gCubeSystem
/
portal-manager
15
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added further check on the user and groupid in the XHR Request 

git-svn-id: https://svn.research-infrastructures.eu/d4science/gcube/trunk/portal/portal-manager@152517 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Massimiliano Assante 2017-08-24 17:29:18 +00:00
parent fcbd8b8f56
commit 79bae717a2
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -10,7 +10,7 @@
<groupId>org.gcube.common.portal</groupId>
<artifactId>portal-manager</artifactId>
<version>2.3.0-SNAPSHOT</version>
<version>2.4.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>gCube Portal Manager</name>
<description>

14
src/main/java/org/gcube/common/portal/PortalContext.java
View File

@ -13,6 +13,7 @@ import javax.portlet.RenderRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.StringUtils;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
@ -57,6 +58,7 @@ public class PortalContext {
* Scope separators used in linear syntax.
*/
protected static final String SCOPE_SEPARATOR = "/";
private static final String REGEX_ISNUMBER = "\\d+";
private final static String DEFAULT_ROLE = "OrganizationMember";
public static final String CONFIGURATION_FOLDER = "conf";
@ -152,7 +154,7 @@ public class PortalContext {
public GCubeUser getCurrentUser(HttpServletRequest httpServletRequest) {
String userIdNo = httpServletRequest.getHeader(USER_ID_ATTR_NAME);
long userId = -1;
if (userIdNo != null) {
if (userIdNo != null && userIdNo.matches(REGEX_ISNUMBER)) {
try {
_log.debug("The userIdNo is " + userIdNo);
userId = Long.parseLong(userIdNo);
@ -202,7 +204,7 @@ public class PortalContext {
* @return the scope (context)
*/
public String getCurrentScope(String scopeGroupId) {
if (scopeGroupId != null) {
if (scopeGroupId != null && scopeGroupId.matches(REGEX_ISNUMBER)) {
long groupId = -1;
try {
groupId = Long.parseLong(scopeGroupId);
@ -252,7 +254,7 @@ public class PortalContext {
*/
public String getCurrentGroupName(HttpServletRequest httpServletRequest) {
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
if (groupIdNo != null) {
if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
long groupId = -1;
try {
groupId = Long.parseLong(groupIdNo);
@ -285,7 +287,7 @@ public class PortalContext {
*/
public long getCurrentGroupId(HttpServletRequest httpServletRequest) {
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
if (groupIdNo != null) {
if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
long groupId = -1;
try {
groupId = Long.parseLong(groupIdNo);
@ -324,7 +326,7 @@ public class PortalContext {
}
else {
String toReturn = readTokenPropertyFile();
_log.debug("getCurrentToken devMode into IDE detected, returning scope: " + toReturn.toString());
_log.debug("getCurrentToken devMode into IDE detected, returning token: " + toReturn.toString());
_log.debug("The PortalBeanLocatorUtil stacktrace (java.lang.Exception) is acceptable in dev");
return toReturn;
}
@ -376,7 +378,7 @@ public class PortalContext {
public String getCurrentUserToken(HttpServletRequest httpServletRequest) {
String groupIdNo = httpServletRequest.getHeader(VRE_ID_ATTR_NAME);
String userToken = null;
if (groupIdNo != null) {
if (groupIdNo != null && groupIdNo.matches(REGEX_ISNUMBER)) {
String scope = getCurrentScope(httpServletRequest);
String username = getCurrentUser(httpServletRequest).getUsername();
try {