Changeset 33993

Timestamp:

2020-03-02T14:10:20+13:00 (4 years ago)

Author:

kjdon

Message:

when downloading a pdf, browsers seem to make more than one request - getting parts at a time??. New Chrome versions then get stuck and can't load the whole file, as the second request gets redirected to the verify page. Have set usertimer (5secs) for all verified sessions, so that subsequent requests for the same doc will go through without needing additional verification

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java (modified) (11 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/core/URLFilter.java

@@ -92 +92 @@
   // accepted already
   protected Hashtable<String, UserTimer> verifiedUserMap = null;
-  protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000; 
+    // timeouts are in millisecs
+  protected static final int verifiedUserTimeout = 24 * 60 * 60 * 1000;
+    protected static final int tempUserTimeout = 5 * 1000;
   
   public void init(FilterConfig filterConfig) throws ServletException
   {
     this._filterConfig = filterConfig;
+    this.verifiedUserMap = new Hashtable<String, UserTimer>();
   }
 
@@ -420 +423 @@
 
 
-  private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {
-    HttpSession session = request.getSession();
-    String session_id = session.getId();
-    ServletContext context = session.getServletContext();
-
+    private void securityCheckAssocFiles(String url, HttpServletRequest request, ServletResponse response) throws IOException, ServletException {
+    HttpSession session = request.getSession();
+    String session_id = session.getId();
+    ServletContext context = session.getServletContext();
+    logger.info("securityCheck, session id = "+session_id+", url = "+url);
         // now we need to get library name from the path, which is like
     // /greenstone3/library/sites/localsite/collect/collname/index/assoc/...
@@ -495 +498 @@
     }
     
-    //Query the MR for the security info for this document - can we show it? Or do we need to be logged in?
-    // Or do we need to throw up the verify page?
+    //Query the MR for the security info for this document
+    // - can we show the document?
+    // - Or do we need to be logged in?
+    // - Or do we need to throw up the verify page?
     
     // While we are doing this, query the document for its srclinkFile metadata - then we can determine if the
@@ -560 +565 @@
           }
       }
+
     // if got here have no groups that we need to belong to
     // do we have human verify thing?
@@ -570 +576 @@
       String hmvf_response = request.getParameter(GSParams.VERIFIED);
       if (hmvf_response != null && hmvf_response.equals("0")) {
-        // manually force the t&c (user has added hmvf=0 to url)
-      } else if (verify.equals("once")) {
-        // lets check whether they have done it already
-
-        if (verifiedUserMap == null) {
-          // we haven't done this at all, set up the map
-          verifiedUserMap = new Hashtable<String, UserTimer>();
-        } else {
-          // check this map
-          if (verifiedUserMap.containsKey(session_id)) {
-        already_verified = true;
-          }
-        }
-      }
-      
+          // manually force the t&c (user has added hmvf=0 to url)
+          // whether we have previously verified or not
+      } else if (verifiedUserMap.containsKey(session_id)) {
+          already_verified = true;
+      }
+
       if (!already_verified) {
           // have we just  done the test?
@@ -602 +599 @@
             String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=error&c="+collection+"&ec=recap_fail";             
             ((HttpServletResponse)response).sendRedirect(new_url);
-            
             return;
           }
@@ -610 +606 @@
         }
         already_verified = true;
+        // set up a timer for this verification - standard 24hour if
+        // verify==once, 5 sec otherwise (browsers seem to be trying to
+        // download prfs twice. Chrome gets stuck if the second time
+        // doesn't get verified)
+        int delay;
         if (verify.equals("once")) {
-          // store the fact that user has verified
-          UserTimer timer = new UserTimer(verifiedUserTimeout, session_id);
-          verifiedUserMap.put(session_id, timer);
-          timer.start();
+            delay = verifiedUserTimeout;
+        } else {
+            delay = tempUserTimeout;
         }
+        UserTimer timer = new UserTimer(delay, session_id);
+        verifiedUserMap.put(session_id, timer);
+        timer.start();
+        
+          
           } // hmvf = 1
       }
@@ -623 +628 @@
         // or we have been asked to force the T&C
         // we need to display the verify page
+          logger.info("displaying verify page for url " + url);
         String new_url = context.getContextPath()+"/"+ library_name+"?a=p&sa=verify&c="+collection+"&url="+url;             
         ((HttpServletResponse)response).sendRedirect(new_url);
@@ -630 +636 @@
     }// end if verifiable file 
     
-            
+    logger.info("have passed security checks");     
     // if we got here, we have passed all security checks and just want to view the file.
     // However, we need to remove the library_name from the URL. As can't change the
@@ -639 +645 @@
     url = url.replaceFirst(context.getContextPath(), "");
     url = url.replaceFirst("/"+library_name, "");
+    logger.info("forwarding to url "+url);
     request.getRequestDispatcher(url).forward(request, response);
 
@@ -691 +698 @@
   {
     String id = "";
-    
+
+      /* delay in milliseconds */
     public UserTimer(int delay, String id)
     {