changeset 4424:6ef48927df38

Remove authentication from MapPrintServiceImpl. Printing maps was broken because the called service required user authentication. The /flys/mapfish-print/print.pdf URI is now whitelisted in GGInAFilter. TODO: Support user authentication in MapPrintServiceImpl.
author Christian Lins <christian.lins@intevation.de>
date Tue, 06 Nov 2012 14:50:26 +0100 (2012-11-06)
parents 687b7a6f09aa
children 6e01499bfbdf
files flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java
diffstat 2 files changed, 39 insertions(+), 45 deletions(-) [+]
line wrap: on
line diff
--- a/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java	Tue Nov 06 13:39:00 2012 +0100
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/MapPrintServiceImpl.java	Tue Nov 06 14:50:26 2012 +0100
@@ -1,22 +1,39 @@
 package de.intevation.flys.client.server;
 
 import de.intevation.artifacts.common.ArtifactNamespaceContext;
-
 import de.intevation.artifacts.common.utils.ClientProtocolUtils;
 import de.intevation.artifacts.common.utils.JSON;
 import de.intevation.artifacts.common.utils.StringUtils;
 import de.intevation.artifacts.common.utils.XMLUtils;
-
 import de.intevation.artifacts.httpclient.exceptions.ConnectionException;
-
 import de.intevation.artifacts.httpclient.http.HttpClient;
 import de.intevation.artifacts.httpclient.http.HttpClientImpl;
-
 import de.intevation.artifacts.httpclient.http.response.DocumentResponseHandler;
+import de.intevation.flys.client.shared.MapUtils;
+import de.intevation.flys.client.shared.model.MapConfig;
 
-import de.intevation.flys.client.shared.model.MapConfig;
-import de.intevation.flys.client.shared.MapUtils;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 /*
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -24,31 +41,6 @@
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 */
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-
-import java.net.URLEncoder;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
-
-import org.apache.commons.httpclient.methods.GetMethod;
-
-import org.apache.log4j.Logger;
-
 /* Used by direct API call. -> Enforce GPLv3
 import org.mapfish.print.MapPrinter;
 import org.mapfish.print.output.OutputFactory;
@@ -57,10 +49,6 @@
 import org.mapfish.print.utils.PJsonObject;
 */
 
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
 public class MapPrintServiceImpl
 extends      HttpServlet
 {
@@ -371,6 +359,9 @@
             new org.apache.commons.httpclient.HttpClient(
                 new MultiThreadedHttpConnectionManager());
 
+        // FIXME: The request is not authenticated.
+        //        Currently this is not a problem because /flys/map-print
+        //        is whitelisted in GGInAFilter.
         GetMethod get = new GetMethod(url);
         int result = client.executeMethod(get);
         InputStream in = get.getResponseBodyAsStream();
--- a/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java	Tue Nov 06 13:39:00 2012 +0100
+++ b/flys-client/src/main/java/de/intevation/flys/client/server/filter/GGInAFilter.java	Tue Nov 06 14:50:26 2012 +0100
@@ -1,5 +1,11 @@
 package de.intevation.flys.client.server.filter;
 
+import de.intevation.flys.client.server.auth.Authentication;
+import de.intevation.flys.client.server.auth.AuthenticationException;
+import de.intevation.flys.client.server.auth.AuthenticationFactory;
+import de.intevation.flys.client.server.auth.User;
+import de.intevation.flys.client.server.features.Features;
+
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -10,19 +16,12 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 
-import de.intevation.flys.client.server.auth.Authentication;
-import de.intevation.flys.client.server.auth.AuthenticationException;
-import de.intevation.flys.client.server.auth.AuthenticationFactory;
-import de.intevation.flys.client.server.auth.User;
-import de.intevation.flys.client.server.features.Features;
-
 
 /** ServletFilter used for GGInA authentification and certain authorisation. */
 public class GGInAFilter implements Filter {
@@ -38,6 +37,8 @@
     public static final String LOGIN_JSP     = "/login.jsp";
     public static final String LOGIN_SERVLET = "/flys/login";
     public static final String FLYS_CSS      = "/FLYS.css";
+    public static final String MAP_PRINT     = "/flys/map-print";
+    public static final String MAPFISH_PRINT = "/flys/mapfish-print/print.pdf";
 
 
     /**
@@ -89,9 +90,11 @@
         // Allow access to login pages
         // TODO Maybe replace with Filter <url-pattern>
         String path = this.sc.getContextPath();
-        if (requesturi.equals(path + "/login.jsp") ||
-                requesturi.equals(path + "/flys/login")
-                || requesturi.equals(path + "/FLYS.css")) {
+        if (requesturi.equals(path + LOGIN_JSP)
+                || requesturi.equals(path + LOGIN_SERVLET)
+                || requesturi.equals(path + FLYS_CSS)
+                || requesturi.equals(path + MAP_PRINT)
+                || requesturi.equals(path + MAPFISH_PRINT)) {
             logger.debug("Request for login " + requesturi);
             chain.doFilter(req, resp);
             return;

http://dive4elements.wald.intevation.org