Skip to content
This repository has been archived by the owner on May 20, 2021. It is now read-only.

Commit

Permalink
Enhanced: WfWeb/Designer - secured package deploy & update json api t…
Browse files Browse the repository at this point in the history 
…o prevent unauthenticated access (issue #139)

git-svn-id: http://dev.joget.org/svn/joget/trunk@666 7ed575d9-8c1d-4629-9338-9e3bd68e044c
  • Loading branch information
damien committed Sep 6, 2010
1 parent d57048c commit 7d0aa76
Show file tree
Hide file tree
Showing 7 changed files with 52 additions and 26 deletions.
8 changes: 8 additions & 0 deletions wflow-designer/src/main/java/org/joget/designer/Designer.java
View file
Expand Up @@ -9,6 +9,10 @@
public class Designer {

public static String URLPATH = "";

public static String USERNAME = "";
public static String HASH = "";

public static boolean DEPLOY = false;
public static boolean UPDATE = false;

Expand Down Expand Up @@ -42,6 +46,10 @@ public static void main(String[] args) throws Throwable {
DEPLOY = true;
} else if (args[i].startsWith("update:")) {
UPDATE = true;
} else if (args[i].startsWith("username:")) {
USERNAME = args[i].substring(9, args[i].length());
} else if (args[i].startsWith("hash:")) {
HASH = args[i].substring(5, args[i].length());
} else if (args[i].startsWith("locale:")) {
argument[1] = args[i].substring(7, args[i].length());
} else {
Expand Down
2 changes: 1 addition & 1 deletion wflow-designer/src/main/java/org/joget/designer/jped/Deploy.java
View file
Expand Up @@ -50,7 +50,7 @@ public void actionPerformed(ActionEvent e) {
if (checkValidity(jc)) {

HttpClient httpClient = new HttpClient();
String url = Designer.URLPATH + "/web/json/workflow/package/deploy";
String url = Designer.URLPATH + "/web/json/workflow/package/deploy?j_username=" + Designer.USERNAME + "&hash=" + Designer.HASH;


PostMethod post = new PostMethod(url);
Expand Down
2 changes: 1 addition & 1 deletion wflow-designer/src/main/java/org/joget/designer/jped/Update.java
View file
Expand Up @@ -51,7 +51,7 @@ public void actionPerformed(ActionEvent e) {
HttpClient httpClient = new HttpClient();

String packageId = JaWEManager.getInstance().getJaWEController().getMainPackageId();
String url = Designer.URLPATH + "/web/json/workflow/package/update?packageId=" + packageId;
String url = Designer.URLPATH + "/web/json/workflow/package/update?packageId=" + packageId + "&j_username=" + Designer.USERNAME + "&hash=" + Designer.HASH;;

PostMethod post = new PostMethod(url);
try {
Expand Down
4 changes: 4 additions & 0 deletions wflow-designerweb/src/main/webapp/designer/webstart.jsp
View file
Expand Up @@ -73,5 +73,9 @@ response.addDateHeader("Last-Modified", java.util.Calendar.getInstance().getTime
<c:if test="${!empty param.locale}">
<argument>locale:${param.locale}</argument>
</c:if>
<c:if test="${!empty param.username && !empty param.hash}">
<argument>username:${param.username}</argument>
<argument>hash:${param.hash}</argument>
</c:if>
</application-desc>
</jnlp>
55 changes: 33 additions & 22 deletions wflow-wfweb/src/main/java/org/joget/workflow/controller/WorkflowJsonController.java
View file
Expand Up @@ -609,17 +609,23 @@ public void packageDeploy(Writer writer, HttpServletRequest request) throws JSON
MultipartFile packageXpdl = FileStore.getFile("packageXpdl");
JSONObject jsonObject = new JSONObject();

try {
String packageId = workflowFacade.processUpload(null, packageXpdl.getBytes());
boolean authenticated = !workflowUserManager.isCurrentUserAnonymous();

List<WorkflowProcess> processList = workflowFacade.getProcessList("", Boolean.TRUE, 0, 10000, packageId, Boolean.FALSE, Boolean.FALSE);
for(WorkflowProcess process : processList){
XpdlImageUtil.generateXpdlImage(workflowFacade.getDesignerwebBaseUrl(request), process.getId(), true);
}
if(authenticated){
try {
String packageId = workflowFacade.processUpload(null, packageXpdl.getBytes());

List<WorkflowProcess> processList = workflowFacade.getProcessList("", Boolean.TRUE, 0, 10000, packageId, Boolean.FALSE, Boolean.FALSE);
for(WorkflowProcess process : processList){
XpdlImageUtil.generateXpdlImage(workflowFacade.getDesignerwebBaseUrl(request), process.getId(), true);
}

jsonObject.accumulate("status", "complete");
} catch (Exception e) {
jsonObject.accumulate("errorMsg", e.getMessage().replace(":", ""));
jsonObject.accumulate("status", "complete");
} catch (Exception e) {
jsonObject.accumulate("errorMsg", e.getMessage().replace(":", ""));
}
}else{
jsonObject.accumulate("errorMsg", "unauthenticated");
}
writeJson(writer, jsonObject, null);
}
Expand All @@ -629,23 +635,28 @@ public void packageUpdate(Writer writer, @RequestParam("packageId") String packa
MultipartFile packageXpdl = FileStore.getFile("packageXpdlUpdate");
JSONObject jsonObject = new JSONObject();

try {
if (!workflowFacade.isPackageIdExist(packageId)) {
jsonObject.accumulate("status", "error");
} else {
workflowFacade.processUpload(packageId, packageXpdl.getBytes());
boolean authenticated = !workflowUserManager.isCurrentUserAnonymous();

List<WorkflowProcess> processList = workflowFacade.getProcessList("", Boolean.TRUE, 0, 10000, packageId, Boolean.FALSE, Boolean.FALSE);
for(WorkflowProcess process : processList){
XpdlImageUtil.generateXpdlImage(workflowFacade.getDesignerwebBaseUrl(request), process.getId(), true);
}
if(authenticated){
try {
if (!workflowFacade.isPackageIdExist(packageId)) {
jsonObject.accumulate("status", "error");
} else {
workflowFacade.processUpload(packageId, packageXpdl.getBytes());

jsonObject.accumulate("status", "complete");
List<WorkflowProcess> processList = workflowFacade.getProcessList("", Boolean.TRUE, 0, 10000, packageId, Boolean.FALSE, Boolean.FALSE);
for(WorkflowProcess process : processList){
XpdlImageUtil.generateXpdlImage(workflowFacade.getDesignerwebBaseUrl(request), process.getId(), true);
}

jsonObject.accumulate("status", "complete");
}
} catch (Exception e) {
jsonObject.accumulate("errorMsg", e.getMessage().replace(":", ""));
}
} catch (Exception e) {
jsonObject.accumulate("errorMsg", e.getMessage().replace(":", ""));
}else{
jsonObject.accumulate("errorMsg", "unauthenticated");
}

writeJson(writer, jsonObject, null);
}

Expand Down
5 changes: 4 additions & 1 deletion wflow-wfweb/src/main/java/org/joget/workflow/controller/WorkflowWebController.java
View file
Expand Up @@ -736,7 +736,10 @@ public String assignmentEmbeddedViewByProcess(ModelMap map, @RequestParam("proce
}

@RequestMapping("/admin/package/upload")
public String packageUpload() throws IOException {
public String packageUpload(ModelMap map) throws IOException {
User user = directoryManager.getUserByUsername(workflowUserManager.getCurrentUsername());
map.addAttribute("loginHash", user.getLoginHash());
map.addAttribute("username", user.getUsername());
return "workflow/admin/packageUpload";
}

Expand Down
2 changes: 1 addition & 1 deletion wflow-wfweb/src/main/webapp/WEB-INF/jsp/workflow/admin/packageUpload.jsp
View file
Expand Up @@ -80,7 +80,7 @@
%>
var path = 'http://${pageContext.request.serverName}:${pageContext.request.serverPort}${pageContext.request.contextPath}';
document.location = '<%= designerwebBaseUrl %>/wflow-designerweb/designer/webstart.jsp?path=' + encodeURIComponent(path) + '&deploy=deploy&locale=<%= locale %>';
document.location = '<%= designerwebBaseUrl %>/wflow-designerweb/designer/webstart.jsp?path=' + encodeURIComponent(path) + '&deploy=deploy&locale=<%= locale %>&username=${username}&hash=${loginHash}';
}
</script>

Expand Down

0 comments on commit 7d0aa76

Please sign in to comment.