formatting

Signed-off-by: olivier lamy <olamy@apache.org>
2017-05-08 21:18:13 +10:00 · 2017-05-08 21:18:13 +10:00 · 396694765f
parent 69c41ad38b
commit 396694765f
1 changed files with 321 additions and 188 deletions
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
@ -53,39 +53,51 @@ import java.util.List;
 /**
 * Created by Martin Stockhammer on 19.01.17.
- *
+ * <p>
 * This interceptor tries to check if requests come from a valid origin and
 * are not generated by another site on behalf of the real client.
- *
+ * <p>
 * We are using some of the techniques mentioned in
 * https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
- *
+ * <p>
 * Try to find Origin and Referer of the request.
 * Match them to the target address, that may be either statically configured or is determined
 * by the Host/X-Forwarded-For Header.
 *
 *
 */
@Provider
@Service( "requestValidationInterceptor#rest" )
-public class RequestValidationInterceptor extends AbstractInterceptor implements ContainerRequestFilter {
+public class RequestValidationInterceptor
    extends AbstractInterceptor
    implements ContainerRequestFilter
 {
    private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
    private static final String X_FORWARDED_HOST = "X-Forwarded-Host";
    private static final String X_XSRF_TOKEN = "X-XSRF-TOKEN";
    private static final String ORIGIN = "Origin";
    private static final String REFERER = "Referer";
    private static final int DEFAULT_HTTP = 80;
    private static final int DEFAULT_HTTPS = 443;
    private final Logger log = LoggerFactory.getLogger( getClass() );
    private boolean enabled = true;
    private boolean checkToken = true;
    private boolean useStaticUrl = false;
    private boolean denyAbsentHeaders = true;
    private List<URL> baseUrl = new ArrayList<URL>();
    private HttpServletRequest httpRequest = null;
    @Inject
@ -93,258 +105,337 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
    private HttpBasicAuthentication httpAuthenticator;
    @Inject
-    @Named( value = "tokenManager#default")
+    @Named( value = "tokenManager#default" )
    TokenManager tokenManager;
    private UserConfiguration config;
-    private class HeaderValidationInfo {
+    private class HeaderValidationInfo
    {
        final static int UNKNOWN = -1;
        final static int OK = 0;
        final static int F_REFERER_HOST = 1;
        final static int F_REFERER_PORT = 2;
        final static int F_ORIGIN_HOST = 8;
        final static int F_ORIGIN_PORT = 16;
        final static int F_ORIGIN_PROTOCOL = 32;
        boolean headerFound = false;
        URL targetUrl;
        URL originUrl;
        URL refererUrl;
        String targetHost;
        String originHost;
        String refererHost;
        int targetPort;
        int originPort;
        int refererPort;
        int status = UNKNOWN;
-        public HeaderValidationInfo(URL targetUrl) {
+        public HeaderValidationInfo( URL targetUrl )
-            setTargetUrl(targetUrl);
+        {
            setTargetUrl( targetUrl );
        }
-        public URL getTargetUrl() {
+        public URL getTargetUrl()
        {
            return targetUrl;
        }
-        public void setTargetUrl(URL targetUrl) {
+        public void setTargetUrl( URL targetUrl )
        {
            this.targetUrl = targetUrl;
-            this.targetHost=getHost(targetUrl);
+            this.targetHost = getHost( targetUrl );
-            this.targetPort=getPort(targetUrl);
+            this.targetPort = getPort( targetUrl );
        }
-        public URL getOriginUrl() {
+        public URL getOriginUrl()
        {
            return originUrl;
        }
-        public void setOriginUrl(URL originUrl) {
+        public void setOriginUrl( URL originUrl )
-            this.originUrl=originUrl;
+        {
-            this.originHost=getHost(originUrl);
+            this.originUrl = originUrl;
-            this.originPort=getPort(originUrl);
+            this.originHost = getHost( originUrl );
            this.originPort = getPort( originUrl );
            checkOrigin();
-            this.headerFound=true;
+            this.headerFound = true;
        }
-        public URL getRefererUrl() {
+        public URL getRefererUrl()
        {
            return refererUrl;
        }
-        public void setRefererUrl(URL refererUrl) {
+        public void setRefererUrl( URL refererUrl )
-            this.refererUrl=refererUrl;
+        {
-            this.refererHost=getHost(refererUrl);
+            this.refererUrl = refererUrl;
-            this.refererPort=getPort(refererUrl);
+            this.refererHost = getHost( refererUrl );
            this.refererPort = getPort( refererUrl );
            checkReferer();
-            this.headerFound=true;
+            this.headerFound = true;
        }
-        public String getTargetHost() {
+        public String getTargetHost()
        {
            return targetHost;
        }
-        public void setTargetHost(String targetHost) {
+        public void setTargetHost( String targetHost )
        {
            this.targetHost = targetHost;
        }
-        public String getOriginHost() {
+        public String getOriginHost()
        {
            return originHost;
        }
-        public void setOriginHost(String originHost) {
+        public void setOriginHost( String originHost )
        {
            this.originHost = originHost;
        }
-        public String getRefererHost() {
+        public String getRefererHost()
        {
            return refererHost;
        }
-        public void setRefererHost(String refererHost) {
+        public void setRefererHost( String refererHost )
        {
            this.refererHost = refererHost;
        }
-        public int getTargetPort() {
+        public int getTargetPort()
        {
            return targetPort;
        }
-        public void setTargetPort(int targetPort) {
+        public void setTargetPort( int targetPort )
        {
            this.targetPort = targetPort;
        }
-        public int getOriginPort() {
+        public int getOriginPort()
        {
            return originPort;
        }
-        public void setOriginPort(int originPort) {
+        public void setOriginPort( int originPort )
        {
            this.originPort = originPort;
        }
-        public int getRefererPort() {
+        public int getRefererPort()
        {
            return refererPort;
        }
-        public void setRefererPort(int refererPort) {
+        public void setRefererPort( int refererPort )
        {
            this.refererPort = refererPort;
        }
-        public void setStatus(int status) {
+        public void setStatus( int status )
        {
            this.status |= status;
        }
-        public int getStatus() {
+        public int getStatus()
        {
            return this.status;
        }
        // Origin check for Protocol, Host, Port
-        public void checkOrigin() {
+        public void checkOrigin()
-            if (this.getStatus()==UNKNOWN) {
+        {
-                this.status=OK;
+            if ( this.getStatus() == UNKNOWN )
            {
                this.status = OK;
            }
-            if (!targetUrl.getProtocol().equals(originUrl.getProtocol())) {
+            if ( !targetUrl.getProtocol().equals( originUrl.getProtocol() ) )
-                setStatus(F_ORIGIN_PROTOCOL);
+            {
                setStatus( F_ORIGIN_PROTOCOL );
            }
-            if (!targetHost.equals(originHost)) {
+            if ( !targetHost.equals( originHost ) )
-                setStatus(F_ORIGIN_HOST);
+            {
                setStatus( F_ORIGIN_HOST );
            }
-            if (targetPort!=originPort) {
+            if ( targetPort != originPort )
-                setStatus(F_ORIGIN_PORT);
+            {
                setStatus( F_ORIGIN_PORT );
            }
        }
        // Referer check only for Host, Port
-        public void checkReferer() {
+        public void checkReferer()
-            if (this.getStatus()==UNKNOWN) {
+        {
-                this.status=OK;
+            if ( this.getStatus() == UNKNOWN )
            {
                this.status = OK;
            }
-            if (!targetHost.equals(refererHost)) {
+            if ( !targetHost.equals( refererHost ) )
-                setStatus(F_REFERER_HOST);
+            {
                setStatus( F_REFERER_HOST );
            }
-            if (targetPort!=refererPort) {
+            if ( targetPort != refererPort )
-                setStatus(F_REFERER_PORT);
+            {
                setStatus( F_REFERER_PORT );
            }
        }
-        public boolean hasOriginError() {
+        public boolean hasOriginError()
-            return (status & (F_ORIGIN_PROTOCOL | F_ORIGIN_HOST | F_ORIGIN_PORT)) > 0;
+        {
            return ( status & ( F_ORIGIN_PROTOCOL | F_ORIGIN_HOST | F_ORIGIN_PORT ) ) > 0;
        }
-        public boolean hasRefererError() {
+        public boolean hasRefererError()
-            return (status & (F_REFERER_HOST | F_REFERER_PORT )) > 0;
+        {
            return ( status & ( F_REFERER_HOST | F_REFERER_PORT ) ) > 0;
        }
        @Override
-        public String toString() {
+        public String toString()
-            return "Stat="+status+", target="+targetUrl+", origin="+originUrl+", referer="+refererUrl;
+        {
            return "Stat=" + status + ", target=" + targetUrl + ", origin=" + originUrl + ", referer=" + refererUrl;
        }
    }
    @Inject
-    public RequestValidationInterceptor(
+    public RequestValidationInterceptor( @Named( value = "userConfiguration#default" ) UserConfiguration config )
-            @Named(value = "userConfiguration#default") UserConfiguration config) {
+    {
        this.config = config;
    }
    @PostConstruct
-    public void init() {
+    public void init()
-        List<String> baseUrlList = config.getList(UserConfigurationKeys.REST_BASE_URL);
+    {
-        if (baseUrlList!=null) {
+        List<String> baseUrlList = config.getList( UserConfigurationKeys.REST_BASE_URL );
-            for (String baseUrlStr : baseUrlList) {
+        if ( baseUrlList != null )
-                if (!"".equals(baseUrlStr.trim())) {
+        {
-                    try {
+            for ( String baseUrlStr : baseUrlList )
-                        baseUrl.add(new URL(baseUrlStr));
+            {
                if ( !"".equals( baseUrlStr.trim() ) )
                {
                    try
                    {
                        baseUrl.add( new URL( baseUrlStr ) );
                        useStaticUrl = true;
-                    } catch (MalformedURLException ex) {
+                    }
-                        log.error("Configured baseUrl (rest.baseUrl={}) is invalid. Message: {}", baseUrlStr, ex.getMessage());
+                    catch ( MalformedURLException ex )
                    {
                        log.error( "Configured baseUrl (rest.baseUrl={}) is invalid. Message: {}", baseUrlStr,
                                   ex.getMessage() );
                    }
                }
            }
        }
-        denyAbsentHeaders = config.getBoolean(UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY,true);
+        denyAbsentHeaders = config.getBoolean( UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY, true );
-        enabled = config.getBoolean(UserConfigurationKeys.REST_CSRF_ENABLED,true);
+        enabled = config.getBoolean( UserConfigurationKeys.REST_CSRF_ENABLED, true );
-        if (!enabled) {
+        if ( !enabled )
-            log.info("CSRF Filter is disabled by configuration");
+        {
-        } else {
+            log.info( "CSRF Filter is disabled by configuration" );
            log.info("CSRF Filter is enable");
        }
-        checkToken = !config.getBoolean(UserConfigurationKeys.REST_CSRF_DISABLE_TOKEN_VALIDATION, false);
+        else
-        if (!checkToken) {
+        {
-            log.info("CSRF Token validation is disabled by configuration");
+            log.info( "CSRF Filter is enable" );
-        } else {
+        }
-            log.info("CSRF Token validation is enable");
+        checkToken = !config.getBoolean( UserConfigurationKeys.REST_CSRF_DISABLE_TOKEN_VALIDATION, false );
        if ( !checkToken )
        {
            log.info( "CSRF Token validation is disabled by configuration" );
        }
        else
        {
            log.info( "CSRF Token validation is enable" );
        }
    }
    @Override
-    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
+    public void filter( ContainerRequestContext containerRequestContext )
-        if (enabled) {
+        throws IOException
    {
        if ( enabled )
        {
            HttpServletRequest request = getRequest();
-            List<URL> targetUrls = getTargetUrl(request);
+            List<URL> targetUrls = getTargetUrl( request );
-            if (targetUrls == null) {
+            if ( targetUrls == null )
-                log.error("Could not verify target URL.");
+            {
-                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                log.error( "Could not verify target URL." );
                containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                return;
            }
            List<HeaderValidationInfo> validationInfos = new ArrayList<HeaderValidationInfo>();
-            boolean targetMatch=false;
+            boolean targetMatch = false;
            boolean noHeader = true;
-            for(URL targetUrl : targetUrls) {
+            for ( URL targetUrl : targetUrls )
-                log.trace("Checking against target URL: {}", targetUrl);
+            {
-                HeaderValidationInfo info = checkSourceRequestHeader(new HeaderValidationInfo(targetUrl), request);
+                log.trace( "Checking against target URL: {}", targetUrl );
                HeaderValidationInfo info = checkSourceRequestHeader( new HeaderValidationInfo( targetUrl ), request );
                // We need only one match
-                noHeader = noHeader && info.getStatus()==info.UNKNOWN;
+                noHeader = noHeader && info.getStatus() == info.UNKNOWN;
-                if (info.getStatus()==info.OK) {
+                if ( info.getStatus() == info.OK )
-                    targetMatch=true;
+                {
                    targetMatch = true;
                    break;
-                } else {
+                }
-                    validationInfos.add(info);
+                else
                {
                    validationInfos.add( info );
                }
            }
-            if (noHeader && denyAbsentHeaders) {
+            if ( noHeader && denyAbsentHeaders )
-                log.warn("Request denied. No Origin or Referer header found and {}=true", UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY);
+            {
-                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                log.warn( "Request denied. No Origin or Referer header found and {}=true",
                          UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY );
                containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                return;
            }
-            if (!targetMatch) {
+            if ( !targetMatch )
-                log.warn("HTTP Header check failed. Assuming CSRF attack.");
+            {
-                for(HeaderValidationInfo info : validationInfos) {
+                log.warn( "HTTP Header check failed. Assuming CSRF attack." );
-                    if (info.hasOriginError()) {
+                for ( HeaderValidationInfo info : validationInfos )
-                        log.warn("Origin Header does not match: originUrl={}, targetUrl={}. Matches: Host={}, Port={}, Protocol={}",
+                {
-                                info.originUrl, info.targetUrl, (info.getStatus()&info.F_ORIGIN_HOST)==0,
+                    if ( info.hasOriginError() )
-                                (info.getStatus()&info.F_ORIGIN_PORT)==0, (info.getStatus()&info.F_ORIGIN_PROTOCOL)==0);
+                    {
                        log.warn(
                            "Origin Header does not match: originUrl={}, targetUrl={}. Matches: Host={}, Port={}, Protocol={}",
                            info.originUrl, info.targetUrl, ( info.getStatus() & info.F_ORIGIN_HOST ) == 0,
                            ( info.getStatus() & info.F_ORIGIN_PORT ) == 0,
                            ( info.getStatus() & info.F_ORIGIN_PROTOCOL ) == 0 );
                    }
-                    if (info.hasRefererError()) {
+                    if ( info.hasRefererError() )
-                        log.warn("Referer Header does not match: refererUrl={}, targetUrl={}. Matches: Host={}, Port={}",
+                    {
-                                info.refererUrl, info.targetUrl, (info.getStatus()&info.F_REFERER_HOST)==0,
+                        log.warn(
-                                (info.getStatus()&info.F_REFERER_PORT)==0);
+                            "Referer Header does not match: refererUrl={}, targetUrl={}. Matches: Host={}, Port={}",
                            info.refererUrl, info.targetUrl, ( info.getStatus() & info.F_REFERER_HOST ) == 0,
                            ( info.getStatus() & info.F_REFERER_PORT ) == 0 );
                    }
                }
-                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                return;
            }
-            if (checkToken) {
+            if ( checkToken )
-                checkValidationToken(containerRequestContext, request);
+            {
                checkValidationToken( containerRequestContext, request );
            }
        }
    }
@ -356,89 +447,118 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
     * @param containerRequestContext
     * @param request
     */
-    private void checkValidationToken(ContainerRequestContext containerRequestContext, HttpServletRequest request) {
+    private void checkValidationToken( ContainerRequestContext containerRequestContext, HttpServletRequest request )
    {
        Message message = JAXRSUtils.getCurrentMessage();
-        RedbackAuthorization redbackAuthorization = getRedbackAuthorization(message);
+        RedbackAuthorization redbackAuthorization = getRedbackAuthorization( message );
        // We check only services that are restricted
-        if (!redbackAuthorization.noRestriction()) {
+        if ( !redbackAuthorization.noRestriction() )
-            String tokenString = request.getHeader(X_XSRF_TOKEN);
+        {
-            if (tokenString==null || tokenString.length()==0) {
+            String tokenString = request.getHeader( X_XSRF_TOKEN );
-                log.warn("No validation token header found: {}",X_XSRF_TOKEN);
+            if ( tokenString == null || tokenString.length() == 0 )
-                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+            {
                log.warn( "No validation token header found: {}", X_XSRF_TOKEN );
                containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                return;
            }
-            try {
+            try
-                TokenData td = tokenManager.decryptToken(tokenString);
+            {
-                AuthenticationResult auth = getAuthenticationResult(message, request);
+                TokenData td = tokenManager.decryptToken( tokenString );
-                if (auth==null) {
+                AuthenticationResult auth = getAuthenticationResult( message, request );
-                    log.error("Not authentication data found");
+                if ( auth == null )
-                    containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                {
                    log.error( "Not authentication data found" );
                    containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                    return;
                }
                User loggedIn = auth.getUser();
-                if (loggedIn==null) {
+                if ( loggedIn == null )
-                    log.error("User not logged in");
+                {
-                    containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                    log.error( "User not logged in" );
                    containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
                    return;
                }
                String username = loggedIn.getUsername();
-                if (!td.isValid() || !td.getUser().equals(username)) {
+                if ( !td.isValid() || !td.getUser().equals( username ) )
-                    log.error("Invalid data in validation token header {} for user {}: isValid={}, username={}",
+                {
-                            X_XSRF_TOKEN, username, td.isValid(), td.getUser());
+                    log.error( "Invalid data in validation token header {} for user {}: isValid={}, username={}",
-                    containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+                               X_XSRF_TOKEN, username, td.isValid(), td.getUser() );
-                }
+                    containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
            } catch (InvalidTokenException e) {
                log.error("Token validation failed {}", e.getMessage());
                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
                }
            }
-        log.debug("Token validated");
+            catch ( InvalidTokenException e )
            {
                log.error( "Token validation failed {}", e.getMessage() );
                containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
            }
        }
        log.debug( "Token validated" );
    }
-    private HttpServletRequest getRequest() {
+    private HttpServletRequest getRequest()
-        if (httpRequest!=null) {
+    {
        if ( httpRequest != null )
        {
            return httpRequest;
-        }  else {
+        }
        else
        {
            Message message = JAXRSUtils.getCurrentMessage();
-            return getHttpServletRequest(message);
+            return getHttpServletRequest( message );
        }
    }
-    private List<URL> getTargetUrl(HttpServletRequest request) {
+    private List<URL> getTargetUrl( HttpServletRequest request )
-        if (useStaticUrl) {
+    {
        if ( useStaticUrl )
        {
            return baseUrl;
-        } else {
+        }
        else
        {
            List<URL> urls = new ArrayList<URL>();
            URL requestUrl;
-            try {
+            try
-                requestUrl = new URL(request.getRequestURL().toString());
+            {
-                urls.add(requestUrl);
+                requestUrl = new URL( request.getRequestURL().toString() );
-            } catch (MalformedURLException ex) {
+                urls.add( requestUrl );
-                log.error("Bad Request URL {}, Message: {}", request.getRequestURL(), ex.getMessage());
+            }
            catch ( MalformedURLException ex )
            {
                log.error( "Bad Request URL {}, Message: {}", request.getRequestURL(), ex.getMessage() );
                return null;
            }
-            String xforwarded = request.getHeader(X_FORWARDED_HOST);
+            String xforwarded = request.getHeader( X_FORWARDED_HOST );
-            String xforwardedProto = request.getHeader(X_FORWARDED_PROTO);
+            String xforwardedProto = request.getHeader( X_FORWARDED_PROTO );
-            if (xforwardedProto==null) {
+            if ( xforwardedProto == null )
-                xforwardedProto=requestUrl.getProtocol();
+            {
                xforwardedProto = requestUrl.getProtocol();
            }
-            if (xforwarded!=null) {
+            if ( xforwarded != null )
-                try {
+            {
-                    urls.add(new URL(xforwardedProto+"://"+xforwarded));
+                try
-                } catch (MalformedURLException ex) {
+                {
-                    log.warn("X-Forwarded-Host Header is malformed: {}", ex.getMessage());
+                    urls.add( new URL( xforwardedProto + "://" + xforwarded ) );
                }
                catch ( MalformedURLException ex )
                {
                    log.warn( "X-Forwarded-Host Header is malformed: {}", ex.getMessage() );
                }
            }
            return urls;
        }
    }
-    private int getPort(final URL url) {
+    private int getPort( final URL url )
-        return url.getPort() > 0 ? url.getPort() : ("https".equals(url.getProtocol()) ? DEFAULT_HTTPS : DEFAULT_HTTP);
+    {
        return url.getPort() > 0
            ? url.getPort()
            : ( "https".equals( url.getProtocol() ) ? DEFAULT_HTTPS : DEFAULT_HTTP );
    }
-    private String getHost(final URL url) {
+    private String getHost( final URL url )
    {
        return url.getHost().trim().toLowerCase();
    }
@ -450,37 +570,50 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
     * @param request The HTTP request object
     * @return A info object with updated status information
     */
-    private HeaderValidationInfo checkSourceRequestHeader(final HeaderValidationInfo info, final HttpServletRequest request) {
+    private HeaderValidationInfo checkSourceRequestHeader( final HeaderValidationInfo info,
-        String origin = request.getHeader(ORIGIN);
+                                                           final HttpServletRequest request )
-        if (origin!=null) {
+    {
-            try {
+        String origin = request.getHeader( ORIGIN );
-                info.setOriginUrl(new URL(origin));
+        if ( origin != null )
-            } catch (MalformedURLException e) {
+        {
-                log.warn("Bad origin header found: {}", origin);
+            try
            {
                info.setOriginUrl( new URL( origin ) );
            }
            catch ( MalformedURLException e )
            {
                log.warn( "Bad origin header found: {}", origin );
            }
        }
        // Check referer if Origin header dos not match or is not available
-        if (info.getStatus()!=info.OK) {
+        if ( info.getStatus() != info.OK )
-            String referer = request.getHeader(REFERER);
+        {
-            if (referer != null) {
+            String referer = request.getHeader( REFERER );
-                try {
+            if ( referer != null )
-                    info.setRefererUrl(new URL(referer));
+            {
-                } catch (MalformedURLException ex) {
+                try
-                    log.warn("Bad URL in Referer HTTP-Header: {}, Message: {}", referer, ex.getMessage());
+                {
                    info.setRefererUrl( new URL( referer ) );
                }
                catch ( MalformedURLException ex )
                {
                    log.warn( "Bad URL in Referer HTTP-Header: {}, Message: {}", referer, ex.getMessage() );
                }
            }
        }
        return info;
    }
-    public void setHttpRequest(HttpServletRequest request) {
+    public void setHttpRequest( HttpServletRequest request )
    {
        this.httpRequest = request;
    }
-    private AuthenticationResult getAuthenticationResult(Message message, HttpServletRequest request) {
+    private AuthenticationResult getAuthenticationResult( Message message, HttpServletRequest request )
-        AuthenticationResult authenticationResult = message.get(AuthenticationResult.class);
+    {
        AuthenticationResult authenticationResult = message.get( AuthenticationResult.class );
-        log.debug("authenticationResult from message: {}", authenticationResult);
+        log.debug( "authenticationResult from message: {}", authenticationResult );
        if ( authenticationResult == null )
        {
            try