Author: snoopdave Date: Sun May 6 21:52:59 2012 New Revision: 1334797 URL: http://svn.apache.org/viewvc?rev=1334797&view=rev Log: Beginnings of a Salt filter
Added: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java Modified: roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml Added: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java?rev=1334797&view=auto ============================================================================== --- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java (added) +++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java Sun May 6 21:52:59 2012 @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.core.filters; + +import java.io.IOException; +import java.security.SecureRandom; +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import org.apache.commons.lang.RandomStringUtils; +import org.apache.roller.weblogger.util.LRUCache2; + +public class LoadSaltFilter implements Filter { + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest httpReq = (HttpServletRequest) request; + + LRUCache2 saltCache = (LRUCache2) + httpReq.getSession().getAttribute("saltCache"); + if (saltCache == null){ + saltCache = new LRUCache2(10000,3000); + httpReq.getSession().setAttribute("saltCache", saltCache); + } + String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom()); + saltCache.put(salt, Boolean.TRUE); + httpReq.setAttribute("salt", salt); + + chain.doFilter(request, response); + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + @Override + public void destroy() { + } +} \ No newline at end of file Added: roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java?rev=1334797&view=auto ============================================================================== --- roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java (added) +++ roller/branches/roller_5.0/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java Sun May 6 21:52:59 2012 @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. The ASF licenses this file to You + * under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. For additional information regarding + * copyright in this work, please see the NOTICE file in the top level + * directory of this distribution. + */ + +package org.apache.roller.weblogger.ui.core.filters; + +import java.io.IOException; +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import org.apache.roller.weblogger.util.LRUCache2; + +public class ValidateSaltFilter implements Filter { + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest httpReq = (HttpServletRequest) request; + + String salt = (String) httpReq.getParameter("salt"); + LRUCache2 saltCache = (LRUCache2) + httpReq.getSession().getAttribute("saltCache"); + + if (saltCache != null && salt != null && saltCache.get(salt) != null){ + chain.doFilter(request, response); + } else { + throw new ServletException("Security Violation"); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + @Override + public void destroy() { + } +} \ No newline at end of file Modified: roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml?rev=1334797&r1=1334796&r2=1334797&view=diff ============================================================================== --- roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml (original) +++ roller/branches/roller_5.0/weblogger-webapp/src/main/webapp/WEB-INF/web.xml Sun May 6 21:52:59 2012 @@ -81,6 +81,15 @@ <filter-class>org.apache.roller.weblogger.ui.core.filters.CharEncodingFilter</filter-class> </filter> + <filter> + <filter-name>LoadSaltFilter</filter-name> + <filter-class>org.apache.roller.weblogger.ui.core.filters.LoadSaltFilter</filter-class> + </filter> + + <filter> + <filter-name>ValidateSaltFilter</filter-name> + <filter-class>org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter</filter-class> + </filter> <!-- ****************************************** Filter mappings - order IS important here. @@ -151,6 +160,18 @@ <dispatcher>REQUEST</dispatcher> </filter-mapping> +<!-- + <filter-mapping> + <filter-name>LoadSaltFilter</filter-name> + <url-pattern>/roller-ui</url-pattern> + </filter-mapping> + + <filter-mapping> + <filter-name>ValidateSaltFilter</filter-name> + <url-pattern>/roller-ui</url-pattern> + </filter-mapping> +--> + <!-- Request mapping. this is what allows the urls to work --> <filter-mapping> <filter-name>RequestMappingFilter</filter-name>