fixed security issue.

JumpMind · Oct 18, 2007 · 3936c97 · 3936c97
1 parent 3f17e51
commit 3936c97
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/symmetric/src/main/java/org/jumpmind/symmetric/web/AuthenticationFilter.java b/symmetric/src/main/java/org/jumpmind/symmetric/web/AuthenticationFilter.java
@@ -48,19 +48,21 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
         throws IOException, ServletException
     {
         String securityToken = req.getParameter(WebConstants.SECURITY_TOKEN);
-        String clientId = req.getParameter(WebConstants.NODE_ID);
+        String nodeId = req.getParameter(WebConstants.NODE_ID);
 
-        if (securityToken == null || clientId == null)
+        if (securityToken == null || nodeId == null)
         {
             ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN);
+            return;
         }
 
         ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
         INodeService sc = (INodeService) ctx.getBean(Constants.NODE_SERVICE);
 
-        if (!sc.isNodeAuthorized(clientId, securityToken))
+        if (!sc.isNodeAuthorized(nodeId, securityToken))
         {
             ((HttpServletResponse)resp).sendError(HttpServletResponse.SC_FORBIDDEN);
+            return;
         }
 
         chain.doFilter(req, resp);