OFBiz › OFBiz - Commits

svn commit: r774086 - in /ofbiz/branches/release09.04: ./ framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jleroux@apache.org

svn commit: r774086 - in /ofbiz/branches/release09.04: ./ framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java

Author: jleroux
Date: Tue May 12 21:09:26 2009
New Revision: 774086

URL: http://svn.apache.org/viewvc?rev=774086&view=rev
Log:
"Applied fix from trunk for revision: 774014"
------------------------------------------------------------------------
r774014 | jleroux | 2009-05-12 20:42:06 +0200 (mar., 12 mai 2009) | 1 line

A patch from Ray Barlow " ProtectedViews aren't limiting by user login, just view name" (https://issues.apache.org/jira/browse/OFBIZ-2466) - OFBIZ-2466
------------------------------------------------------------------------

Modified:
ofbiz/branches/release09.04/ (props changed)
ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java

Propchange: ofbiz/branches/release09.04/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue May 12 21:09:26 2009
@@ -1 +1 @@
-/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770997,771073,772401,772464-772465,773076,773557,773628,773659,773697
+/ofbiz/trunk:765933,766011,766015,766293,766307,766316,766325,766462,766522,766800,767060,767072,767093,767098-767099,767102,767123,767125,767127,767279,767287,767671,767688,767694,767822,767845,768358,768490,768550,768675,768686,768705,768811,768815,768960,769030,769500,770272,770997,771073,772401,772464-772465,773076,773557,773628,773659,773697,774014

Modified: ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java?rev=774086&r1=774085&r2=774086&view=diff
==============================================================================
--- ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java (original)
+++ ofbiz/branches/release09.04/framework/webapp/src/org/ofbiz/webapp/control/ProtectViewWorker.java Tue May 12 21:09:26 2009
@@ -75,31 +75,32 @@
// Is this login/view couple already tarpitted ? (ie denied access to view for login for a period of time)
List<GenericValue> tarpittedLoginViews = delegator.findByAnd("TarpittedLoginView",
UtilMisc.toMap("userLoginId", userLoginId, "viewNameId", viewNameId));
+ String viewNameUserLoginId = viewNameId + userLoginId;
if (UtilValidate.isNotEmpty(tarpittedLoginViews)) {
GenericValue tarpittedLoginView = tarpittedLoginViews.get(0);
Long tarpitReleaseDateTime = (Long) tarpittedLoginView.get("tarpitReleaseDateTime");
if (now < tarpitReleaseDateTime) {
String tarpittedMessage = UtilProperties.getMessage(resourceWebapp, "protectedviewevents.tarpitted_message", UtilHttp.getLocale(request));
// reset since now protected by the tarpit duration
- hitsByViewAccessed.put(viewNameId, new Long(0));
+ hitsByViewAccessed.put(viewNameUserLoginId, new Long(0));
return ":_protect_:" + tarpittedMessage;
}
}
GenericValue protectedView = protectedViews.get(0);
// 1st hit ?
- if (UtilValidate.isEmpty(hitsByViewAccessed.get(viewNameId))) {
- hitsByViewAccessed.put(viewNameId, one);
- Long maxHitsDuration = (Long) protectedView.get("maxHitsDuration") * 1000;
- durationByViewAccessed.put(viewNameId, now + maxHitsDuration);
+ Long curMaxHits = (Long) hitsByViewAccessed.get(viewNameUserLoginId);
+ if (UtilValidate.isEmpty(curMaxHits)) {
+ hitsByViewAccessed.put(viewNameUserLoginId, one);
+ Long maxHitsDuration = (Long) protectedView.get("maxHitsDuration") * 1000;
+ durationByViewAccessed.put(viewNameUserLoginId, now + maxHitsDuration);
} else {
- Long maxHits = protectedView.getLong("maxHits");
- Long maxDuration = (Long) durationByViewAccessed.get(viewNameId);
- Long newMaxHits = (Long) hitsByViewAccessed.get(viewNameId) + one;
- hitsByViewAccessed.put(viewNameId, newMaxHits);
+ Long maxDuration = (Long) durationByViewAccessed.get(viewNameUserLoginId);
+ Long newMaxHits = (Long) curMaxHits + one;
+ hitsByViewAccessed.put(viewNameUserLoginId, newMaxHits);
// Are we in a period of time where we need to check if there was too much hits ?
if (now < maxDuration) {
- // Too much hits ?
- if (newMaxHits > maxHits) { // yes : block and set tarpitReleaseDateTime
+ // Check if over the max hit count...
+ if (newMaxHits > protectedView.getLong("maxHits")) { // yes : block and set tarpitReleaseDateTime
String blockedMessage = UtilProperties.getMessage(resourceWebapp, "protectedviewevents.blocked_message", UtilHttp.getLocale(request));
returnValue = ":_protect_:" + blockedMessage;

@@ -117,15 +118,15 @@
}
}
} else {
- // The period of time is revolved, we begin a new one.
+ // The tarpit period is over, begin a new one.
// Actually it's not a discrete process but we do as it was...
- // We don't need precision here, a theft will be catch anyway !
+ // We don't need precision here, a theft will be caught anyway !
// We could also take an average of hits in the last x periods of time as initial value,
- // but it would does not make much more sense.
- // Of course for this to works well the tarpitting period must be long enough...
- hitsByViewAccessed.put(viewNameId, one);
+ // but it does not make any more sense.
+ // Of course for this to work well the tarpitting period must be long enough...
+ hitsByViewAccessed.put(viewNameUserLoginId, one);
Long maxHitsDuration = (Long) protectedView.get("maxHitsDuration") * 1000;
- durationByViewAccessed.put(viewNameId, now + maxHitsDuration);
+ durationByViewAccessed.put(viewNameUserLoginId, now + maxHitsDuration);
}
}
}