Issue #328 - Add "/remote_api" check, similar to "/logout"

* The /remote_api will be checked by the Google infrastructure and only registered developers can use it
akvo · Aug 1, 2013 · 6d6bec5 · 6d6bec5
1 parent 7561fee
commit 6d6bec5
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/GAE/src/org/waterforpeople/mapping/app/web/rest/security/GaeAuthenticationFilter.java b/GAE/src/org/waterforpeople/mapping/app/web/rest/security/GaeAuthenticationFilter.java
@@ -63,11 +63,18 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                     SecurityContextHolder.getContext().setAuthentication(authentication);
                     String logoutUrl = UserServiceFactory.getUserService().createLogoutURL("");
 
-                    if (authentication.getAuthorities().contains(AppRole.NEW_USER) && !logoutUrl.startsWith(httpRequest.getRequestURI())) {
-                    	logger.log(Level.INFO, "New user authenticated. Redirecting to registration page");
-                        ((HttpServletResponse) response).sendRedirect(REGISTRATION_URL);
-                        return;
-                    }
+					if (authentication.getAuthorities().contains(
+							AppRole.NEW_USER)
+							&& !logoutUrl.startsWith(httpRequest
+									.getRequestURI())
+							&& !httpRequest.getRequestURI().startsWith(
+									"/remote_api")) {
+						logger.log(Level.INFO,
+								"New user authenticated. Redirecting to registration page");
+						((HttpServletResponse) response)
+								.sendRedirect(REGISTRATION_URL);
+						return;
+					}
 
                 } catch (AuthenticationException e) {
                 	logger.log(Level.SEVERE, e.getMessage(), e);