Skip to content

Commit 7fc43a1

Browse files
author
zhourenjian
committed
Fixed bug that pipe closed by server side will be kept as alive on client-side (browser)
Add request information for SimpleRPC/Pipe Add hash detecting for Simple Pipe to avoid duplicate HTTP request attack
1 parent 62df4f8 commit 7fc43a1

File tree

7 files changed

+168
-3
lines changed

7 files changed

+168
-3
lines changed

sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/CompoundPipeSession.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public void pipeCreated() {
4040
updateStatus(true);
4141
}
4242
}
43-
43+
4444
@Override
4545
public boolean pipeDestroy() {
4646
if (destroyed) {
@@ -155,6 +155,9 @@ public boolean deal(PipeSessionClosedEvent evt) {
155155
pipe.pipeDestroy();
156156
SimplePipeHelper.removePipe(pipeKey);
157157
}
158+
159+
this.pipeClosed();
160+
158161
return true;
159162
}
160163

sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/SimplePipeHelper.java

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ public static void registerPipe(String key, SimplePipeRunnable pipe) {
7373
* Server side
7474
*/
7575
@J2SIgnore
76-
static String registerPipe(SimplePipeRunnable pipe) {
76+
synchronized static String registerPipe(SimplePipeRunnable pipe) {
7777
if (pipe.pipeKey != null) {
7878
System.out.println("ERROR!!! pipeKey should be null here! " + pipe.pipeKey);
7979
}
@@ -82,7 +82,6 @@ static String registerPipe(SimplePipeRunnable pipe) {
8282
pipes = Collections.synchronizedMap(new HashMap<String, SimplePipeRunnable>(50));
8383
}
8484

85-
// TODO: Synchronize pipe key
8685
String key = nextPipeKey();
8786
while (pipes.get(key) != null) {
8887
key = nextPipeKey();;
@@ -153,6 +152,20 @@ public static SimplePipeRunnable getPipe(String key) {
153152
if (pipes == null || key == null) return null;
154153
return pipes.get(key);
155154
}
155+
156+
// Use this method to avoid HTTP repeat attacks
157+
@J2SIgnore
158+
public static boolean isPipeHashOK(String key, long hash) {
159+
SimplePipeRunnable p = getPipe(key);
160+
if (p == null) {
161+
return false;
162+
}
163+
if (p.lastHash >= hash) {
164+
return false;
165+
}
166+
p.lastHash = hash;
167+
return true;
168+
}
156169

157170
@J2SIgnore
158171
public static List<SimpleSerializable> getPipeDataList(String key) {

sources/net.sf.j2s.ajax/ajaxpipe/net/sf/j2s/ajax/SimplePipeRunnable.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,9 @@ public abstract class SimplePipeRunnable extends SimpleRPCRunnable {
4949
@J2SIgnore
5050
long lastLiveDetected;
5151

52+
@J2SIgnore
53+
long lastHash;
54+
5255
@J2SIgnore
5356
public void setPipeHelper(SimplePipeHelper.IPipeThrough helper) {
5457
pipeManaged = true;

sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/ISimpleGeoLocation.java

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
package net.sf.j2s.ajax;
13+
14+
15+
/**
16+
* Providing geo location information for given Simple RPC or Simple Pipe.
17+
* For server side only.
18+
*
19+
* @author zhou renjian
20+
*
21+
* 2010-04-18
22+
*/
23+
public interface ISimpleGeoLocation {
24+
25+
public double getLatitude();
26+
27+
public double getLongtitude();
28+
29+
public double getAltitude();
30+
31+
public String getLocation();
32+
33+
public String getCity();
34+
35+
public String getCountryOrRegion();
36+
37+
}

sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/ISimpleGeoLocationBinding.java

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
package net.sf.j2s.ajax;
13+
14+
15+
/**
16+
* Providing geo location information for given Simple RPC or Simple Pipe.
17+
* For server side only.
18+
*
19+
* @author zhou renjian
20+
*
21+
* 2010-04-18
22+
*/
23+
public interface ISimpleGeoLocationBinding {
24+
25+
public void setLatitude(double latitude);
26+
27+
public void setLongtitude(double longtitude);
28+
29+
public void setAltitude(double altitude);
30+
31+
public void setLocation(String location);
32+
33+
public void setCity(String city);
34+
35+
public void setCountryOrRegion(String region);
36+
37+
}

sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/ISimpleRequestInfo.java

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
package net.sf.j2s.ajax;
13+
14+
/**
15+
* Providing request information for given Simple RPC or Simple Pipe.
16+
* For server side only.
17+
*
18+
* @author zhou renjian
19+
*
20+
* 2010-04-18
21+
*/
22+
public interface ISimpleRequestInfo {
23+
24+
public String getRemoteUserAgent();
25+
26+
public String getReferer();
27+
28+
public String getRequestURL();
29+
30+
public String getRequestHost();
31+
32+
public String getRemoteIP();
33+
34+
public String[] getLanguages();
35+
36+
}

sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/ISimpleRequestInfoBinding.java

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
/*******************************************************************************
2+
* Copyright (c) 2010 java2script.org and others.
3+
* All rights reserved. This program and the accompanying materials
4+
* are made available under the terms of the Eclipse Public License v1.0
5+
* which accompanies this distribution, and is available at
6+
* http://www.eclipse.org/legal/epl-v10.html
7+
*
8+
* Contributors:
9+
* Zhou Renjian - initial API and implementation
10+
*******************************************************************************/
11+
12+
package net.sf.j2s.ajax;
13+
14+
/**
15+
* Providing request information for given Simple RPC or Simple Pipe.
16+
* For server side only.
17+
*
18+
* @author zhou renjian
19+
*
20+
* 2010-04-18
21+
*/
22+
public interface ISimpleRequestInfoBinding {
23+
24+
public void setRemoteUserAgent(String userAgent);
25+
26+
public void setReferer(String referer);
27+
28+
public void setRequestURL(String url);
29+
30+
public void setRequestHost(String host);
31+
32+
public void setRemoteIP(String ip);
33+
34+
public void setLanguages(String[] language);
35+
36+
}

0 commit comments

Comments
 (0)