aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/web/BaseServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/web/BaseServlet.java')
-rw-r--r--src/org/traccar/web/BaseServlet.java19
1 files changed, 4 insertions, 15 deletions
diff --git a/src/org/traccar/web/BaseServlet.java b/src/org/traccar/web/BaseServlet.java
index 916eb6a18..d215c62d0 100644
--- a/src/org/traccar/web/BaseServlet.java
+++ b/src/org/traccar/web/BaseServlet.java
@@ -19,9 +19,10 @@ import org.traccar.helper.Log;
import java.io.IOException;
import java.io.Writer;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
import java.security.AccessControlException;
import java.util.Collection;
-import java.util.Map;
import javax.json.Json;
import javax.json.JsonObjectBuilder;
import javax.json.JsonStructure;
@@ -32,8 +33,6 @@ import javax.servlet.http.HttpServletResponse;
import org.jboss.netty.handler.codec.http.HttpHeaders;
import org.jboss.netty.util.CharsetUtil;
import org.traccar.Context;
-import org.traccar.helper.Authorization;
-import org.traccar.model.User;
public abstract class BaseServlet extends HttpServlet {
@@ -57,7 +56,8 @@ public abstract class BaseServlet extends HttpServlet {
if (allowed == null) {
resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOW_ORIGIN_VALUE);
} else if (allowed.contains(origin)) {
- resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+ String originSafe = URLEncoder.encode(origin, StandardCharsets.UTF_8.displayName());
+ resp.setHeader(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, originSafe);
}
if (!handle(getCommand(req), req, resp)) {
@@ -66,7 +66,6 @@ public abstract class BaseServlet extends HttpServlet {
} catch (Exception error) {
if (error instanceof AccessControlException) {
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- resp.addHeader(HttpHeaders.Names.WWW_AUTHENTICATE, Authorization.WWW_AUTHENTICATE_VALUE);
} else if (error instanceof SecurityException) {
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
}
@@ -82,16 +81,6 @@ public abstract class BaseServlet extends HttpServlet {
if (userId != null) {
return (Long) userId;
}
- String authorization = req.getHeader(HttpHeaders.Names.AUTHORIZATION);
- if (authorization != null && !authorization.isEmpty()) {
- Map<String, String> authMap = Authorization.parse(authorization);
- String username = authMap.get(Authorization.USERNAME);
- String password = authMap.get(Authorization.PASSWORD);
- User user = Context.getDataManager().login(username, password);
- if (user != null) {
- return user.getId();
- }
- }
throw new AccessControlException("User not logged in");
}