154184    else 
    155185      { 
    156     ArrayList<String> keywords = new ArrayList<String>(); 
    157     keywords.add(PAGE_PATH); 
    158     keywords.add(BROWSE_PATH); 
    159     keywords.add(SEARCH_PATH); 
    160     keywords.add(DOCUMENT_PATH); 
    161186    //If we have a jsessionid on the end of our URL we want to ignore it 
    162187    int index; 
     
    173198        if (segments[i].equals(COLLECTION_PATH) && (i + 1) < segments.length) { 
    174199          int j=i+1; 
    175           while(j+1 < segments.length && !keywords.contains(segments[j+1])) { 
     200          while(j+1 < segments.length && !_keywords.contains(segments[j+1])) { 
    176201        j++; 
    177202          } 
     
    393418      return null; 
    394419  } 
    395        
     420 
    396421 
    397422  private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {