changeset 6978:3bff11208d3d

Fix for Browser and server running both on localhost. Previously all requests from localhost where accepted w/o auth. Now they are only accepted when a HTTP header X_NO_GGINA_AUTH=TRUE is send, too. This is ddone when printing maps.
author Sascha L. Teichmann <teichmann@intevation.de>
date Mon, 09 Sep 2013 18:22:47 +0200
parents e1010a0f0b05
children 4caa92a5be96
files gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java
diffstat 2 files changed, 7 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java	Fri Sep 06 15:48:46 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/MapPrintServiceImpl.java	Mon Sep 09 18:22:47 2013 +0200
@@ -427,6 +427,7 @@
         //        Currently this is not a problem because /flys/map-print
         //        is whitelisted in GGInAFilter.
         GetMethod get = new GetMethod(url);
+        get.addRequestHeader("X_NO_GGINA_AUTH", "TRUE");
         int result = client.executeMethod(get);
         InputStream in = get.getResponseBodyAsStream();
 
--- a/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java	Fri Sep 06 15:48:46 2013 +0200
+++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/filter/GGInAFilter.java	Mon Sep 09 18:22:47 2013 +0200
@@ -100,9 +100,12 @@
 
         // Allow access to localhost
         if (isLocalAddress(req)) {
-            logger.debug("Request to localhost");
-            chain.doFilter(req, resp);
-            return;
+            String noAuth = sreq.getHeader("X_NO_GGINA_AUTH");
+            if (noAuth != null && noAuth.equals("TRUE")) {
+                logger.debug("Request to localhost");
+                chain.doFilter(req, resp);
+                return;
+            }
         }
 
         // Allow access to login pages

http://dive4elements.wald.intevation.org