# HG changeset patch # User Sascha L. Teichmann # Date 1378743767 -7200 # Node ID 3bff11208d3d00203f0a8c47fe5dda161eb9116b # Parent e1010a0f0b05c06237c971fd12ffcc64e0399f9e Fix for Browser and server running both on localhost. Previously all requests from localhost where accepted w/o auth. Now they are only accepted when a HTTP header X_NO_GGINA_AUTH=TRUE is send, too. This is ddone when printing maps. diff -r e1010a0f0b05 -r 3bff11208d3d gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java --- a/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java Fri Sep 06 15:48:46 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java Mon Sep 09 18:22:47 2013 +0200 @@ -427,6 +427,7 @@ // Currently this is not a problem because /flys/map-print // is whitelisted in GGInAFilter. GetMethod get = new GetMethod(url); + get.addRequestHeader("X_NO_GGINA_AUTH", "TRUE"); int result = client.executeMethod(get); InputStream in = get.getResponseBodyAsStream(); diff -r e1010a0f0b05 -r 3bff11208d3d gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java --- a/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java Fri Sep 06 15:48:46 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java Mon Sep 09 18:22:47 2013 +0200 @@ -100,9 +100,12 @@ // Allow access to localhost if (isLocalAddress(req)) { - logger.debug("Request to localhost"); - chain.doFilter(req, resp); - return; + String noAuth = sreq.getHeader("X_NO_GGINA_AUTH"); + if (noAuth != null && noAuth.equals("TRUE")) { + logger.debug("Request to localhost"); + chain.doFilter(req, resp); + return; + } } // Allow access to login pages