diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java | 49 |
1 files changed, 21 insertions, 28 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 01d06631..74961c49 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.csadmin; - import java.io.IOException; import java.util.Enumeration; @@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet; import com.netscape.certsrv.apps.CMS; - public class BaseServlet extends VelocityServlet { /** @@ -46,14 +44,14 @@ public class BaseServlet extends VelocityServlet { } public boolean authenticate(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { String pin = (String) request.getSession().getAttribute("pin"); if (pin == null) { try { response.sendRedirect("login"); - } catch (IOException e) {} + } catch (IOException e) { + } return false; } return true; @@ -66,29 +64,26 @@ public class BaseServlet extends VelocityServlet { while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); // added this facility so that password can be hidden, - // all sensitive parameters should be prefixed with + // all sensitive parameters should be prefixed with // __ (double underscores); however, in the event that // a security parameter slips through, we perform multiple // additional checks to insure that it is NOT displayed - if( pn.startsWith("__") || - pn.endsWith("password") || - pn.endsWith("passwd") || - pn.endsWith("pwd") || - pn.equalsIgnoreCase("admin_password_again") || - pn.equalsIgnoreCase("directoryManagerPwd") || - pn.equalsIgnoreCase("bindpassword") || - pn.equalsIgnoreCase("bindpwd") || - pn.equalsIgnoreCase("passwd") || - pn.equalsIgnoreCase("password") || - pn.equalsIgnoreCase("pin") || - pn.equalsIgnoreCase("pwd") || - pn.equalsIgnoreCase("pwdagain") || - pn.equalsIgnoreCase("uPasswd") ) { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='(sensitive)'" ); + if (pn.startsWith("__") || pn.endsWith("password") + || pn.endsWith("passwd") || pn.endsWith("pwd") + || pn.equalsIgnoreCase("admin_password_again") + || pn.equalsIgnoreCase("directoryManagerPwd") + || pn.equalsIgnoreCase("bindpassword") + || pn.equalsIgnoreCase("bindpwd") + || pn.equalsIgnoreCase("passwd") + || pn.equalsIgnoreCase("password") + || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd") + || pn.equalsIgnoreCase("pwdagain") + || pn.equalsIgnoreCase("uPasswd")) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'"); } else { - CMS.debug("BaseServlet::service() param name='" + pn + - "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'"); } } } @@ -97,14 +92,12 @@ public class BaseServlet extends VelocityServlet { * Processes request. */ public Template process(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { return null; } public Template handleRequest(HttpServletRequest request, - HttpServletResponse response, - Context context) { + HttpServletResponse response, Context context) { if (CMS.debugOn()) { outputHttpParameters(request); } |