added further check on the user and groupid in the XHR Request

git-svn-id: https://svn.research-infrastructures.eu/d4science/gcube/trunk/portal/portal-manager@152517 82a268e6-3cf1-43bd-a215-b396298e98cf

pom.xml

@@ -10,7 +10,7 @@
 
 	<groupId>org.gcube.common.portal</groupId>
 	<artifactId>portal-manager</artifactId>
-	<version>2.3.0-SNAPSHOT</version>
+	<version>2.4.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<name>gCube Portal Manager</name>
 	<description>

src/main/java/org/gcube/common/portal/PortalContext.java

@@ -13,6 +13,7 @@ import javax.portlet.RenderRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.codec.binary.StringUtils;
 import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.provider.UserInfo;
@@ -57,6 +58,7 @@ public class PortalContext {
 	 * Scope separators used in linear syntax.
 	 */
 	protected static final String SCOPE_SEPARATOR = "/";
+	private static final String REGEX_ISNUMBER = "\\d+";
 
 	private final static String DEFAULT_ROLE = "OrganizationMember";
 	public static final String CONFIGURATION_FOLDER = "conf";
@@ -152,7 +154,7 @@ public class PortalContext {
 	public GCubeUser getCurrentUser(HttpServletRequest httpServletRequest) {
 		String userIdNo = httpServletRequest.getHeader(USER_ID_ATTR_NAME);
 		long userId = -1;
-		if (userIdNo != null) {
+		if (userIdNo != null && userIdNo.matches(REGEX_ISNUMBER)) {
 			try {
 				_log.debug("The userIdNo is " + userIdNo);
 				userId = Long.parseLong(userIdNo);
@@ -202,7 +204,7 @@ public class PortalContext {
 	 * @return the scope (context)
 	 */
 	public String getCurrentScope(String scopeGroupId) {
-		if (scopeGroupId != null) {
+		if (scopeGroupId != null && scopeGroupId.matches(REGEX_ISNUMBER)) {
 			long groupId = -1;
 			try {
 				groupId = Long.parseLong(scopeGroupId);
@@ -252,7 +254,7 @@ public class PortalContext {
 	 */
 	public String getCurrentGroupName(HttpServletRequest httpServletRequest) {
 		String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
-		if (groupIdNo != null) {
+		if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
 			long groupId = -1;
 			try {
 				groupId = Long.parseLong(groupIdNo);
@@ -285,7 +287,7 @@ public class PortalContext {
 	 */
 	public long getCurrentGroupId(HttpServletRequest httpServletRequest) {
 		String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
-		if (groupIdNo != null) {
+		if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
 			long groupId = -1;
 			try {
 				groupId = Long.parseLong(groupIdNo);
@@ -324,7 +326,7 @@ public class PortalContext {
 		}
 		else {
 			String toReturn = readTokenPropertyFile();
-			_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
+			_log.debug("getCurrentToken devMode into IDE detected, returning token: " + toReturn.toString());
 			_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
 			return toReturn;
 		}
@@ -376,7 +378,7 @@ public class PortalContext {
 	public String getCurrentUserToken(HttpServletRequest httpServletRequest) {
 		String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
 		String userToken = null;
-		if (groupIdNo != null) {
+		if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
 			String scope = getCurrentScope(httpServletRequest);
 			String username = getCurrentUser(httpServletRequest).getUsername();
 			try {