mirror of
https://github.com/google/nomulus.git
synced 2025-05-01 04:27:51 +02:00
5012893c1d
This change renames directories in preparation for the great package rename. The repository is now in a broken state because the code itself hasn't been updated. However this should ensure that git correctly preserves history for each file.
86 lines
3.1 KiB
Java
86 lines
3.1 KiB
Java
// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package com.google.domain.registry.security;
|
|
|
|
import static com.google.appengine.api.users.UserServiceFactory.getUserService;
|
|
import static com.google.common.base.Preconditions.checkNotNull;
|
|
import static com.google.common.base.Strings.nullToEmpty;
|
|
import static com.google.domain.registry.security.XsrfTokenManager.X_CSRF_TOKEN;
|
|
import static com.google.domain.registry.security.XsrfTokenManager.validateToken;
|
|
import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
|
|
|
|
import com.google.appengine.api.users.UserService;
|
|
|
|
import org.joda.time.Duration;
|
|
|
|
import java.io.IOException;
|
|
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.http.HttpServlet;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
/**
|
|
* Servlet with Cross-Site Request Forgery (XSRF) protection.
|
|
*
|
|
* <p>This servlet enforces XSRF protection on all requests by checking the value provided in the
|
|
* "X-CSRF-Token" header. It can also optionally enforce that only admin users can call it.
|
|
*
|
|
* <p>All servlets that handle client requests should use XSRF protection.
|
|
*/
|
|
public abstract class XsrfProtectedServlet extends HttpServlet {
|
|
|
|
private static final Duration XSRF_VALIDITY = Duration.standardDays(1);
|
|
|
|
/** Used to validate XSRF tokens. */
|
|
private String xsrfScope;
|
|
|
|
/** Whether to do a security check for admin status. */
|
|
private boolean requireAdmin;
|
|
|
|
/** Gets the XSRF scope for this servlet. */
|
|
public String getScope() {
|
|
return xsrfScope;
|
|
}
|
|
|
|
protected XsrfProtectedServlet(String xsrfScope, boolean requireAdmin) {
|
|
this.xsrfScope = checkNotNull(xsrfScope);
|
|
this.requireAdmin = requireAdmin;
|
|
}
|
|
|
|
@Override
|
|
public final void service(HttpServletRequest req, HttpServletResponse rsp)
|
|
throws IOException, ServletException {
|
|
if (!validateToken(nullToEmpty(req.getHeader(X_CSRF_TOKEN)), xsrfScope, XSRF_VALIDITY)) {
|
|
rsp.sendError(SC_FORBIDDEN, "Invalid " + X_CSRF_TOKEN);
|
|
return;
|
|
}
|
|
if (!validateAdmin()) {
|
|
rsp.sendError(SC_FORBIDDEN, "Administrator access only");
|
|
return;
|
|
}
|
|
doPost(req, rsp);
|
|
}
|
|
|
|
/**
|
|
* If this is an admin-only servlet, require admin permissions or being in development mode. Such
|
|
* servlets should primarily be defended by being marked internal-only in web.xml, but it's worth
|
|
* adding a defense-in-depth.
|
|
*/
|
|
private boolean validateAdmin() {
|
|
UserService userService = getUserService();
|
|
return requireAdmin ? (userService.isUserLoggedIn() && userService.isUserAdmin()) : true;
|
|
}
|
|
}
|