diff options
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java index e1387fce..194a9a63 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ProvidePDFServlet.java @@ -8,7 +8,11 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.web.config.WebConfiguration; import at.gv.egiz.pdfas.web.helper.PdfAsHelper; /** @@ -17,6 +21,9 @@ import at.gv.egiz.pdfas.web.helper.PdfAsHelper; public class ProvidePDFServlet extends HttpServlet { private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory + .getLogger(ProvidePDFServlet.class); + /** * @see HttpServlet#HttpServlet() */ @@ -47,7 +54,12 @@ public class ProvidePDFServlet extends HttpServlet { try { String invokeURL = PdfAsHelper.getInvokeURL(request, response); - if (invokeURL == null) { + if (invokeURL == null || WebConfiguration.isProvidePdfURLinWhitelist(invokeURL)) { + + if(!WebConfiguration.isProvidePdfURLinWhitelist(invokeURL)) { + logger.warn(invokeURL + " is not allowed by whitelist"); + } + // Deliver to Browser directly! response.setContentType("text/html"); PrintWriter pw = response.getWriter(); |