Api endpoint blocking now blocks url segments, i.e. can't block 's*',…

… only 's/*' (Issue #976).
IQSS · Mar 24, 2015 · 274e66f · 274e66f
1 parent 49a07a0
commit 274e66f
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/ApiBlockingFilter.java b/src/main/java/edu/harvard/iq/dataverse/api/ApiBlockingFilter.java
@@ -124,6 +124,7 @@ private void updateBlockedPoints() {
         for ( String endpoint : endpointList.split(",") ) {
             String endpointPrefix = canonize(endpoint);
             if ( ! endpointPrefix.isEmpty() ) {
+                endpointPrefix = endpointPrefix + "/"; 
                 logger.log(Level.INFO, "Blocking API endpoint: {0}", endpointPrefix);
                 blockedApiEndpoints.add(endpointPrefix);
             }
@@ -140,14 +141,16 @@ public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) thr
 
         HttpServletRequest hsr = (HttpServletRequest) sr;
         String apiEndpoint = canonize(hsr.getRequestURI().substring(hsr.getServletPath().length()));
-
+        logger.info("@@@@@ considering " + apiEndpoint);
         for ( String prefix : blockedApiEndpoints ) {
             if ( apiEndpoint.startsWith(prefix) ) {
                 getBlockPolicy().doBlock(sr, sr1, fc);
+                logger.info("@@@@@ blocking " + apiEndpoint);
                 return;
             }
         }
 
+        logger.info("@@@@@ allowing " + apiEndpoint);
         fc.doFilter(sr, sr1);
     }