Examples with ClientEndpoint - org.ambraproject.wombat.util.ClientEndpoint

Example 1 with ClientEndpoint

use of org.ambraproject.wombat.util.ClientEndpoint in project wombat by PLOS.

the class SpringSecurityConfiguration method validateHostname.

private void validateHostname(HttpServletRequest request) {
    ClientEndpoint clientEndpoint = ClientEndpoint.get(request);
    Set<String> hostNames = siteSet.getSites().stream().map((Site site) -> site.getRequestScheme().getHostName()).filter(Optional::isPresent).map(Optional::get).collect(Collectors.toSet());
    if (!hostNames.isEmpty() && !hostNames.contains(clientEndpoint.getHostname())) {
        throw new AccessDeniedException(String.format("Attempt to validate against foreign hostname %s. " + "Possible hijack attempt.", clientEndpoint.getHostname()));
    }
}

Also used : Site(org.ambraproject.wombat.config.site.Site) AccessDeniedException(org.springframework.security.access.AccessDeniedException) Optional(java.util.Optional) ClientEndpoint(org.ambraproject.wombat.util.ClientEndpoint)

Example 2 with ClientEndpoint

use of org.ambraproject.wombat.util.ClientEndpoint in project wombat by PLOS.

the class Link method appendPrefix.

private void appendPrefix(StringBuilder sb, HttpServletRequest request) {
    String protocol = new String("http");
    String header = request.getHeader("X-Forwarded-Proto");
    if (header != null && header.equals("https")) {
        protocol = new String("https");
    }
    sb.append(protocol).append("://");
    ClientEndpoint clientEndpoint = ClientEndpoint.get(request);
    Optional<String> targetHostname = site.flatMap(s -> s.getRequestScheme().getHostName());
    sb.append(targetHostname.orElse(clientEndpoint.getHostname()));
    clientEndpoint.getPort().ifPresent(serverPort -> {
        sb.append(':').append(serverPort);
    });
}

Also used : ClientEndpoint(org.ambraproject.wombat.util.ClientEndpoint)

Aggregations

ClientEndpoint (org.ambraproject.wombat.util.ClientEndpoint)2 Optional (java.util.Optional)1 Site (org.ambraproject.wombat.config.site.Site)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1