[ Bugs-1745703 ] WebUI: Access to system-level windows without authentication

http://sourceforge.net/tracker/index.php?func=detail&aid=1745703&group_id=176962&atid=879332
This commit is contained in:
bmovaqar 2007-06-30 12:31:26 +00:00
parent a66119b005
commit 036e0729fd
2 changed files with 81 additions and 17 deletions

View File

@ -1,19 +1,28 @@
/****************************************************************************** /**********************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution * * This file is part of Adempiere ERP Bazaar *
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved. * * http://www.adempiere.org *
* This program is free software; you can redistribute it and/or modify it * * *
* under the terms version 2 of the GNU General Public License as published * * Copyright (C) 1999 - 2006 Compiere Inc. *
* by the Free Software Foundation. This program is distributed in the hope * * Copyright (C) Contributors *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * * *
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * This program is free software; you can redistribute it and/or *
* See the GNU General Public License for more details. * * modify it under the terms of the GNU General Public License *
* You should have received a copy of the GNU General Public License along * * as published by the Free Software Foundation; either version 2 *
* with this program; if not, write to the Free Software Foundation, Inc., * * of the License, or (at your option) any later version. *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. * * *
* For the text or an alternative of this public license, you may reach us * * This program is distributed in the hope that it will be useful, *
* ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA * * but WITHOUT ANY WARRANTY; without even the implied warranty of *
* or via info@compiere.org or http://www.compiere.org/license.html * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
*****************************************************************************/ * GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software *
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
* MA 02110-1301, USA. *
* *
* Contributors: *
* - Bahman Movaqar (bmovaqar@users.sf.net) *
**********************************************************************/
package org.compiere.www; package org.compiere.www;
import java.io.*; import java.io.*;
@ -90,6 +99,30 @@ public final class WFilter implements javax.servlet.Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException throws IOException, ServletException
{ {
WebSessionCtx wctx = WebSessionCtx.get((HttpServletRequest)request);
if (wctx == null) {
if (m_filterConfig != null) {
String login_page = m_filterConfig.getInitParameter("LoginServlet");
if (login_page != null && !"".equals(login_page)) {
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
return;
}
}
throw new ServletException("Unauthorized access, unable to forward to login page");
}
String sessionID = wctx.ctx.getProperty("#AD_Session_ID");
if (sessionID == null) {
if (m_filterConfig != null) {
String login_page = m_filterConfig.getInitParameter("LoginServlet");
if (login_page != null && !"".equals(login_page)) {
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
return;
}
}
throw new ServletException("Unauthorized access, unable to forward to login page");
}
// Get URI // Get URI
String uri = ""; String uri = "";
if (request instanceof HttpServletRequest) if (request instanceof HttpServletRequest)

View File

@ -1,4 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!--
**********************************************************************
* This file is part of Adempiere ERP Bazaar *
* http://www.adempiere.org *
* *
* Copyright (C) 1999 - 2006 Compiere Inc. *
* Copyright (C) Contributors *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software *
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
* MA 02110-1301, USA. *
* *
* Contributors: *
* - Bahman Movaqar (bmovaqar@users.sf.net) *
**********************************************************************
-->
<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Jorg Janke (ComPiere, Inc.) --> <!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Jorg Janke (ComPiere, Inc.) -->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@ -22,6 +49,10 @@
<param-name>Timing</param-name> <param-name>Timing</param-name>
<param-value>Y</param-value> <param-value>Y</param-value>
</init-param> </init-param>
<init-param>
<param-name>LoginServlet</param-name>
<param-value>/WLogin</param-value>
</init-param>
</filter> </filter>
<filter-mapping> <filter-mapping>
<filter-name>WFilter</filter-name> <filter-name>WFilter</filter-name>