Changeset 33212 for main/trunk/greenstone3
- Timestamp:
- 2019-06-24T14:13:12+12:00 (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java
r33181 r33212 6 6 import java.util.Arrays; 7 7 import java.util.HashMap; 8 import java.util.Hashtable; 8 9 import java.util.Map; 9 10 … … 21 22 import javax.servlet.http.HttpServletResponse; 22 23 24 import java.awt.event.ActionEvent; 25 import java.awt.event.ActionListener; 26 import javax.swing.Timer; 27 23 28 import org.apache.commons.io.FileUtils; 24 29 import org.apache.commons.lang3.StringUtils; … … 38 43 { 39 44 private FilterConfig _filterConfig = null; 40 private static Logger _logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName());45 private static Logger logger = Logger.getLogger(org.greenstone.gsdl3.core.URLFilter.class.getName()); 41 46 42 47 //Restricted URLs … … 72 77 protected static final String SYSTEM_SUBACTION_DEACTIVATE = "deactivate"; 73 78 79 // if we are showing terms and conditions to user, this remembers who has accepted already 80 protected Hashtable<String, UserTimer> verifiedUserMap = null; 81 protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000; 82 74 83 public void init(FilterConfig filterConfig) throws ServletException 75 84 { … … 87 96 if (!(request instanceof HttpServletRequest)) { 88 97 // Can this ever happen? 89 _logger.error("The request was not an HttpServletRequest");98 logger.error("The request was not an HttpServletRequest"); 90 99 return; 91 100 } … … 94 103 HttpServletRequest hRequest = ((HttpServletRequest) request); 95 104 HttpSession hSession = hRequest.getSession(); 105 String session_id = hSession.getId(); 96 106 ServletContext context = hSession.getServletContext(); 97 107 … … 106 116 return; 107 117 } 108 118 logger.error("in do Filter: "+url); 109 119 110 120 // Run security checks on files requested from a collection's index/assoc folder … … 125 135 126 136 if (gsRouter == null) { 127 _logger.error("Receptionist is null, stopping filter");137 logger.error("Receptionist is null, stopping filter"); 128 138 return; 129 139 } 130 140 // Sometimes we have a // before the filename - that mucks up the following code, so lets remove them 131 141 url = url.replaceAll("//","/"); 142 132 143 String dir = null; 133 144 int dirStart = url.indexOf(ASSOCIATED_FILE_PATH) + ASSOCIATED_FILE_PATH.length(); … … 205 216 206 217 Element mr_response = (Element)gsRouter.process(securityMessage); 207 _logger.debug("security response = "+XMLConverter.getPrettyString(mr_response));218 logger.debug("security response = "+XMLConverter.getPrettyString(mr_response)); 208 219 209 220 boolean verifiable_file = true; … … 242 253 } 243 254 } 244 // if got here have no groups .255 // if got here have no groups that we need to belong to 245 256 // do we have human verify thing? 246 257 if (verifiable_file) { 247 258 // we are asking for the main document - lets check human verify 248 259 logger.error("KATH verifiable file is true"); 249 260 if (!securityResponse.getAttribute(GSXML.VERIFY_ATT).equals("")) { 250 261 // have we done the test previously? 251 HttpSession this_session = ((HttpServletRequest) request).getSession(); 252 if (this_session == null) { 253 _logger.error("KATH session is null"); 262 boolean already_verified = false; 263 if (verifiedUserMap == null) { 264 // we haven't done this at all, set up the map 265 verifiedUserMap = new Hashtable<String, UserTimer>(); 266 logger.error("KATH setting up new user map"); 254 267 } else { 255 _logger.error("KATH session id = "+this_session.getId()); 268 // check this map 269 if (verifiedUserMap.containsKey(session_id)) { 270 already_verified = true; 271 } 256 272 } 257 if (this_session.getAttribute(GSParams.VERIFIED) != null ) { 258 _logger.error("KATH have verified in the session"); 259 // we don't need to re-verify 260 } else { 261 _logger.error("KATH verfied not in session"); 262 273 logger.error("KATH already verified = "+already_verified); 274 275 if (!already_verified) { 263 276 // have we just done the test? 264 277 String hmvf_response = gRequest.getParameter(GSParams.VERIFIED); 265 278 // hmvf param will be set by form if the verify page was submitted 266 279 if (hmvf_response != null && hmvf_response.equals("1")) { 280 logger.error("user has submitted the form, check recaptcha response"); 267 281 if (!securityResponse.getAttribute(GSXML.SITE_KEY_ATT).equals("")) { 268 282 String recaptcha_response = gRequest.getParameter(Authentication.RECAPTCHA_RESPONSE_PARAM); 269 283 String secret_key = securityResponse.getAttribute(GSXML.SECRET_KEY_ATT); 270 284 int result = Authentication.verifyRecaptcha(secret_key, recaptcha_response); 271 _logger.debug("recaptcha result code = "+result);285 logger.error("recaptcha result code = "+result); 272 286 if (result == Authentication.NO_ERROR) { 273 _logger.debug("RECAPTCHA SUCCESS, hopefully going to the document");274 275 this_session.setAttribute(GSParams.VERIFIED, "1");287 logger.error("RECAPTCHA SUCCESS, hopefully going to the document"); 288 289 276 290 } else { 277 _logger.error("something went wrong with recaptcha, error="+result);278 _logger.error(Authentication.getErrorKey(result));291 logger.error("something went wrong with recaptcha, error="+result); 292 logger.error(Authentication.getErrorKey(result)); 279 293 // display error page 280 //String new_url = context.getContextPath()+"/"+ context.getAttribute("LibraryName")+"?a=p&sa=error&c="+collection+"&ec=recap_fail";281 294 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=recap_fail"; 282 295 ((HttpServletResponse)response).sendRedirect(new_url); … … 284 297 return; 285 298 } 299 300 // store the fact that user has verified 301 UserTimer timer = new UserTimer(verifiedUserTimeout, session_id); 302 verifiedUserMap.put(session_id, timer); 303 timer.start(); 304 286 305 } 287 306 … … 289 308 // hmvf param is not set - we haven't shown them the form yet 290 309 // we need to display the verify page 310 logger.error("KATH display verify page"); 291 311 //String new_url = context.getContextPath()+"/"+ context.getAttribute("LibraryName")+"?a=p&sa=verify&c="+collection+"&url="+url; 292 312 String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=verify&c="+collection+"&url="+url; … … 295 315 } 296 316 } 297 } 298 } 317 } // end if we are asked to verify it 318 } // end if verifiable file 299 319 300 320 … … 302 322 // However, we need to remove the library_name from the URL. As can't change the 303 323 // existing URL, we need to forward to the new one. 324 // (Can't do redirect as it will come back into this code and fail as there won't be library in the url) 304 325 // Remove the context and library name parts. 305 326 // don't know what happens with the rest of the filter chain? Does this bypass that?? … … 592 613 if (metadataList.getLength() == 0) { 593 614 594 _logger.error("Could not find the document related to this url");615 logger.error("Could not find the document related to this url"); 595 616 return null; 596 617 } … … 605 626 606 627 } 628 629 private class UserTimer extends Timer implements ActionListener 630 { 631 String id = ""; 632 633 public UserTimer(int delay, String id) 634 { 635 super(delay, (ActionListener) null); 636 addActionListener(this); 637 this.id = id; 638 } 639 640 public void actionPerformed(ActionEvent e) 641 { 642 verifiedUserMap.remove(id); 643 stop(); 644 } 645 646 } 647 607 648 608 649 }
Note:
See TracChangeset
for help on using the changeset viewer.