← Back to branch summary

~opensource21/permsec/psec2.0.x

« back to all changes in this revision

Viewing changes to psec/app/de/ppi/psec/helper/PsecAction.java

  • Committer: niels
  • Date: 2012-05-28 09:46:18 UTC
  • Revision ID: opensource21@googlemail.com-20120528094618-5zdxxk8d41jc5u62
Replace flash by session. Create protection about infinite redirects.

Show diffs side-by-side

added added

removed removed

Lines of Context:
psec/app/de/ppi/psec/helper/PsecAction.java
64
64
        final Request request = ctx.request();
65
65
        log.trace("Check controller >" + controllerClass+ "< and action >" + 
66
66
                action + "<");
 
67
        if (!AuthController.class.equals(controllerClass)) {
 
68
            ctx.session().remove(AuthController.FLASH_PSEC_URL);
 
69
        }
67
70
        if (isEnabled && !isPublicMethod(actionMethod)) {
68
71
           AuthenticationService authService = AuthenticationServiceImpl.getService();
69
72
           if (!authService.isAuthenticate(true) && !authService.canRemembered()) {
70
73
               final String interruptedUrl = getInterruptedUrl(request);
71
 
               ctx.flash().put(AuthController.FLASH_PSEC_URL, interruptedUrl);
 
74
               ctx.session().put(AuthController.FLASH_PSEC_URL, interruptedUrl);
72
75
               return Results.temporaryRedirect(loginUrl);
73
76
           }
74
77
           //Controller-name without "controllers." at the beginning.
83
86
           }
84
87
        }
85
88
        if (AuthController.class.equals(controllerClass) && 
86
 
                !ctx.flash().containsKey(AuthController.FLASH_PSEC_URL)) {
87
 
            ctx.flash().put(AuthController.FLASH_PSEC_URL, getLastURL(request));                
 
89
                !ctx.session().containsKey(AuthController.FLASH_PSEC_URL)) {
 
90
            final String lastUrl = getLastURL(request);
 
91
            ctx.session().put(AuthController.FLASH_PSEC_URL, lastUrl);                
88
92
        }
89
93
        return delegate.call(ctx);
90
94
    }
125
129
        } else {
126
130
            interruptedUrl = getLastURL(request);
127
131
        }
 
132
        if (log.isDebugEnabled()) log.debug(request.method() + ":" + interruptedUrl);
128
133
        return interruptedUrl;
129
134
    }
130
135
 
132
137
    private String getLastURL(final Request request) {
133
138
        String interruptedUrl;
134
139
        final String referer = request.getHeader("referer");
135
 
        if (referer != null && referer.length() > 1) {
 
140
        if (referer != null && referer.length() > 1 
 
141
                && !referer.endsWith(request.uri())) {
136
142
            interruptedUrl = referer;
137
143
        } else {
138
144
            interruptedUrl = "/";
139
145
        }
 
146
        if (log.isDebugEnabled()) log.debug("LastURL:" + interruptedUrl);
140
147
        return interruptedUrl;
141
148
    }
142
149