diff options
author | Mahdi Ben Alaya | 2016-05-04 09:04:34 +0000 |
---|---|---|
committer | Mahdi Ben Alaya | 2016-05-04 09:04:34 +0000 |
commit | 3975410e2ee511c01cf162d6f79947b8edf40eb9 (patch) | |
tree | c4c2770dba45410fa2e73e39c4e503981b9a9f64 | |
parent | a221032761a99cf14a3b76ad7217004a4c4fa886 (diff) | |
download | org.eclipse.om2m-3975410e2ee511c01cf162d6f79947b8edf40eb9.tar.gz org.eclipse.om2m-3975410e2ee511c01cf162d6f79947b8edf40eb9.tar.xz org.eclipse.om2m-3975410e2ee511c01cf162d6f79947b8edf40eb9.zip |
Fix Bug 492961 Implement Access Control check for Notify requests
Signed-off-by: Mahdi Ben Alaya <benalaya@sensinov.com>
-rw-r--r-- | org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/controller/Controller.java | 2 | ||||
-rw-r--r-- | org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/redirector/Redirector.java | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/controller/Controller.java b/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/controller/Controller.java index d63f62da..3fc3e2c6 100644 --- a/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/controller/Controller.java +++ b/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/controller/Controller.java @@ -187,6 +187,8 @@ public abstract class Controller { operationAllowed = true; } else if (operation.equals(Operation.DISCOVERY) && rule.isDiscovery()){ operationAllowed = true; + }else if(operation.equals(Operation.NOTIFY) && rule.isNotify()){ + operationAllowed = true; } } if (originatorFound && operationAllowed){ diff --git a/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/redirector/Redirector.java b/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/redirector/Redirector.java index 74324aaf..ee9601d3 100644 --- a/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/redirector/Redirector.java +++ b/org.eclipse.om2m.core/src/main/java/org/eclipse/om2m/core/redirector/Redirector.java @@ -149,6 +149,9 @@ public class Redirector { dbt.close();
throw new ResourceNotFoundException("AE resource " + request.getTargetId() + " not found.");
}
+
+ new AEController().checkACP(ae.getAccessControlPolicies(), request.getFrom(), Operation.NOTIFY);
+
// Get point of access
if(ae.getPointOfAccess().isEmpty() || !(ae.isRequestReachable())){
response.setResponseStatusCode(ResponseStatusCode.TARGET_NOT_REACHABLE);
|