JUDDI-886 fixed JUDDI-884 fixed
Project: http://git-wip-us.apache.org/repos/asf/juddi/repo Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/b72eba07 Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/b72eba07 Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/b72eba07 Branch: refs/heads/master Commit: b72eba072c3f35fd296df441072d14d6d22d3c59 Parents: f24df6e Author: alexoree <[email protected]> Authored: Sat Nov 1 18:55:36 2014 -0400 Committer: alexoree <[email protected]> Committed: Sat Nov 1 18:55:36 2014 -0400 ---------------------------------------------------------------------- juddi-gui-dsig/pom.xml | 4 ++++ juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF | 3 +++ juddi-gui/src/main/webapp/ajax/deletebinding.jsp | 1 + juddi-gui/src/main/webapp/ajax/getCert.jsp | 1 + juddi-gui/src/main/webapp/ajax/opInfo.jsp | 1 + juddi-gui/src/main/webapp/ajax/saveFromXML.jsp | 1 + juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp | 1 + juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp | 1 + juddi-gui/src/main/webapp/ajax/toXML.jsp | 10 ++++------ juddi-gui/src/main/webapp/ajax/validateSignature.jsp | 1 + 10 files changed, 18 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui-dsig/pom.xml ---------------------------------------------------------------------- diff --git a/juddi-gui-dsig/pom.xml b/juddi-gui-dsig/pom.xml index 8847cdf..d76e601 100644 --- a/juddi-gui-dsig/pom.xml +++ b/juddi-gui-dsig/pom.xml @@ -27,6 +27,9 @@ language governing permissions and * limitations under the License. * */ --> <descriptorRefs> <descriptorRef>jar-with-dependencies</descriptorRef> </descriptorRefs> + <archive> + <manifestFile>src/main/resources/META-INF/MANIFEST.MF</manifestFile> + </archive> </configuration> <executions> <execution> @@ -48,6 +51,7 @@ language governing permissions and * limitations under the License. * */ --> </goals> <phase>package</phase> <configuration> + <archive>${project.build.directory}/${artifactId}-${version}-jar-with-dependencies.jar</archive> <keystore>src/main/keystore/signing-jar.keystore</keystore> <alias>applet</alias> http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF ---------------------------------------------------------------------- diff --git a/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF b/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF new file mode 100644 index 0000000..05cd93f --- /dev/null +++ b/juddi-gui-dsig/src/main/resources/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Permissions: all-permissions +Application-Name: Apache jUDDI Digital Signature Applet +Codebase: * \ No newline at end of file http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/deletebinding.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/deletebinding.jsp b/juddi-gui/src/main/webapp/ajax/deletebinding.jsp index d56602f..66452df 100644 --- a/juddi-gui/src/main/webapp/ajax/deletebinding.jsp +++ b/juddi-gui/src/main/webapp/ajax/deletebinding.jsp @@ -7,6 +7,7 @@ <%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%> <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> +<%@include file="../csrf.jsp" %> <!DOCTYPE html> <% http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/getCert.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/getCert.jsp b/juddi-gui/src/main/webapp/ajax/getCert.jsp index d5232b2..9a4f108 100644 --- a/juddi-gui/src/main/webapp/ajax/getCert.jsp +++ b/juddi-gui/src/main/webapp/ajax/getCert.jsp @@ -3,6 +3,7 @@ Created on : Mar 28, 2013, 6:39:09 PM Author : Alex O'Ree --%><%@page import="org.apache.juddi.webconsole.hub.UddiHub"%><% + //note CSRF left off due to additiona endlines being injected (screws with parsing of the x509 cert) String type = request.getParameter("type"); String id = request.getParameter("id"); int index = 0; http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/opInfo.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/opInfo.jsp b/juddi-gui/src/main/webapp/ajax/opInfo.jsp index 1bd0491..14bbcf2 100644 --- a/juddi-gui/src/main/webapp/ajax/opInfo.jsp +++ b/juddi-gui/src/main/webapp/ajax/opInfo.jsp @@ -7,6 +7,7 @@ <%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%> <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> +<%@include file="../csrf.jsp" %> <!DOCTYPE html> <% String id=null; http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp b/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp index a684efa..01cce50 100644 --- a/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp +++ b/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp @@ -19,6 +19,7 @@ <%@page import="org.apache.juddi.jaxb.EntityCreator"%> <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page import="org.apache.juddi.jaxb.PrintUDDI"%> +<%@include file="../csrf.jsp" %> <%@page contentType="text/html" pageEncoding="UTF-8"%><% UddiHub x = UddiHub.getInstance(application, session); http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp b/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp index e7c8c6e..fdd8d1c 100644 --- a/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp +++ b/juddi-gui/src/main/webapp/ajax/subscriptionFeed.jsp @@ -10,6 +10,7 @@ <%@page import="javax.xml.datatype.DatatypeFactory"%> <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> +<%@include file="../csrf.jsp" %> <!DOCTYPE html> <% UddiHub x = UddiHub.getInstance(application, session); http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp b/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp index 7b8b7d1..870858f 100644 --- a/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp +++ b/juddi-gui/src/main/webapp/ajax/tmodelsearch.jsp @@ -9,6 +9,7 @@ <%@page import="org.apache.juddi.webconsole.hub.PagableContainer"%> <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> +<%@include file="../csrf.jsp" %> <!DOCTYPE html> <% UddiHub x = UddiHub.getInstance(application, request.getSession()); http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/toXML.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/toXML.jsp b/juddi-gui/src/main/webapp/ajax/toXML.jsp index 7882f78..e36c0de 100644 --- a/juddi-gui/src/main/webapp/ajax/toXML.jsp +++ b/juddi-gui/src/main/webapp/ajax/toXML.jsp @@ -3,10 +3,10 @@ Created on : Mar 14, 2013, 9:17:21 PM Author : Alex O'Ree --%><%@page import="javax.xml.bind.JAXB"%><%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%><%@page import="org.apache.juddi.jaxb.JAXBMarshaller"%><%@page import="org.apache.juddi.jaxb.EntityCreator"%><%@page import="org.apache.juddi.webconsole.hub.UddiHub"%><%@page import="org.apache.juddi.jaxb.PrintUDDI"%><%@page contentType="text/html" pageEncoding="UTF-8"%><% -//<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -//NO NOT UNCOMMENT -// response.setContentType("text/xml"); - UddiHub x = UddiHub.getInstance(application, session); + + //do we need cross site request forgery project here? probably but it's left out due to adding additional end lines + //its low risk here since nothing actually changes server side for these functions + UddiHub x = UddiHub.getInstance(application, session); String type = request.getParameter("type"); String id = request.getParameter("id"); @@ -26,8 +26,6 @@ } if (j != null) { JAXB.marshal(j, out); - // out.write(JAXBMarshaller.marshallToString(j, JAXBMarshaller.PACKAGE_UDDIAPI)); - // out.write(EntityCreator.outputEntityToString(j, "org.apache.juddi.api_v3")); } else { out.write(ResourceLoader.GetResource(session, "items.unknown")); response.setStatus(406); http://git-wip-us.apache.org/repos/asf/juddi/blob/b72eba07/juddi-gui/src/main/webapp/ajax/validateSignature.jsp ---------------------------------------------------------------------- diff --git a/juddi-gui/src/main/webapp/ajax/validateSignature.jsp b/juddi-gui/src/main/webapp/ajax/validateSignature.jsp index 53782bc..1992888 100644 --- a/juddi-gui/src/main/webapp/ajax/validateSignature.jsp +++ b/juddi-gui/src/main/webapp/ajax/validateSignature.jsp @@ -14,6 +14,7 @@ <%@page import="org.apache.juddi.webconsole.hub.UddiHub"%> <%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> +<%@include file="../csrf.jsp" %> <% //org.apache.juddi.jaxb.PrintUDDI p = new PrintUDDI(); UddiHub x = UddiHub.getInstance(application, session); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
