[ Bugs-1745703 ] WebUI: Access to system-level windows without authentication
http://sourceforge.net/tracker/index.php?func=detail&aid=1745703&group_id=176962&atid=879332
This commit is contained in:
parent
a66119b005
commit
036e0729fd
|
@ -1,19 +1,28 @@
|
||||||
/******************************************************************************
|
/**********************************************************************
|
||||||
* Product: Adempiere ERP & CRM Smart Business Solution *
|
* This file is part of Adempiere ERP Bazaar *
|
||||||
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved. *
|
* http://www.adempiere.org *
|
||||||
* This program is free software; you can redistribute it and/or modify it *
|
* *
|
||||||
* under the terms version 2 of the GNU General Public License as published *
|
* Copyright (C) 1999 - 2006 Compiere Inc. *
|
||||||
* by the Free Software Foundation. This program is distributed in the hope *
|
* Copyright (C) Contributors *
|
||||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied *
|
* *
|
||||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
* This program is free software; you can redistribute it and/or *
|
||||||
* See the GNU General Public License for more details. *
|
* modify it under the terms of the GNU General Public License *
|
||||||
* You should have received a copy of the GNU General Public License along *
|
* as published by the Free Software Foundation; either version 2 *
|
||||||
* with this program; if not, write to the Free Software Foundation, Inc., *
|
* of the License, or (at your option) any later version. *
|
||||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. *
|
* *
|
||||||
* For the text or an alternative of this public license, you may reach us *
|
* This program is distributed in the hope that it will be useful, *
|
||||||
* ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA *
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||||
* or via info@compiere.org or http://www.compiere.org/license.html *
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||||
*****************************************************************************/
|
* GNU General Public License for more details. *
|
||||||
|
* *
|
||||||
|
* You should have received a copy of the GNU General Public License *
|
||||||
|
* along with this program; if not, write to the Free Software *
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
|
||||||
|
* MA 02110-1301, USA. *
|
||||||
|
* *
|
||||||
|
* Contributors: *
|
||||||
|
* - Bahman Movaqar (bmovaqar@users.sf.net) *
|
||||||
|
**********************************************************************/
|
||||||
package org.compiere.www;
|
package org.compiere.www;
|
||||||
|
|
||||||
import java.io.*;
|
import java.io.*;
|
||||||
|
@ -90,6 +99,30 @@ public final class WFilter implements javax.servlet.Filter
|
||||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||||
throws IOException, ServletException
|
throws IOException, ServletException
|
||||||
{
|
{
|
||||||
|
WebSessionCtx wctx = WebSessionCtx.get((HttpServletRequest)request);
|
||||||
|
if (wctx == null) {
|
||||||
|
if (m_filterConfig != null) {
|
||||||
|
String login_page = m_filterConfig.getInitParameter("LoginServlet");
|
||||||
|
if (login_page != null && !"".equals(login_page)) {
|
||||||
|
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new ServletException("Unauthorized access, unable to forward to login page");
|
||||||
|
}
|
||||||
|
|
||||||
|
String sessionID = wctx.ctx.getProperty("#AD_Session_ID");
|
||||||
|
if (sessionID == null) {
|
||||||
|
if (m_filterConfig != null) {
|
||||||
|
String login_page = m_filterConfig.getInitParameter("LoginServlet");
|
||||||
|
if (login_page != null && !"".equals(login_page)) {
|
||||||
|
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new ServletException("Unauthorized access, unable to forward to login page");
|
||||||
|
}
|
||||||
|
|
||||||
// Get URI
|
// Get URI
|
||||||
String uri = "";
|
String uri = "";
|
||||||
if (request instanceof HttpServletRequest)
|
if (request instanceof HttpServletRequest)
|
||||||
|
|
|
@ -1,4 +1,31 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
**********************************************************************
|
||||||
|
* This file is part of Adempiere ERP Bazaar *
|
||||||
|
* http://www.adempiere.org *
|
||||||
|
* *
|
||||||
|
* Copyright (C) 1999 - 2006 Compiere Inc. *
|
||||||
|
* Copyright (C) Contributors *
|
||||||
|
* *
|
||||||
|
* This program is free software; you can redistribute it and/or *
|
||||||
|
* modify it under the terms of the GNU General Public License *
|
||||||
|
* as published by the Free Software Foundation; either version 2 *
|
||||||
|
* of the License, or (at your option) any later version. *
|
||||||
|
* *
|
||||||
|
* This program is distributed in the hope that it will be useful, *
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||||
|
* GNU General Public License for more details. *
|
||||||
|
* *
|
||||||
|
* You should have received a copy of the GNU General Public License *
|
||||||
|
* along with this program; if not, write to the Free Software *
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
|
||||||
|
* MA 02110-1301, USA. *
|
||||||
|
* *
|
||||||
|
* Contributors: *
|
||||||
|
* - Bahman Movaqar (bmovaqar@users.sf.net) *
|
||||||
|
**********************************************************************
|
||||||
|
-->
|
||||||
<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Jorg Janke (ComPiere, Inc.) -->
|
<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Jorg Janke (ComPiere, Inc.) -->
|
||||||
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
|
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
@ -22,6 +49,10 @@
|
||||||
<param-name>Timing</param-name>
|
<param-name>Timing</param-name>
|
||||||
<param-value>Y</param-value>
|
<param-value>Y</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>LoginServlet</param-name>
|
||||||
|
<param-value>/WLogin</param-value>
|
||||||
|
</init-param>
|
||||||
</filter>
|
</filter>
|
||||||
<filter-mapping>
|
<filter-mapping>
|
||||||
<filter-name>WFilter</filter-name>
|
<filter-name>WFilter</filter-name>
|
||||||
|
|
Loading…
Reference in New Issue