Exemple #1
0
 /* build the trust source set*/
 private static Set getTrustedSourceList() throws SessionException {
   Set result = new HashSet();
   try {
     String rawList = SystemProperties.get(Constants.TRUSTED_SOURCE_LIST);
     if (rawList != null) {
       StringTokenizer stk = new StringTokenizer(rawList, ",");
       while (stk.hasMoreTokens()) {
         result.add(InetAddress.getByName(stk.nextToken()));
       }
     } else {
       // use platform server list as a default fallback
       Vector psl = WebtopNaming.getPlatformServerList();
       if (psl == null) {
         throw new SessionException(SessionBundle.rbName, "emptyTrustedSourceList", null);
       }
       for (Enumeration e = psl.elements(); e.hasMoreElements(); ) {
         try {
           URL url = new URL((String) e.nextElement());
           result.add(InetAddress.getByName(url.getHost()));
         } catch (Exception ex) {
           debug.error("SessionUtils.getTrustedSourceList : " + "Validating Host exception", ex);
         }
       }
     }
   } catch (Exception e) {
     throw new SessionException(e);
   }
   return result;
 }
Exemple #2
0
  private boolean validateRequest(HttpServletRequest servletRequest) {
    try {
      String encryptedCookie =
          CookieUtils.getCookieValueFromReq(servletRequest, SessionService.securityCookieName);
      if (encryptedCookie == null) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: " + "no Security Cookie in the request");
        return false;
      }
      String decryptedCookie =
          (String) AccessController.doPrivileged(new DecodeAction(encryptedCookie));
      StringTokenizer st = new StringTokenizer(decryptedCookie, "@");
      String serverURL = st.nextToken();
      long requestTimeStamp = Long.parseLong(st.nextToken());
      long currentTime = System.currentTimeMillis();
      if (Math.abs(currentTime - requestTimeStamp) > MAX_TIMESTAMP_DIFF) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: " + "Max time elapsed for the Request");
        return false;
      }
      Vector platformServerList = WebtopNaming.getPlatformServerList();

      if (!platformServerList.contains(serverURL)) {
        SessionService.sessionDebug.error(
            "GetHttpSession.validateRequest: "
                + "request host :"
                + serverURL
                + "was not part of the platformServerList");
      }
      return true;

    } catch (Exception e) {
      SessionService.sessionDebug.error(
          "GetHttpSession.validateRequest: " + "Exception while validating the request ", e);
      return false;
    }
  }