Navigation

← Previous Changeset
Next Changeset →

Changeset 5367

Timestamp:

08/26/08 21:41:04 (3 months ago)

Author:

bwolfe

Message:

Hiding error stack traces from non-authenticated users

Files:

openmrs/trunk/src/web/org/openmrs/web/OpenmrsFilter.java (modified) (1 diff)
openmrs/trunk/web/WEB-INF/view/uncaughtException.jsp (modified) (3 diffs)
openmrs/trunk/web/errorhandler.jsp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

openmrs/trunk/src/web/org/openmrs/web/OpenmrsFilter.java

r5173	r5367
90	90
91	91	// User context is created if it doesn't already exist and added to the session
	92	// note: this usercontext storage logic is copied to webinf/view/uncaughtexception.jsp to
	93	// prevent stack traces being shown to non-authenticated users
92	94	userContext = (UserContext) httpSession.getAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR);
93	95

openmrs/trunk/web/WEB-INF/view/uncaughtException.jsp

r4095	r5367
2	2	<%@ page import="org.openmrs.web.WebUtil" %>
3	3	<%@ page import="org.openmrs.web.WebConstants" %>
	4	<%@ page import="org.openmrs.api.context.UserContext" %>
4	5	<%@ page import="org.openmrs.util.OpenmrsConstants" %>
5	6	<%@ page import="org.openmrs.api.APIAuthenticationException" %>
…	…
10	11	<br />
11	12
12		<h2>An Internal Error has Occured</h2>
	13	<h2>An Internal Error has Occurred</h2>
13	14
14	15	<script>
…	…
54	55	<div id="stackTrace">
55	56	<%
56		if (exception != null) {
57		if (exception instanceof APIAuthenticationException) {
58		// If they are not authorized to use a function
59		session.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, exception.getMessage());
60		session.setAttribute(WebConstants.OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, request.getAttribute("javax.servlet.error.request_uri"));
61		response.sendRedirect(request.getContextPath() + "/login.htm");
62		}
63		else {
64		java.lang.StackTraceElement[] elements;
65
66		if (exception instanceof ServletException) {
67		// It's a ServletException: we should extract the root cause
68		ServletException sEx = (ServletException) exception;
69		Throwable rootCause = sEx.getRootCause();
70		if (rootCause == null)
71		rootCause = sEx;
72		out.println("<br/><br/>** Root cause is: "+ rootCause.getMessage());
73		elements = rootCause.getStackTrace();
	57	// check to see if the current user is authenticated
	58	// this logic copied from the OpenmrsFilter because this
	59	// page isn't passed through that filter like all other pages
	60	UserContext userContext = (UserContext) session.getAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR);
	61	if (userContext == null \|\| userContext.getAuthenticatedUser() == null) {
	62	out.println("You must be logged in to view the stack trace");
	63	}
	64	else {
	65	if (exception != null) {
	66	if (exception instanceof APIAuthenticationException) {
	67	// If they are not authorized to use a function
	68	session.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, exception.getMessage());
	69	session.setAttribute(WebConstants.OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, request.getAttribute("javax.servlet.error.request_uri"));
	70	response.sendRedirect(request.getContextPath() + "/login.htm");
74	71	}
75	72	else {
76		// It's not a ServletException, so we'll just show it
77		elements = exception.getStackTrace();
	73	java.lang.StackTraceElement[] elements;
	74
	75	if (exception instanceof ServletException) {
	76	// It's a ServletException: we should extract the root cause
	77	ServletException sEx = (ServletException) exception;
	78	Throwable rootCause = sEx.getRootCause();
	79	if (rootCause == null)
	80	rootCause = sEx;
	81	out.println("<br/><br/>** Root cause is: "+ rootCause.getMessage());
	82	elements = rootCause.getStackTrace();
	83	}
	84	else {
	85	// It's not a ServletException, so we'll just show it
	86	elements = exception.getStackTrace();
	87	}
	88	for (StackTraceElement element : elements) {
	89	if (element.getClassName().contains("openmrs"))
	90	out.println("<b>" + element + "</b><br/>");
	91	else
	92	out.println(element + "<br/>");
	93	}
78	94	}
79		for (StackTraceElement element : elements) {
80		if (element.getClassName().contains("openmrs"))
81		out.println("<b>" + element + "</b><br/>");
82		else
83		out.println(element + "<br/>");
84		}
	95	}
	96	else {
	97	out.println("<br>No error information available");
85	98	}
86		}
87		else {
88		out.println("<br>No error information available");
89		}
	99	}
90	100
91	101	// Display current version

openmrs/trunk/web/errorhandler.jsp

r4095	r5367
12	12
13	13	<%
14		out.println("<!--");
15		StringWriter sw = new StringWriter();
16		PrintWriter pw = new PrintWriter(sw);
17		exception.printStackTrace(pw);
18		out.print(sw);
19		sw.close();
20		pw.close();
21		out.println("-->");
	14	if (org.openmrs.api.context.Context.isAuthenticated() == false) {
	15	out.println("<!-- There is no stack trace here because you are not authenticated -->");
	16	}
	17	else {
	18	out.println("<!--");
	19	StringWriter sw = new StringWriter();
	20	PrintWriter pw = new PrintWriter(sw);
	21	exception.printStackTrace(pw);
	22	out.print(sw);
	23	sw.close();
	24	pw.close();
	25	out.println("-->");
	26	}
22	27	%>

OpenMRS

Navigation

Changeset 5367

Legend:

openmrs/trunk/src/web/org/openmrs/web/OpenmrsFilter.java

openmrs/trunk/web/WEB-INF/view/uncaughtException.jsp

openmrs/trunk/web/errorhandler.jsp

Download in other formats: