Mercurial > dive4elements > river
changeset 4424:6ef48927df38
Remove authentication from MapPrintServiceImpl.
Printing maps was broken because the called service
required user authentication. The /flys/mapfish-print/print.pdf URI
is now whitelisted in GGInAFilter.
TODO: Support user authentication in MapPrintServiceImpl.
author | Christian Lins <christian.lins@intevation.de> |
---|---|
date | Tue, 06 Nov 2012 14:50:26 +0100 |
parents | 687b7a6f09aa |
children | 6e01499bfbdf |
files | flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java |
diffstat | 2 files changed, 39 insertions(+), 45 deletions(-) [+] |
line wrap: on
line diff
--- a/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java Tue Nov 06 13:39:00 2012 +0100 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java Tue Nov 06 14:50:26 2012 +0100 @@ -1,22 +1,39 @@ package de.intevation.flys.client.server; import de.intevation.artifacts.common.ArtifactNamespaceContext; - import de.intevation.artifacts.common.utils.ClientProtocolUtils; import de.intevation.artifacts.common.utils.JSON; import de.intevation.artifacts.common.utils.StringUtils; import de.intevation.artifacts.common.utils.XMLUtils; - import de.intevation.artifacts.httpclient.exceptions.ConnectionException; - import de.intevation.artifacts.httpclient.http.HttpClient; import de.intevation.artifacts.httpclient.http.HttpClientImpl; - import de.intevation.artifacts.httpclient.http.response.DocumentResponseHandler; +import de.intevation.flys.client.shared.MapUtils; +import de.intevation.flys.client.shared.model.MapConfig; -import de.intevation.flys.client.shared.model.MapConfig; -import de.intevation.flys.client.shared.MapUtils; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; +import org.apache.commons.httpclient.methods.GetMethod; +import org.apache.log4j.Logger; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; /* import java.io.BufferedInputStream; import java.io.BufferedOutputStream; @@ -24,31 +41,6 @@ import java.io.FileInputStream; import java.io.FileOutputStream; */ -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.UnsupportedEncodingException; - -import java.net.URLEncoder; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.ServletException; - -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; - -import org.apache.commons.httpclient.methods.GetMethod; - -import org.apache.log4j.Logger; - /* Used by direct API call. -> Enforce GPLv3 import org.mapfish.print.MapPrinter; import org.mapfish.print.output.OutputFactory; @@ -57,10 +49,6 @@ import org.mapfish.print.utils.PJsonObject; */ -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - public class MapPrintServiceImpl extends HttpServlet { @@ -371,6 +359,9 @@ new org.apache.commons.httpclient.HttpClient( new MultiThreadedHttpConnectionManager()); + // FIXME: The request is not authenticated. + // Currently this is not a problem because /flys/map-print + // is whitelisted in GGInAFilter. GetMethod get = new GetMethod(url); int result = client.executeMethod(get); InputStream in = get.getResponseBodyAsStream();
--- a/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java Tue Nov 06 13:39:00 2012 +0100 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java Tue Nov 06 14:50:26 2012 +0100 @@ -1,5 +1,11 @@ package de.intevation.flys.client.server.filter; +import de.intevation.flys.client.server.auth.Authentication; +import de.intevation.flys.client.server.auth.AuthenticationException; +import de.intevation.flys.client.server.auth.AuthenticationFactory; +import de.intevation.flys.client.server.auth.User; +import de.intevation.flys.client.server.features.Features; + import java.io.IOException; import java.util.Enumeration; @@ -10,19 +16,12 @@ import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; -import de.intevation.flys.client.server.auth.Authentication; -import de.intevation.flys.client.server.auth.AuthenticationException; -import de.intevation.flys.client.server.auth.AuthenticationFactory; -import de.intevation.flys.client.server.auth.User; -import de.intevation.flys.client.server.features.Features; - /** ServletFilter used for GGInA authentification and certain authorisation. */ public class GGInAFilter implements Filter { @@ -38,6 +37,8 @@ public static final String LOGIN_JSP = "/login.jsp"; public static final String LOGIN_SERVLET = "/flys/login"; public static final String FLYS_CSS = "/FLYS.css"; + public static final String MAP_PRINT = "/flys/map-print"; + public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf"; /** @@ -89,9 +90,11 @@ // Allow access to login pages // TODO Maybe replace with Filter <url-pattern> String path = this.sc.getContextPath(); - if (requesturi.equals(path + "/login.jsp") || - requesturi.equals(path + "/flys/login") - || requesturi.equals(path + "/FLYS.css")) { + if (requesturi.equals(path + LOGIN_JSP) + || requesturi.equals(path + LOGIN_SERVLET) + || requesturi.equals(path + FLYS_CSS) + || requesturi.equals(path + MAP_PRINT) + || requesturi.equals(path + MAPFISH_PRINT)) { logger.debug("Request for login " + requesturi); chain.doFilter(req, resp); return;