diff options
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/ConfigurationOverwrite.java | 35 | ||||
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 34 |
2 files changed, 42 insertions, 27 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/ConfigurationOverwrite.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/ConfigurationOverwrite.java new file mode 100644 index 00000000..3bf20bf4 --- /dev/null +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/ConfigurationOverwrite.java @@ -0,0 +1,35 @@ +package at.gv.egiz.pdfas.web.helper; + +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.web.config.WebConfiguration; + +public class ConfigurationOverwrite { + + private static final Logger logger = LoggerFactory + .getLogger(ConfigurationOverwrite.class); + + public static void overwriteConfiguration(Map<String, String> overwrite, + Configuration config) { + if (WebConfiguration.isAllowExtOverwrite() && overwrite != null && config != null) { + Iterator<Entry<String, String>> entryIt = overwrite.entrySet() + .iterator(); + while (entryIt.hasNext()) { + Entry<String, String> entry = entryIt.next(); + if (WebConfiguration.isOverwriteAllowed(entry.getKey())) { + config.setValue(entry.getKey(), entry.getValue()); + } else { + logger.warn( + "External component tried to overwrite cfg {}. This is not in the whitelist!", + entry.getKey()); + } + } + } + } +} diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 53cf5783..52eb8468 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -36,7 +36,6 @@ import java.security.cert.CertificateException; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import javax.imageio.ImageIO; import javax.servlet.RequestDispatcher; @@ -362,16 +361,9 @@ public class PdfAsHelper { Configuration config = pdfAs.getConfiguration(); - if (WebConfiguration.isAllowExtOverwrite()) { - Map<String,String> configOverwrite = PdfAsParameterExtractor.getOverwriteMap(request); - if(configOverwrite != null) { - Iterator<Entry<String, String>> entryIt = configOverwrite.entrySet().iterator(); - while (entryIt.hasNext()) { - Entry<String, String> entry = entryIt.next(); - config.setValue(entry.getKey(), entry.getValue()); - } - } - } + + Map<String,String> configOverwrite = PdfAsParameterExtractor.getOverwriteMap(request); + ConfigurationOverwrite.overwriteConfiguration(configOverwrite, config); ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -502,6 +494,7 @@ public class PdfAsHelper { // set Signature Position signParameter.setSignaturePosition(buildPosString(request, response)); + @SuppressWarnings("unused") SignResult result = pdfAs.sign(signParameter); return baos.toByteArray(); @@ -523,15 +516,8 @@ public class PdfAsHelper { PDFASSignParameters params) throws Exception { Configuration config = pdfAs.getConfiguration(); - if (WebConfiguration.isAllowExtOverwrite()) { - if (params.getOverrides() != null) { - Iterator<Entry<String, String>> entryIt = params.getOverrides() - .getMap().entrySet().iterator(); - while (entryIt.hasNext()) { - Entry<String, String> entry = entryIt.next(); - config.setValue(entry.getKey(), entry.getValue()); - } - } + if (WebConfiguration.isAllowExtOverwrite() && params.getOverrides() != null) { + ConfigurationOverwrite.overwriteConfiguration(params.getOverrides().getMap(), config); } ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -702,13 +688,7 @@ public class PdfAsHelper { Configuration config = pdfAs.getConfiguration(); session.setAttribute(PDF_CONFIG, config); - if (WebConfiguration.isAllowExtOverwrite() && overwrite != null) { - Iterator<Entry<String, String>> entryIt = overwrite.entrySet().iterator(); - while (entryIt.hasNext()) { - Entry<String, String> entry = entryIt.next(); - config.setValue(entry.getKey(), entry.getValue()); - } - } + ConfigurationOverwrite.overwriteConfiguration(overwrite, config); ByteArrayOutputStream baos = new ByteArrayOutputStream(); session.setAttribute(PDF_OUTPUT, baos); |