URL Whitelist + Basic Design

author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2014-01-28 16:05:21 +0100
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2014-01-28 16:05:21 +0100
commit: d0c59a890be350ff1c39901e7fa94bf68c048065 (patch)
tree: 10aef75582d15acf1c4f67d2a702e55c1b7d74fb /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
parent: 7623d9b081af23191f307e1f06df7ce5508bf925 (diff)
download: pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.gz
pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.bz2
pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.zip
1 files changed, 18 insertions, 8 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
index 9532e074..cb404b66 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
@@ -5,6 +5,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import at.gv.egiz.pdfas.common.utils.StreamUtils;
+import at.gv.egiz.pdfas.web.config.WebConfiguration;
 import at.gv.egiz.pdfas.web.exception.PdfAsWebException;
 
 public class RemotePDFFetcher {
@@ -16,16 +17,25 @@ public class RemotePDFFetcher {
 		} catch (MalformedURLException e) {
 			throw new PdfAsWebException("Not a valid URL!", e);
 		}
-		if(url.getProtocol().equals("http") || url.getProtocol().equals("https")) {
-			
-			try {
-				InputStream is = url.openStream();
-				return StreamUtils.inputStreamToByteArray(is);
-			} catch (Exception e) {
-				throw new PdfAsWebException("Failed to fetch pdf document!", e);
+		if (WebConfiguration.isProvidePdfURLinWhitelist(url.toExternalForm())) {
+			if (url.getProtocol().equals("http")
+					|| url.getProtocol().equals("https")) {
+
+				try {
+					InputStream is = url.openStream();
+					return StreamUtils.inputStreamToByteArray(is);
+				} catch (Exception e) {
+					throw new PdfAsWebException(
+							"Failed to fetch pdf document!", e);
+				}
+			} else {
+				throw new PdfAsWebException(
+						"Failed to fetch pdf document protocol "
+								+ url.getProtocol() + " is not supported");
 			}
 		} else {
-			throw new PdfAsWebException("Failed to fetch pdf document protocol " + url.getProtocol() + " is not supported");
+			throw new PdfAsWebException(
+					"Failed to fetch pdf document " + url.toExternalForm() + " is not allowed");
 		}
 	}
 }
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2014-01-28 16:05:21 +0100
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2014-01-28 16:05:21 +0100
commit	d0c59a890be350ff1c39901e7fa94bf68c048065 (patch)
tree	10aef75582d15acf1c4f67d2a702e55c1b7d74fb /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/RemotePDFFetcher.java
parent	7623d9b081af23191f307e1f06df7ce5508bf925 (diff)
download	pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.gz pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.tar.bz2 pdf-as-4-d0c59a890be350ff1c39901e7fa94bf68c048065.zip