From ae79fd767efa5760e1335815538018e5e83d55be Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Tue, 28 Jun 2016 10:06:41 +0200 Subject: fixes for disabling json API, keeping signed data --- .../src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 6 +++++- .../src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'pdf-as-web/src/main/java/at') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 691ab423..c9c43fa3 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -1148,6 +1148,7 @@ public class PdfAsHelper { HttpSession session = request.getSession(); Object signedData = session.getAttribute(PDF_SIGNED_DATA_CREATED); if (signedData == null) { + logger.warn("Cannot find signed data created timestamp in session."); return true; } @@ -1157,7 +1158,10 @@ public class PdfAsHelper { long validUntil = created + 300000; - return validUntil > now; + logger.warn("Signed data is expired valid until {} now {}", + validUntil, now); + + return validUntil < now; } logger.warn("PDF_SIGNED_DATA_CREATED in session is not a long type!"); return true; diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java index 67b242d0..0cee185a 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/JSONAPIServlet.java @@ -59,6 +59,7 @@ public class JSONAPIServlet extends HttpServlet { if(!WebConfiguration.isJSONAPIEnabled()) { logger.info("Access to JSON API, but JSON API is disabled. Returning 404 error."); resp.sendError(404); + return; } String jsonString = IOUtils.toString(req.getInputStream(), "UTF-8"); -- cgit v1.2.3