details: https://code.openbravo.com/erp/devel/pi/rev/3d24fc923328 changeset: 30689:3d24fc923328 user: Martin Taal <martin.taal <at> openbravo.com> date: Sun Nov 27 21:10:20 2016 +0100 summary: Fixes issue 34331: Support pre-defined allowed domains for cross-domain requests in a multi-server environment Solve code review comments: changed license text, update visibility and set application scoped
diffstat: src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java | 31 ++++++--- 1 files changed, 19 insertions(+), 12 deletions(-) diffs (67 lines): diff -r 127865df93dd -r 3d24fc923328 src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java --- a/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Sat Nov 26 14:03:59 2016 +0100 +++ b/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java Sun Nov 27 21:10:20 2016 +0100 @@ -1,13 +1,20 @@ /* - ************************************************************************************ - * Copyright (C) 2016 Openbravo S.L.U. - * Licensed under the Apache Software License version 2.0 - * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software distributed - * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - * CONDITIONS OF ANY KIND, either express or implied. See the License for the - * specific language governing permissions and limitations under the License. - ************************************************************************************ + ************************************************************************* + * The contents of this file are subject to the Openbravo Public License + * Version 1.1 (the "License"), being the Mozilla Public License + * Version 1.1 with a permitted attribution clause; you may not use this + * file except in compliance with the License. You may obtain a copy of + * the License at http://www.openbravo.com/legal/license.html + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the + * License for the specific language governing rights and limitations + * under the License. + * The Original Code is Openbravo ERP. + * The Initial Developer of the Original Code is Openbravo SLU + * All portions are Copyright (C) 2016 Openbravo SLU + * All Rights Reserved. + * Contributor(s): ______________________________________. + ************************************************************************ */ package org.openbravo.base.secureApp; @@ -15,6 +22,7 @@ import java.util.ArrayList; import java.util.Collection; +import javax.enterprise.context.ApplicationScoped; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -54,7 +62,7 @@ * , the origin can be obtained from the request * @return */ - public boolean isAllowedOrigin(HttpServletRequest request, String origin) { + private boolean isAllowedOrigin(HttpServletRequest request, String origin) { for (AllowedCrossDomainsChecker checker : getCheckers()) { if (checker.isAllowedOrigin(request, origin)) { return true; @@ -98,8 +106,6 @@ if (origin != null && !origin.equals("")) { if (!isAllowedOrigin(request, origin)) { - log.error("Origin " + origin + " is not allowed, request information: " - + request.getRequestURL() + "-" + request.getQueryString()); return; } @@ -125,6 +131,7 @@ * * @author mtaal */ + @ApplicationScoped public static abstract class AllowedCrossDomainsChecker { public abstract boolean isAllowedOrigin(HttpServletRequest request, String origin); ------------------------------------------------------------------------------ _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits
