Examples of hirondelle.web4j.security.UntrustedProxyForUserId

• hirondelle.web4j.security.UntrustedProxyForUserId
  wasp.org/index.php/Top_10_2007-A4'>Insecure Direct Object Reference, which is an important security issue for web applications. The issue centers around proper enforcement of data ownership constraints.

  Please see the User Guide for more information on this important topic.

  Untrusted Proxy For User Id

  An untrusted proxy for the user id is defined here as satisfying these two criteria:

  • it's "owned" by a specific user (that is, it has an associated data ownership constraint)
  • it's open to manipulation by the end user (for example, by simply changing a request parameter)

  An untrusted identifier typically appears in a link, or in a form's target URL. This interface is for defining which requests use an untrusted identifier, and which need to enforce a data ownership constraint in a particular way.

  Note that, as explained in the User Guide, not all data ownership constraints involve an untrusted proxy for the user id - only some do.

  The {@link hirondelle.web4j.Controller} processes each request using your application's configured implementation of this interface. Most applications will likely use the default implementation, {@link hirondelle.web4j.security.UntrustedProxyForUserIdImpl}. The Controller logic is roughly as follows:

   get the configured implementation of UntrustedProxyForUserId if the current request has an untrusted id { cast the Action to  {@link hirondelle.web4j.security.FetchIdentifierOwner}fetch the login name of the user who owns the untrusted id compare it to the login name of the current user   proceed with the Action only if there is a match }

  (Reminder: whenever a user logs in, the login name of the current user is always placed into session scope by the Servlet Container.)

  Implementations of this interface will typically extract two items from the underlying request, to determine if the request has an untrusted proxy for the user id :

  • the 'noun' - identifies what data is being operated on
  • the 'verb' - what is being done to the data (the operation)

  In some cases, only the noun will be important, since all operations on the data can be restricted to the owner. In other cases, both the noun and the verb will be needed to determine if there is a data ownership constraint.

      fLogger.config("Web4j default implementations already initialized.");
    }
  }

  private ResponsePage checkOwnershipThenExecuteAction(Action aAction, RequestParser aRequestParser) throws AppException, BadRequestException {
    UntrustedProxyForUserId ownershipFirewall = BuildImpl.forOwnershipFirewall();
    if ( ownershipFirewall.usesUntrustedIdentifier(aRequestParser) ) {
      fLogger.fine("This request has an ownership constraint.");
      enforceOwnershipConstraint(aAction, aRequestParser);
    }
    else {
      fLogger.fine("No ownership constraint detected.");