From 036e0729fd94937d16d3ae3f1e415861f18886bf Mon Sep 17 00:00:00 2001 From: bmovaqar Date: Sat, 30 Jun 2007 12:31:26 +0000 Subject: [PATCH] [ Bugs-1745703 ] WebUI: Access to system-level windows without authentication http://sourceforge.net/tracker/index.php?func=detail&aid=1745703&group_id=176962&atid=879332 --- .../servlet/org/compiere/www/WFilter.java | 65 ++++++++++++++----- serverApps/src/web/WEB-INF/web.xml | 33 +++++++++- 2 files changed, 81 insertions(+), 17 deletions(-) diff --git a/serverApps/src/main/servlet/org/compiere/www/WFilter.java b/serverApps/src/main/servlet/org/compiere/www/WFilter.java index 765f0b223a..786185b846 100644 --- a/serverApps/src/main/servlet/org/compiere/www/WFilter.java +++ b/serverApps/src/main/servlet/org/compiere/www/WFilter.java @@ -1,19 +1,28 @@ -/****************************************************************************** - * Product: Adempiere ERP & CRM Smart Business Solution * - * Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved. * - * This program is free software; you can redistribute it and/or modify it * - * under the terms version 2 of the GNU General Public License as published * - * by the Free Software Foundation. This program is distributed in the hope * - * that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * - * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - * See the GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License along * - * with this program; if not, write to the Free Software Foundation, Inc., * - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. * - * For the text or an alternative of this public license, you may reach us * - * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA * - * or via info@compiere.org or http://www.compiere.org/license.html * - *****************************************************************************/ +/********************************************************************** + * This file is part of Adempiere ERP Bazaar * + * http://www.adempiere.org * + * * + * Copyright (C) 1999 - 2006 Compiere Inc. * + * Copyright (C) Contributors * + * * + * This program is free software; you can redistribute it and/or * + * modify it under the terms of the GNU General Public License * + * as published by the Free Software Foundation; either version 2 * + * of the License, or (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the Free Software * + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * + * MA 02110-1301, USA. * + * * + * Contributors: * + * - Bahman Movaqar (bmovaqar@users.sf.net) * + **********************************************************************/ package org.compiere.www; import java.io.*; @@ -90,6 +99,30 @@ public final class WFilter implements javax.servlet.Filter public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + WebSessionCtx wctx = WebSessionCtx.get((HttpServletRequest)request); + if (wctx == null) { + if (m_filterConfig != null) { + String login_page = m_filterConfig.getInitParameter("LoginServlet"); + if (login_page != null && !"".equals(login_page)) { + m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response); + return; + } + } + throw new ServletException("Unauthorized access, unable to forward to login page"); + } + + String sessionID = wctx.ctx.getProperty("#AD_Session_ID"); + if (sessionID == null) { + if (m_filterConfig != null) { + String login_page = m_filterConfig.getInitParameter("LoginServlet"); + if (login_page != null && !"".equals(login_page)) { + m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response); + return; + } + } + throw new ServletException("Unauthorized access, unable to forward to login page"); + } + // Get URI String uri = ""; if (request instanceof HttpServletRequest) diff --git a/serverApps/src/web/WEB-INF/web.xml b/serverApps/src/web/WEB-INF/web.xml index 24a544e3bc..86277d8251 100644 --- a/serverApps/src/web/WEB-INF/web.xml +++ b/serverApps/src/web/WEB-INF/web.xml @@ -1,4 +1,31 @@ - + + Timing Y + + + LoginServlet + /WLogin