public static native String getDate()/*-{
return (new Date()).toUTCString();
}-*/;
- //return $wnd.sayHello(method,date,resource,token);
- public static native String calculateSig(String method, String date, String resource, String token)/*-{
- $wnd.b64pad = "=";
- var resource2 = decodeURI(resource);
- var q = resource2.indexOf('?');
- var res = q == -1? resource2: resource2.substring(0, q);
- var data = method + date + encodeURIComponent(decodeURIComponent(res));
- var sig = $wnd.b64_hmac_sha1(token, data);
- return sig;
-}-*/;
+ public static native String calculateSig(String method, String date, String resource, String token)/*-{
+ $wnd.b64pad = "=";
+ var q = resource.indexOf('?');
+ var res = q == -1? resource: resource.substring(0, q);
+ var data = method + date + res;
+ var sig = $wnd.b64_hmac_sha1(token, data);
+ return sig;
+ }-*/;
public static native String base64decode(String encStr)/*-{
if (typeof atob === 'function') {
}
req.setAttribute(USER_ATTRIBUTE, user);
+ // Remove the servlet path from the request URI.
+ String p = req.getRequestURI();
+ String servletPath = req.getContextPath() + req.getServletPath();
+ p = p.substring(servletPath.length());
// Validate the signature in the Authorization parameter.
- String data = req.getMethod() + dateParam + URLEncoder.encode(req.getPathInfo(), "UTF-8");
+ String data = req.getMethod() + dateParam + p;
if (!isSignatureValid(signature, user, data)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
request.setAttribute(USER_ATTRIBUTE, user);
+ // Remove the servlet path from the request URI.
+ String p = request.getRequestURI();
+ String servletPath = request.getContextPath() + request.getServletPath();
+ p = p.substring(servletPath.length());
// Validate the signature in the Authorization parameter.
- String data = request.getMethod() + dateParam + URLEncoder.encode(request.getPathInfo(), "UTF-8");
+ String data = request.getMethod() + dateParam + p;
if (!isSignatureValid(signature, user, data)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.HashMap;
String dateHeader = useGssDateHeader? request.getHeader(GSS_DATE_HEADER):
request.getHeader(DATE_HEADER);
String data;
- try {
- data = request.getMethod() + dateHeader + URLEncoder.encode(request.getPathInfo(), "UTF-8");
- } catch (UnsupportedEncodingException e) {
- throw new RuntimeException(e);
- }
+ // Remove the servlet path from the request URI.
+ String p = request.getRequestURI();
+ String servletPath = request.getContextPath() + request.getServletPath();
+ p = p.substring(servletPath.length());
+ data = request.getMethod() + dateHeader + p;
return isSignatureValid(signature, user, data);
}
// Use strict RFC compliance\r
b64pad = "=";\r
\r
- var resource = decodeURI(document.getElementById("resource").value);\r
+ var resource = document.getElementById("resource").value;\r
var user = document.getElementById("user").value;\r
var token = document.getElementById("token").value;\r
var method = document.getElementById("method").value;\r
var now = (new Date()).toUTCString();\r
var q = resource.indexOf('?');\r
var res = q == -1? resource: resource.substring(0, q);\r
- var data = method + now + encodeURIComponent(decodeURIComponent(res));\r
+ var data = method + now + res;\r
var sig = b64_hmac_sha1(atob(token), data);\r
if (form)\r
params = form;\r
var formdate = document.getElementById('formdate');\r
var formauth = document.getElementById('formauth');\r
res = resource+formfile.value;\r
- data = 'POST' + now + encodeURIComponent(decodeURIComponent(res));\r
+ data = 'POST' + now + encodeURI(decodeURI(res));\r
sig = b64_hmac_sha1(atob(token), data);\r
formauth.value = user + " " + sig;\r
formdate.value = now;\r