Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7fc43a1

Browse files
author
zhourenjian
committed
Fixed bug that pipe closed by server side will be kept as alive on client-side (browser)
Add request information for SimpleRPC/PipeAdd hash detecting for Simple Pipe to avoid duplicate HTTP request attack
1 parent62df4f8 commit7fc43a1

File tree

7 files changed

+168
-3
lines changed

7 files changed

+168
-3
lines changed

‎sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/CompoundPipeSession.java‎

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public void pipeCreated() {
4040
updateStatus(true);
4141
}
4242
}
43-
43+
4444
@Override
4545
publicbooleanpipeDestroy() {
4646
if (destroyed) {
@@ -155,6 +155,9 @@ public boolean deal(PipeSessionClosedEvent evt) {
155155
pipe.pipeDestroy();
156156
SimplePipeHelper.removePipe(pipeKey);
157157
}
158+
159+
this.pipeClosed();
160+
158161
returntrue;
159162
}
160163

‎sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/SimplePipeHelper.java‎

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ public static void registerPipe(String key, SimplePipeRunnable pipe) {
7373
* Server side
7474
*/
7575
@J2SIgnore
76-
staticStringregisterPipe(SimplePipeRunnablepipe) {
76+
synchronizedstaticStringregisterPipe(SimplePipeRunnablepipe) {
7777
if (pipe.pipeKey !=null) {
7878
System.out.println("ERROR!!! pipeKey should be null here! " +pipe.pipeKey);
7979
}
@@ -82,7 +82,6 @@ static String registerPipe(SimplePipeRunnable pipe) {
8282
pipes =Collections.synchronizedMap(newHashMap<String,SimplePipeRunnable>(50));
8383
}
8484

85-
// TODO: Synchronize pipe key
8685
Stringkey =nextPipeKey();
8786
while (pipes.get(key) !=null) {
8887
key =nextPipeKey();;
@@ -153,6 +152,20 @@ public static SimplePipeRunnable getPipe(String key) {
153152
if (pipes ==null ||key ==null)returnnull;
154153
returnpipes.get(key);
155154
}
155+
156+
// Use this method to avoid HTTP repeat attacks
157+
@J2SIgnore
158+
publicstaticbooleanisPipeHashOK(Stringkey,longhash) {
159+
SimplePipeRunnablep =getPipe(key);
160+
if (p ==null) {
161+
returnfalse;
162+
}
163+
if (p.lastHash >=hash) {
164+
returnfalse;
165+
}
166+
p.lastHash =hash;
167+
returntrue;
168+
}
156169

157170
@J2SIgnore
158171
publicstaticList<SimpleSerializable>getPipeDataList(Stringkey) {

‎sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/SimplePipeRunnable.java‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,9 @@ public abstract class SimplePipeRunnable extends SimpleRPCRunnable {
4949
@J2SIgnore
5050
longlastLiveDetected;
5151

52+
@J2SIgnore
53+
longlastHash;
54+
5255
@J2SIgnore
5356
publicvoidsetPipeHelper(SimplePipeHelper.IPipeThroughhelper) {
5457
pipeManaged =true;
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
packagenet.sf.j2s.ajax;
13+
14+
15+
/**
16+
* Providing geo location information for given Simple RPC or Simple Pipe.
17+
* For server side only.
18+
*
19+
* @author zhou renjian
20+
*
21+
* 2010-04-18
22+
*/
23+
publicinterfaceISimpleGeoLocation {
24+
25+
publicdoublegetLatitude();
26+
27+
publicdoublegetLongtitude();
28+
29+
publicdoublegetAltitude();
30+
31+
publicStringgetLocation();
32+
33+
publicStringgetCity();
34+
35+
publicStringgetCountryOrRegion();
36+
37+
}
Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
packagenet.sf.j2s.ajax;
13+
14+
15+
/**
16+
* Providing geo location information for given Simple RPC or Simple Pipe.
17+
* For server side only.
18+
*
19+
* @author zhou renjian
20+
*
21+
* 2010-04-18
22+
*/
23+
publicinterfaceISimpleGeoLocationBinding {
24+
25+
publicvoidsetLatitude(doublelatitude);
26+
27+
publicvoidsetLongtitude(doublelongtitude);
28+
29+
publicvoidsetAltitude(doublealtitude);
30+
31+
publicvoidsetLocation(Stringlocation);
32+
33+
publicvoidsetCity(Stringcity);
34+
35+
publicvoidsetCountryOrRegion(Stringregion);
36+
37+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
packagenet.sf.j2s.ajax;
13+
14+
/**
15+
* Providing request information for given Simple RPC or Simple Pipe.
16+
* For server side only.
17+
*
18+
* @author zhou renjian
19+
*
20+
* 2010-04-18
21+
*/
22+
publicinterfaceISimpleRequestInfo {
23+
24+
publicStringgetRemoteUserAgent();
25+
26+
publicStringgetReferer();
27+
28+
publicStringgetRequestURL();
29+
30+
publicStringgetRequestHost();
31+
32+
publicStringgetRemoteIP();
33+
34+
publicString[]getLanguages();
35+
36+
}
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
packagenet.sf.j2s.ajax;
13+
14+
/**
15+
* Providing request information for given Simple RPC or Simple Pipe.
16+
* For server side only.
17+
*
18+
* @author zhou renjian
19+
*
20+
* 2010-04-18
21+
*/
22+
publicinterfaceISimpleRequestInfoBinding {
23+
24+
publicvoidsetRemoteUserAgent(StringuserAgent);
25+
26+
publicvoidsetReferer(Stringreferer);
27+
28+
publicvoidsetRequestURL(Stringurl);
29+
30+
publicvoidsetRequestHost(Stringhost);
31+
32+
publicvoidsetRemoteIP(Stringip);
33+
34+
publicvoidsetLanguages(String[]language);
35+
36+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp