midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reapply 2866 Security Fix. This update has a known defect of suppressing the css setting in the login1 screen and org, client and warehouse on the login2 screen.

This commit is contained in:
rob_k 2007-07-09 12:54:36 +00:00
parent 29a6345c2f
commit 3c0884a9f7
2 changed files with 81 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
serverApps/src/main/servlet/org/compiere/www/WFilter.java
View File

@ -1,19 +1,28 @@
/******************************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution *
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved. *
* This program is free software; you can redistribute it and/or modify it *
* under the terms version 2 of the GNU General Public License as published *
* by the Free Software Foundation. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied *
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU General Public License for more details. *
* You should have received a copy of the GNU General Public License along *
* with this program; if not, write to the Free Software Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. *
* For the text or an alternative of this public license, you may reach us *
* ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA *
* or via info@compiere.org or http://www.compiere.org/license.html *
*****************************************************************************/
/**********************************************************************
* This file is part of Adempiere ERP Bazaar *
* http://www.adempiere.org *
* *
* Copyright (C) 1999 - 2006 Compiere Inc. *
* Copyright (C) Contributors *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software *
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
* MA 02110-1301, USA. *
* *
* Contributors: *
* - Bahman Movaqar (bmovaqar@users.sf.net) *
**********************************************************************/
package org.compiere.www;
import java.io.*;
@ -90,6 +99,30 @@ public final class WFilter implements javax.servlet.Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException
{
WebSessionCtx wctx = WebSessionCtx.get((HttpServletRequest)request);
if (wctx == null) {
if (m_filterConfig != null) {
String login_page = m_filterConfig.getInitParameter("LoginServlet");
if (login_page != null && !"".equals(login_page)) {
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
return;
}
}
throw new ServletException("Unauthorized access, unable to forward to login page");
}
String sessionID = wctx.ctx.getProperty("#AD_Session_ID");
if (sessionID == null) {
if (m_filterConfig != null) {
String login_page = m_filterConfig.getInitParameter("LoginServlet");
if (login_page != null && !"".equals(login_page)) {
m_filterConfig.getServletContext().getRequestDispatcher(login_page).forward(request, response);
return;
}
}
throw new ServletException("Unauthorized access, unable to forward to login page");
}
// Get URI
String uri = "";
if (request instanceof HttpServletRequest)

33
serverApps/src/web/WEB-INF/web.xml
View File

@ -1,4 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>
<!--
**********************************************************************
* This file is part of Adempiere ERP Bazaar *
* http://www.adempiere.org *
* *
* Copyright (C) 1999 - 2006 Compiere Inc. *
* Copyright (C) Contributors *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software *
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, *
* MA 02110-1301, USA. *
* *
* Contributors: *
* - Bahman Movaqar (bmovaqar@users.sf.net) *
**********************************************************************
-->
<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Jorg Janke (ComPiere, Inc.) -->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@ -21,6 +48,10 @@
<init-param>
<param-name>Timing</param-name>
<param-value>Y</param-value>
</init-param>
<init-param>
<param-name>LoginServlet</param-name>
<param-value>/WLogin</param-value>
</init-param>
</filter>
<filter-mapping>