Author: tmorgner Date: 2010-11-23 10:28:10 -0600 (Tue, 23 Nov 2010) New Revision: 13012 Modified: libraries/libpensol/trunk/source/org/pentaho/reporting/libraries/pensol/vfs/WebSolutionFileProvider.java tools/report-designer/trunk/report-designer-extension-pentaho/source/org/pentaho/reporting/designer/extensions/pentaho/repository/util/PublishUtil.java Log: PRD-3097: Must not put passwords into the URL. Lets hide them better by using the provided "FileSystemOptions" instead. Modified: libraries/libpensol/trunk/source/org/pentaho/reporting/libraries/pensol/vfs/WebSolutionFileProvider.java =================================================================== --- libraries/libpensol/trunk/source/org/pentaho/reporting/libraries/pensol/vfs/WebSolutionFileProvider.java 2010-11-22 16:47:08 UTC (rev 13011) +++ libraries/libpensol/trunk/source/org/pentaho/reporting/libraries/pensol/vfs/WebSolutionFileProvider.java 2010-11-23 16:28:10 UTC (rev 13012) @@ -77,6 +77,8 @@ UserAuthenticatorUtils.toString(UserAuthenticatorUtils.getData (authData, UserAuthenticationData.PASSWORD, UserAuthenticatorUtils.toChar(outerName.getPassword()))), fileSystemOptions); + + httpClient.getParams().setAuthenticationPreemptive(true); httpClient.getParams().setSoTimeout(getConnectionTimeout()); return new WebSolutionFileSystem(rootName, fileSystemOptions, Modified: tools/report-designer/trunk/report-designer-extension-pentaho/source/org/pentaho/reporting/designer/extensions/pentaho/repository/util/PublishUtil.java =================================================================== --- tools/report-designer/trunk/report-designer-extension-pentaho/source/org/pentaho/reporting/designer/extensions/pentaho/repository/util/PublishUtil.java 2010-11-22 16:47:08 UTC (rev 13011) +++ tools/report-designer/trunk/report-designer-extension-pentaho/source/org/pentaho/reporting/designer/extensions/pentaho/repository/util/PublishUtil.java 2010-11-23 16:28:10 UTC (rev 13012) @@ -18,7 +18,9 @@ import org.apache.commons.vfs.FileObject; import org.apache.commons.vfs.FileSystemException; import org.apache.commons.vfs.FileSystemManager; -import org.apache.commons.vfs.provider.UriParser; +import org.apache.commons.vfs.FileSystemOptions; +import org.apache.commons.vfs.auth.StaticUserAuthenticator; +import org.apache.commons.vfs.impl.DefaultFileSystemConfigBuilder; import org.pentaho.core.util.PublisherUtil; import org.pentaho.reporting.designer.core.ReportDesignerBoot; import org.pentaho.reporting.designer.core.ReportDesignerContext; @@ -224,20 +226,12 @@ { encodedPublishKey = PublisherUtil.getPasswordKey(publishPassword); } - - String publishURL = loginData.getBaseUrl() + MessageFormat.format(publishPattern, + + final String publishURL = loginData.getBaseUrl() + MessageFormat.format(publishPattern, URLEncoder.encode(encodedPublishKey, "UTF-8"), URLEncoder.encode(path, "UTF-8"), "true");// NON-NLS - if (StringUtils.isEmpty(loginData.getUsername()) == false) - { - publishURL += "&user=" + URLEncoder.encode(loginData.getUsername(), "UTF-8"); - if (StringUtils.isEmpty(loginData.getUsername()) == false) - { - publishURL += "&password=" + URLEncoder.encode(loginData.getPassword(), "UTF-8"); - } - } - + final String reportNameEncoded = (URLEncoder.encode(fileName, "UTF-8")); final ByteArrayPartSource source = new ByteArrayPartSource(reportNameEncoded, data); final FilePart filePart = new FilePart @@ -315,13 +309,16 @@ throw new NullPointerException(); } WebSolutionFileProvider.setConnectionTimeout(loginData.getTimeout() * 1000); - final String normalizedUrl = normalizeURL - (loginData.getBaseUrl(), loginData.getUsername(), loginData.getPassword()); - return fileSystemManager.resolveFile(normalizedUrl); + final String normalizedUrl = normalizeURL(loginData.getBaseUrl()); + final FileSystemOptions fileSystemOptions = new FileSystemOptions(); + final DefaultFileSystemConfigBuilder configBuilder = new DefaultFileSystemConfigBuilder(); + configBuilder.setUserAuthenticator(fileSystemOptions, new StaticUserAuthenticator(normalizedUrl, + loginData.getUsername(), loginData.getPassword())); + return fileSystemManager.resolveFile(normalizedUrl, fileSystemOptions); } - public static String normalizeURL(final String baseURL, final String user, final String password) + public static String normalizeURL(final String baseURL) { if (baseURL == null) { @@ -345,35 +342,6 @@ { throw new IllegalArgumentException("Not a expected URL"); } - - if (StringUtils.isEmpty(user) == false) - { - final char[] reserved = new char[]{'/', ':', '%', '@'}; - prefix.append(UriParser.encode(user, reserved)); - if (StringUtils.isEmpty(password) == false) - { - prefix.append(':'); - prefix.append(UriParser.encode(password, reserved)); - } - prefix.append('@'); - } - - final int maxlen = url2.length(); - for (int pos = 0; pos < maxlen; pos++) - { - final char ch = url2.charAt(pos); - if (ch == '@') - { - // Found the end of the user info - return prefix.append(url2.substring(0, pos + 1)).toString(); - } - if (ch == '/' || ch == '?') - { - // Not allowed in user info - break; - } - } return prefix.append(url2).toString(); - } } |