- Timestamp:
- 2020-03-02T14:10:20+13:00 (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java
r33619 r33993 92 92 // accepted already 93 93 protected Hashtable<String, UserTimer> verifiedUserMap = null; 94 protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000; 94 // timeouts are in millisecs 95 protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000; 96 protected static final int tempUserTimeout = 5 * 1000; 95 97 96 98 public void init(FilterConfig filterConfig) throws ServletException 97 99 { 98 100 this._filterConfig = filterConfig; 101 this.verifiedUserMap = new Hashtable<String, UserTimer>(); 99 102 } 100 103 … … 420 423 421 424 422 private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {423 424 425 426 425 private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException { 426 HttpSession session = request.getSession(); 427 String session_id = session.getId(); 428 ServletContext context = session.getServletContext(); 429 logger.info("securityCheck, session id = "+session_id+", url = "+url); 427 430 // now we need to get library name from the path, which is like 428 431 // /greenstone3/library/sites/localsite/collect/collname/index/assoc/... … … 495 498 } 496 499 497 //Query the MR for the security info for this document - can we show it? Or do we need to be logged in? 498 // Or do we need to throw up the verify page? 500 //Query the MR for the security info for this document 501 // - can we show the document? 502 // - Or do we need to be logged in? 503 // - Or do we need to throw up the verify page? 499 504 500 505 // While we are doing this, query the document for its srclinkFile metadata - then we can determine if the … … 560 565 } 561 566 } 567 562 568 // if got here have no groups that we need to belong to 563 569 // do we have human verify thing? … … 570 576 String hmvf_response = request.getParameter(GSParams.VERIFIED); 571 577 if (hmvf_response != null && hmvf_response.equals("0")) { 572 // manually force the t&c (user has added hmvf=0 to url) 573 } else if (verify.equals("once")) { 574 // lets check whether they have done it already 575 576 if (verifiedUserMap == null) { 577 // we haven't done this at all, set up the map 578 verifiedUserMap = new Hashtable<String, UserTimer>(); 579 } else { 580 // check this map 581 if (verifiedUserMap.containsKey(session_id)) { 582 already_verified = true; 583 } 584 } 585 } 586 578 // manually force the t&c (user has added hmvf=0 to url) 579 // whether we have previously verified or not 580 } else if (verifiedUserMap.containsKey(session_id)) { 581 already_verified = true; 582 } 583 587 584 if (!already_verified) { 588 585 // have we just done the test? … … 602 599 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=recap_fail"; 603 600 ((HttpServletResponse)response).sendRedirect(new_url); 604 605 601 return; 606 602 } … … 610 606 } 611 607 already_verified = true; 608 // set up a timer for this verification - standard 24hour if 609 // verify==once, 5 sec otherwise (browsers seem to be trying to 610 // download prfs twice. Chrome gets stuck if the second time 611 // doesn't get verified) 612 int delay; 612 613 if (verify.equals("once")) { 613 // store the fact that user has verified 614 UserTimer timer = new UserTimer(verifiedUserTimeout, session_id); 615 verifiedUserMap.put(session_id, timer); 616 timer.start(); 614 delay = verifiedUserTimeout; 615 } else { 616 delay = tempUserTimeout; 617 617 } 618 UserTimer timer = new UserTimer(delay, session_id); 619 verifiedUserMap.put(session_id, timer); 620 timer.start(); 621 622 618 623 } // hmvf = 1 619 624 } … … 623 628 // or we have been asked to force the T&C 624 629 // we need to display the verify page 630 logger.info("displaying verify page for url " + url); 625 631 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=verify&c="+collection+"&url="+url; 626 632 ((HttpServletResponse)response).sendRedirect(new_url); … … 630 636 }// end if verifiable file 631 637 632 638 logger.info("have passed security checks"); 633 639 // if we got here, we have passed all security checks and just want to view the file. 634 640 // However, we need to remove the library_name from the URL. As can't change the … … 639 645 url = url.replaceFirst(context.getContextPath(), ""); 640 646 url = url.replaceFirst("/"+library_name, ""); 647 logger.info("forwarding to url "+url); 641 648 request.getRequestDispatcher(url).forward(request, response); 642 649 … … 691 698 { 692 699 String id = ""; 693 700 701 /* delay in milliseconds */ 694 702 public UserTimer(int delay, String id) 695 703 {
Note:
See TracChangeset
for help on using the changeset viewer.