saif-hmk / javamelody

Automatically exported from code.google.com/p/javamelody
0 stars 0 forks source link

allow extend servlet security check #256

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I would like to change MonitoringFilter.isRequestNotAllowed to protected
to be able to override in inherited filters.

I would like to suggest change the method to return true if request is allowed
and false if request is not allowed
and change the method name to isRequestAllowed

This could prevent possible usage errors.

Btw. thanks for great project.

Regards,
Zdenek Henek

Index: javamelody-core/src/main/java/net/bull/javamelody/MonitoringFilter.java
===================================================================
--- javamelody-core/src/main/java/net/bull/javamelody/MonitoringFilter.java     
(revision 3051)
+++ javamelody-core/src/main/java/net/bull/javamelody/MonitoringFilter.java     
(working copy)
@@ -398,7 +398,12 @@
                                                                .substring(httpRequest.getContextPath().length())).matches();
        }

-       private boolean isRequestNotAllowed(HttpServletRequest httpRequest) {
+    /**
+     * Override this to be able to create custom security
+     * @param httpRequest
+     * @return
+     */
+       protected boolean isRequestNotAllowed(HttpServletRequest httpRequest) {
                return allowedAddrPattern != null
                                && !allowedAddrPattern.matcher(httpRequest.getRemoteAddr()).matches();
        }

Original issue reported on code.google.com by vrab...@gmail.com on 18 Sep 2012 at 3:21

GoogleCodeExporter commented 9 years ago
Done in revision 3061 and ready for the next release (1.41).
Thanks for the patch

Original comment by evernat@free.fr on 22 Sep 2012 at 11:12

GoogleCodeExporter commented 9 years ago
Hi,

I have recently asked to merge patch to MonitoringFilter to be able to
handle access to the monitoring stats and other functionality (thread
dump, heap dump etc. )

http://code.google.com/p/javamelody/issues/detail?id=256

Should be available in latest release.

Overload that method in your melody filter and allow access only if
user is entitled to see javamelody functionality.

Original comment by vrab...@gmail.com on 29 Oct 2012 at 3:26