Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

formatting 

Signed-off-by: olivier lamy <olamy@apache.org>
This commit is contained in:
olivier lamy 2017-05-08 21:18:13 +10:00
parent 69c41ad38b
commit 396694765f
1 changed files with 321 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

501
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/RequestValidationInterceptor.java
View File

@ -53,39 +53,51 @@ import java.util.List;
/** /**
* Created by Martin Stockhammer on 19.01.17. * Created by Martin Stockhammer on 19.01.17.
* * <p>
* This interceptor tries to check if requests come from a valid origin and * This interceptor tries to check if requests come from a valid origin and
* are not generated by another site on behalf of the real client. * are not generated by another site on behalf of the real client.
* * <p>
* We are using some of the techniques mentioned in * We are using some of the techniques mentioned in
* https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet * https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
* * <p>
* Try to find Origin and Referer of the request. * Try to find Origin and Referer of the request.
* Match them to the target address, that may be either statically configured or is determined * Match them to the target address, that may be either statically configured or is determined
* by the Host/X-Forwarded-For Header. * by the Host/X-Forwarded-For Header.
*
*
*/ */
@Provider @Provider
@Service( "requestValidationInterceptor#rest" ) @Service( "requestValidationInterceptor#rest" )
public class RequestValidationInterceptor extends AbstractInterceptor implements ContainerRequestFilter { public class RequestValidationInterceptor
extends AbstractInterceptor
implements ContainerRequestFilter
{
private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; private static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
private static final String X_FORWARDED_HOST = "X-Forwarded-Host"; private static final String X_FORWARDED_HOST = "X-Forwarded-Host";
private static final String X_XSRF_TOKEN = "X-XSRF-TOKEN"; private static final String X_XSRF_TOKEN = "X-XSRF-TOKEN";
private static final String ORIGIN = "Origin"; private static final String ORIGIN = "Origin";
private static final String REFERER = "Referer"; private static final String REFERER = "Referer";
private static final int DEFAULT_HTTP = 80; private static final int DEFAULT_HTTP = 80;
private static final int DEFAULT_HTTPS = 443; private static final int DEFAULT_HTTPS = 443;
private final Logger log = LoggerFactory.getLogger( getClass() ); private final Logger log = LoggerFactory.getLogger( getClass() );
private boolean enabled = true; private boolean enabled = true;
private boolean checkToken = true; private boolean checkToken = true;
private boolean useStaticUrl = false; private boolean useStaticUrl = false;
private boolean denyAbsentHeaders = true; private boolean denyAbsentHeaders = true;
private List<URL> baseUrl = new ArrayList<URL>(); private List<URL> baseUrl = new ArrayList<URL>();
private HttpServletRequest httpRequest = null; private HttpServletRequest httpRequest = null;
@Inject @Inject
@ -93,258 +105,337 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
private HttpBasicAuthentication httpAuthenticator; private HttpBasicAuthentication httpAuthenticator;
@Inject @Inject
@Named( value = "tokenManager#default") @Named( value = "tokenManager#default" )
TokenManager tokenManager; TokenManager tokenManager;
private UserConfiguration config; private UserConfiguration config;
private class HeaderValidationInfo { private class HeaderValidationInfo
{
final static int UNKNOWN = -1; final static int UNKNOWN = -1;
final static int OK = 0; final static int OK = 0;
final static int F_REFERER_HOST = 1; final static int F_REFERER_HOST = 1;
final static int F_REFERER_PORT = 2; final static int F_REFERER_PORT = 2;
final static int F_ORIGIN_HOST = 8; final static int F_ORIGIN_HOST = 8;
final static int F_ORIGIN_PORT = 16; final static int F_ORIGIN_PORT = 16;
final static int F_ORIGIN_PROTOCOL = 32; final static int F_ORIGIN_PROTOCOL = 32;
boolean headerFound = false; boolean headerFound = false;
URL targetUrl; URL targetUrl;
URL originUrl; URL originUrl;
URL refererUrl; URL refererUrl;
String targetHost; String targetHost;
String originHost; String originHost;
String refererHost; String refererHost;
int targetPort; int targetPort;
int originPort; int originPort;
int refererPort; int refererPort;
int status = UNKNOWN; int status = UNKNOWN;
public HeaderValidationInfo(URL targetUrl) { public HeaderValidationInfo( URL targetUrl )
setTargetUrl(targetUrl); {
setTargetUrl( targetUrl );
} }
public URL getTargetUrl() { public URL getTargetUrl()
{
return targetUrl; return targetUrl;
} }
public void setTargetUrl(URL targetUrl) { public void setTargetUrl( URL targetUrl )
{
this.targetUrl = targetUrl; this.targetUrl = targetUrl;
this.targetHost=getHost(targetUrl); this.targetHost = getHost( targetUrl );
this.targetPort=getPort(targetUrl); this.targetPort = getPort( targetUrl );
} }
public URL getOriginUrl() { public URL getOriginUrl()
{
return originUrl; return originUrl;
} }
public void setOriginUrl(URL originUrl) { public void setOriginUrl( URL originUrl )
this.originUrl=originUrl; {
this.originHost=getHost(originUrl); this.originUrl = originUrl;
this.originPort=getPort(originUrl); this.originHost = getHost( originUrl );
this.originPort = getPort( originUrl );
checkOrigin(); checkOrigin();
this.headerFound=true; this.headerFound = true;
} }
public URL getRefererUrl() { public URL getRefererUrl()
{
return refererUrl; return refererUrl;
} }
public void setRefererUrl(URL refererUrl) { public void setRefererUrl( URL refererUrl )
this.refererUrl=refererUrl; {
this.refererHost=getHost(refererUrl); this.refererUrl = refererUrl;
this.refererPort=getPort(refererUrl); this.refererHost = getHost( refererUrl );
this.refererPort = getPort( refererUrl );
checkReferer(); checkReferer();
this.headerFound=true; this.headerFound = true;
} }
public String getTargetHost() { public String getTargetHost()
{
return targetHost; return targetHost;
} }
public void setTargetHost(String targetHost) { public void setTargetHost( String targetHost )
{
this.targetHost = targetHost; this.targetHost = targetHost;
} }
public String getOriginHost() { public String getOriginHost()
{
return originHost; return originHost;
} }
public void setOriginHost(String originHost) { public void setOriginHost( String originHost )
{
this.originHost = originHost; this.originHost = originHost;
} }
public String getRefererHost() { public String getRefererHost()
{
return refererHost; return refererHost;
} }
public void setRefererHost(String refererHost) { public void setRefererHost( String refererHost )
{
this.refererHost = refererHost; this.refererHost = refererHost;
} }
public int getTargetPort() { public int getTargetPort()
{
return targetPort; return targetPort;
} }
public void setTargetPort(int targetPort) { public void setTargetPort( int targetPort )
{
this.targetPort = targetPort; this.targetPort = targetPort;
} }
public int getOriginPort() { public int getOriginPort()
{
return originPort; return originPort;
} }
public void setOriginPort(int originPort) { public void setOriginPort( int originPort )
{
this.originPort = originPort; this.originPort = originPort;
} }
public int getRefererPort() { public int getRefererPort()
{
return refererPort; return refererPort;
} }
public void setRefererPort(int refererPort) { public void setRefererPort( int refererPort )
{
this.refererPort = refererPort; this.refererPort = refererPort;
} }
public void setStatus(int status) { public void setStatus( int status )
{
this.status |= status; this.status |= status;
} }
public int getStatus() { public int getStatus()
{
return this.status; return this.status;
} }
// Origin check for Protocol, Host, Port // Origin check for Protocol, Host, Port
public void checkOrigin() { public void checkOrigin()
if (this.getStatus()==UNKNOWN) { {
this.status=OK; if ( this.getStatus() == UNKNOWN )
{
this.status = OK;
} }
if (!targetUrl.getProtocol().equals(originUrl.getProtocol())) { if ( !targetUrl.getProtocol().equals( originUrl.getProtocol() ) )
setStatus(F_ORIGIN_PROTOCOL); {
setStatus( F_ORIGIN_PROTOCOL );
} }
if (!targetHost.equals(originHost)) { if ( !targetHost.equals( originHost ) )
setStatus(F_ORIGIN_HOST); {
setStatus( F_ORIGIN_HOST );
} }
if (targetPort!=originPort) { if ( targetPort != originPort )
setStatus(F_ORIGIN_PORT); {
setStatus( F_ORIGIN_PORT );
} }
} }
// Referer check only for Host, Port // Referer check only for Host, Port
public void checkReferer() { public void checkReferer()
if (this.getStatus()==UNKNOWN) { {
this.status=OK; if ( this.getStatus() == UNKNOWN )
{
this.status = OK;
} }
if (!targetHost.equals(refererHost)) { if ( !targetHost.equals( refererHost ) )
setStatus(F_REFERER_HOST); {
setStatus( F_REFERER_HOST );
} }
if (targetPort!=refererPort) { if ( targetPort != refererPort )
setStatus(F_REFERER_PORT); {
setStatus( F_REFERER_PORT );
} }
} }
public boolean hasOriginError() { public boolean hasOriginError()
return (status & (F_ORIGIN_PROTOCOL | F_ORIGIN_HOST | F_ORIGIN_PORT)) > 0; {
return ( status & ( F_ORIGIN_PROTOCOL | F_ORIGIN_HOST | F_ORIGIN_PORT ) ) > 0;
} }
public boolean hasRefererError() { public boolean hasRefererError()
return (status & (F_REFERER_HOST | F_REFERER_PORT )) > 0; {
return ( status & ( F_REFERER_HOST | F_REFERER_PORT ) ) > 0;
} }
@Override @Override
public String toString() { public String toString()
return "Stat="+status+", target="+targetUrl+", origin="+originUrl+", referer="+refererUrl; {
return "Stat=" + status + ", target=" + targetUrl + ", origin=" + originUrl + ", referer=" + refererUrl;
} }
} }
@Inject @Inject
public RequestValidationInterceptor( public RequestValidationInterceptor( @Named( value = "userConfiguration#default" ) UserConfiguration config )
@Named(value = "userConfiguration#default") UserConfiguration config) { {
this.config = config; this.config = config;
} }
@PostConstruct @PostConstruct
public void init() { public void init()
List<String> baseUrlList = config.getList(UserConfigurationKeys.REST_BASE_URL); {
if (baseUrlList!=null) { List<String> baseUrlList = config.getList( UserConfigurationKeys.REST_BASE_URL );
for (String baseUrlStr : baseUrlList) { if ( baseUrlList != null )
if (!"".equals(baseUrlStr.trim())) { {
try { for ( String baseUrlStr : baseUrlList )
baseUrl.add(new URL(baseUrlStr)); {
if ( !"".equals( baseUrlStr.trim() ) )
{
try
{
baseUrl.add( new URL( baseUrlStr ) );
useStaticUrl = true; useStaticUrl = true;
} catch (MalformedURLException ex) { }
log.error("Configured baseUrl (rest.baseUrl={}) is invalid. Message: {}", baseUrlStr, ex.getMessage()); catch ( MalformedURLException ex )
{
log.error( "Configured baseUrl (rest.baseUrl={}) is invalid. Message: {}", baseUrlStr,
ex.getMessage() );
} }
} }
} }
} }
denyAbsentHeaders = config.getBoolean(UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY,true); denyAbsentHeaders = config.getBoolean( UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY, true );
enabled = config.getBoolean(UserConfigurationKeys.REST_CSRF_ENABLED,true); enabled = config.getBoolean( UserConfigurationKeys.REST_CSRF_ENABLED, true );
if (!enabled) { if ( !enabled )
log.info("CSRF Filter is disabled by configuration"); {
} else { log.info( "CSRF Filter is disabled by configuration" );
log.info("CSRF Filter is enable");
} }
checkToken = !config.getBoolean(UserConfigurationKeys.REST_CSRF_DISABLE_TOKEN_VALIDATION, false); else
if (!checkToken) { {
log.info("CSRF Token validation is disabled by configuration"); log.info( "CSRF Filter is enable" );
} else { }
log.info("CSRF Token validation is enable"); checkToken = !config.getBoolean( UserConfigurationKeys.REST_CSRF_DISABLE_TOKEN_VALIDATION, false );
if ( !checkToken )
{
log.info( "CSRF Token validation is disabled by configuration" );
}
else
{
log.info( "CSRF Token validation is enable" );
} }
} }
@Override @Override
public void filter(ContainerRequestContext containerRequestContext) throws IOException { public void filter( ContainerRequestContext containerRequestContext )
if (enabled) { throws IOException
{
if ( enabled )
{
HttpServletRequest request = getRequest(); HttpServletRequest request = getRequest();
List<URL> targetUrls = getTargetUrl(request); List<URL> targetUrls = getTargetUrl( request );
if (targetUrls == null) { if ( targetUrls == null )
log.error("Could not verify target URL."); {
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); log.error( "Could not verify target URL." );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
List<HeaderValidationInfo> validationInfos = new ArrayList<HeaderValidationInfo>(); List<HeaderValidationInfo> validationInfos = new ArrayList<HeaderValidationInfo>();
boolean targetMatch=false; boolean targetMatch = false;
boolean noHeader = true; boolean noHeader = true;
for(URL targetUrl : targetUrls) { for ( URL targetUrl : targetUrls )
log.trace("Checking against target URL: {}", targetUrl); {
HeaderValidationInfo info = checkSourceRequestHeader(new HeaderValidationInfo(targetUrl), request); log.trace( "Checking against target URL: {}", targetUrl );
HeaderValidationInfo info = checkSourceRequestHeader( new HeaderValidationInfo( targetUrl ), request );
// We need only one match // We need only one match
noHeader = noHeader && info.getStatus()==info.UNKNOWN; noHeader = noHeader && info.getStatus() == info.UNKNOWN;
if (info.getStatus()==info.OK) { if ( info.getStatus() == info.OK )
targetMatch=true; {
targetMatch = true;
break; break;
} else { }
validationInfos.add(info); else
{
validationInfos.add( info );
} }
} }
if (noHeader && denyAbsentHeaders) { if ( noHeader && denyAbsentHeaders )
log.warn("Request denied. No Origin or Referer header found and {}=true", UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY); {
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); log.warn( "Request denied. No Origin or Referer header found and {}=true",
UserConfigurationKeys.REST_CSRF_ABSENTORIGIN_DENY );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
if (!targetMatch) { if ( !targetMatch )
log.warn("HTTP Header check failed. Assuming CSRF attack."); {
for(HeaderValidationInfo info : validationInfos) { log.warn( "HTTP Header check failed. Assuming CSRF attack." );
if (info.hasOriginError()) { for ( HeaderValidationInfo info : validationInfos )
log.warn("Origin Header does not match: originUrl={}, targetUrl={}. Matches: Host={}, Port={}, Protocol={}", {
info.originUrl, info.targetUrl, (info.getStatus()&info.F_ORIGIN_HOST)==0, if ( info.hasOriginError() )
(info.getStatus()&info.F_ORIGIN_PORT)==0, (info.getStatus()&info.F_ORIGIN_PROTOCOL)==0); {
log.warn(
"Origin Header does not match: originUrl={}, targetUrl={}. Matches: Host={}, Port={}, Protocol={}",
info.originUrl, info.targetUrl, ( info.getStatus() & info.F_ORIGIN_HOST ) == 0,
( info.getStatus() & info.F_ORIGIN_PORT ) == 0,
( info.getStatus() & info.F_ORIGIN_PROTOCOL ) == 0 );
} }
if (info.hasRefererError()) { if ( info.hasRefererError() )
log.warn("Referer Header does not match: refererUrl={}, targetUrl={}. Matches: Host={}, Port={}", {
info.refererUrl, info.targetUrl, (info.getStatus()&info.F_REFERER_HOST)==0, log.warn(
(info.getStatus()&info.F_REFERER_PORT)==0); "Referer Header does not match: refererUrl={}, targetUrl={}. Matches: Host={}, Port={}",
info.refererUrl, info.targetUrl, ( info.getStatus() & info.F_REFERER_HOST ) == 0,
( info.getStatus() & info.F_REFERER_PORT ) == 0 );
} }
} }
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
if (checkToken) { if ( checkToken )
checkValidationToken(containerRequestContext, request); {
checkValidationToken( containerRequestContext, request );
} }
} }
} }
@ -356,89 +447,118 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
* @param containerRequestContext * @param containerRequestContext
* @param request * @param request
*/ */
private void checkValidationToken(ContainerRequestContext containerRequestContext, HttpServletRequest request) { private void checkValidationToken( ContainerRequestContext containerRequestContext, HttpServletRequest request )
{
Message message = JAXRSUtils.getCurrentMessage(); Message message = JAXRSUtils.getCurrentMessage();
RedbackAuthorization redbackAuthorization = getRedbackAuthorization(message); RedbackAuthorization redbackAuthorization = getRedbackAuthorization( message );
// We check only services that are restricted // We check only services that are restricted
if (!redbackAuthorization.noRestriction()) { if ( !redbackAuthorization.noRestriction() )
String tokenString = request.getHeader(X_XSRF_TOKEN); {
if (tokenString==null || tokenString.length()==0) { String tokenString = request.getHeader( X_XSRF_TOKEN );
log.warn("No validation token header found: {}",X_XSRF_TOKEN); if ( tokenString == null || tokenString.length() == 0 )
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); {
log.warn( "No validation token header found: {}", X_XSRF_TOKEN );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
try { try
TokenData td = tokenManager.decryptToken(tokenString); {
AuthenticationResult auth = getAuthenticationResult(message, request); TokenData td = tokenManager.decryptToken( tokenString );
if (auth==null) { AuthenticationResult auth = getAuthenticationResult( message, request );
log.error("Not authentication data found"); if ( auth == null )
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); {
log.error( "Not authentication data found" );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
User loggedIn = auth.getUser(); User loggedIn = auth.getUser();
if (loggedIn==null) { if ( loggedIn == null )
log.error("User not logged in"); {
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); log.error( "User not logged in" );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
} }
String username = loggedIn.getUsername(); String username = loggedIn.getUsername();
if (!td.isValid() || !td.getUser().equals(username)) { if ( !td.isValid() || !td.getUser().equals( username ) )
log.error("Invalid data in validation token header {} for user {}: isValid={}, username={}", {
X_XSRF_TOKEN, username, td.isValid(), td.getUser()); log.error( "Invalid data in validation token header {} for user {}: isValid={}, username={}",
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); X_XSRF_TOKEN, username, td.isValid(), td.getUser() );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
} }
} catch (InvalidTokenException e) { }
log.error("Token validation failed {}", e.getMessage()); catch ( InvalidTokenException e )
containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build()); {
log.error( "Token validation failed {}", e.getMessage() );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
} }
} }
log.debug("Token validated"); log.debug( "Token validated" );
} }
private HttpServletRequest getRequest() { private HttpServletRequest getRequest()
if (httpRequest!=null) { {
if ( httpRequest != null )
{
return httpRequest; return httpRequest;
} else { }
else
{
Message message = JAXRSUtils.getCurrentMessage(); Message message = JAXRSUtils.getCurrentMessage();
return getHttpServletRequest(message); return getHttpServletRequest( message );
} }
} }
private List<URL> getTargetUrl(HttpServletRequest request) { private List<URL> getTargetUrl( HttpServletRequest request )
if (useStaticUrl) { {
if ( useStaticUrl )
{
return baseUrl; return baseUrl;
} else { }
else
{
List<URL> urls = new ArrayList<URL>(); List<URL> urls = new ArrayList<URL>();
URL requestUrl; URL requestUrl;
try { try
requestUrl = new URL(request.getRequestURL().toString()); {
urls.add(requestUrl); requestUrl = new URL( request.getRequestURL().toString() );
} catch (MalformedURLException ex) { urls.add( requestUrl );
log.error("Bad Request URL {}, Message: {}", request.getRequestURL(), ex.getMessage()); }
catch ( MalformedURLException ex )
{
log.error( "Bad Request URL {}, Message: {}", request.getRequestURL(), ex.getMessage() );
return null; return null;
} }
String xforwarded = request.getHeader(X_FORWARDED_HOST); String xforwarded = request.getHeader( X_FORWARDED_HOST );
String xforwardedProto = request.getHeader(X_FORWARDED_PROTO); String xforwardedProto = request.getHeader( X_FORWARDED_PROTO );
if (xforwardedProto==null) { if ( xforwardedProto == null )
xforwardedProto=requestUrl.getProtocol(); {
xforwardedProto = requestUrl.getProtocol();
} }
if (xforwarded!=null) { if ( xforwarded != null )
try { {
urls.add(new URL(xforwardedProto+"://"+xforwarded)); try
} catch (MalformedURLException ex) { {
log.warn("X-Forwarded-Host Header is malformed: {}", ex.getMessage()); urls.add( new URL( xforwardedProto + "://" + xforwarded ) );
}
catch ( MalformedURLException ex )
{
log.warn( "X-Forwarded-Host Header is malformed: {}", ex.getMessage() );
} }
} }
return urls; return urls;
} }
} }
private int getPort(final URL url) { private int getPort( final URL url )
return url.getPort() > 0 ? url.getPort() : ("https".equals(url.getProtocol()) ? DEFAULT_HTTPS : DEFAULT_HTTP); {
return url.getPort() > 0
? url.getPort()
: ( "https".equals( url.getProtocol() ) ? DEFAULT_HTTPS : DEFAULT_HTTP );
} }
private String getHost(final URL url) { private String getHost( final URL url )
{
return url.getHost().trim().toLowerCase(); return url.getHost().trim().toLowerCase();
} }
@ -446,47 +566,60 @@ public class RequestValidationInterceptor extends AbstractInterceptor implements
* Checks the validation headers. First the Origin header is checked, if this fails * Checks the validation headers. First the Origin header is checked, if this fails
* or is absent, the referer header is checked. * or is absent, the referer header is checked.
* *
* @param info The info object that must be populated with the targetURL * @param info The info object that must be populated with the targetURL
* @param request The HTTP request object * @param request The HTTP request object
* @return A info object with updated status information * @return A info object with updated status information
*/ */
private HeaderValidationInfo checkSourceRequestHeader(final HeaderValidationInfo info, final HttpServletRequest request) { private HeaderValidationInfo checkSourceRequestHeader( final HeaderValidationInfo info,
String origin = request.getHeader(ORIGIN); final HttpServletRequest request )
if (origin!=null) { {
try { String origin = request.getHeader( ORIGIN );
info.setOriginUrl(new URL(origin)); if ( origin != null )
} catch (MalformedURLException e) { {
log.warn("Bad origin header found: {}", origin); try
{
info.setOriginUrl( new URL( origin ) );
}
catch ( MalformedURLException e )
{
log.warn( "Bad origin header found: {}", origin );
} }
} }
// Check referer if Origin header dos not match or is not available // Check referer if Origin header dos not match or is not available
if (info.getStatus()!=info.OK) { if ( info.getStatus() != info.OK )
String referer = request.getHeader(REFERER); {
if (referer != null) { String referer = request.getHeader( REFERER );
try { if ( referer != null )
info.setRefererUrl(new URL(referer)); {
} catch (MalformedURLException ex) { try
log.warn("Bad URL in Referer HTTP-Header: {}, Message: {}", referer, ex.getMessage()); {
info.setRefererUrl( new URL( referer ) );
}
catch ( MalformedURLException ex )
{
log.warn( "Bad URL in Referer HTTP-Header: {}, Message: {}", referer, ex.getMessage() );
} }
} }
} }
return info; return info;
} }
public void setHttpRequest(HttpServletRequest request) { public void setHttpRequest( HttpServletRequest request )
{
this.httpRequest = request; this.httpRequest = request;
} }
private AuthenticationResult getAuthenticationResult(Message message, HttpServletRequest request) { private AuthenticationResult getAuthenticationResult( Message message, HttpServletRequest request )
AuthenticationResult authenticationResult = message.get(AuthenticationResult.class); {
AuthenticationResult authenticationResult = message.get( AuthenticationResult.class );
log.debug("authenticationResult from message: {}", authenticationResult); log.debug( "authenticationResult from message: {}", authenticationResult );
if ( authenticationResult == null ) if ( authenticationResult == null )
{ {
try try
{ {
authenticationResult = authenticationResult =
httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) ); httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) );
log.debug( "authenticationResult from request: {}", authenticationResult ); log.debug( "authenticationResult from request: {}", authenticationResult );
} }