diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 74961c496..01d06631d 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; + import java.io.IOException; import java.util.Enumeration; @@ -29,6 +30,7 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; + public class BaseServlet extends VelocityServlet { /** @@ -44,14 +46,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) { - } + } catch (IOException e) {} return false; } return true; @@ -64,26 +66,29 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if (pn.startsWith("__") || pn.endsWith("password") - || pn.endsWith("passwd") || pn.endsWith("pwd") - || pn.equalsIgnoreCase("admin_password_again") - || pn.equalsIgnoreCase("directoryManagerPwd") - || pn.equalsIgnoreCase("bindpassword") - || pn.equalsIgnoreCase("bindpwd") - || pn.equalsIgnoreCase("passwd") - || pn.equalsIgnoreCase("password") - || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") - || pn.equalsIgnoreCase("pwdagain") - || pn.equalsIgnoreCase("uPasswd")) { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='(sensitive)'"); + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("directoryManagerPwd") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("BaseServlet::service() param name='" + pn - + "' value='" + httpReq.getParameter(pn) + "'"); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } @@ -92,12 +97,14 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, Context context) { + HttpServletResponse response, + Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } |