diff --git a/jans-auth-server/agama/engine/src/main/java/io/jans/ads/Deployer.java b/jans-auth-server/agama/engine/src/main/java/io/jans/ads/Deployer.java index 23154c0d4bd..135e3c96efe 100644 --- a/jans-auth-server/agama/engine/src/main/java/io/jans/ads/Deployer.java +++ b/jans-auth-server/agama/engine/src/main/java/io/jans/ads/Deployer.java @@ -151,8 +151,7 @@ private void deployProject(String dn, String prjId, String name) throws IOExcept if (Files.isDirectory(pcode) && Files.isDirectory(pweb)) { try { - String prjBasepath = prjId; - //To avoid exposing the id in the url one might do: DigestUtils(DigestUtils.getMd5Digest()).digestAsHex(...) + String prjBasepath = makeShortSafePath(prjId); Set flowIds = createFlows(pcode, dd, prjBasepath); if (dd.getError() == null) { projectsFlows.put(prjId, flowIds); @@ -227,6 +226,8 @@ private Set createFlows(Path dir, DeploymentDetails dd, String prjBasepa if (flowsPaths.isEmpty()) { dd.setError("There are no flows in this archive"); + } else { + logger.debug("Flows' basepaths will all be prefixed with '{}'", prjBasepath); } Map flowsOutcome = new HashMap<>(); @@ -347,8 +348,8 @@ private ZipFile compileAssetsArchive(Path root, Path webroot, Path lib, String p logger.info("Compressing to {}", newZipPath); ZipFile newZip = new ZipFile(newZipPath.toFile()); - newZip.addFolder(ftl.toFile(), params); - newZip.addFolder(fl.toFile(), params); + newZip.addFolder(ftl.toFile().getParentFile(), params); + newZip.addFolder(fl.toFile().getParentFile(), params); newZip.addFolder(scripts.toFile(), params); return newZip; @@ -685,6 +686,12 @@ private String insertProjectBasepath(String code, String basepath) { } return code; } + + private String makeShortSafePath(String id) { + //radix 36 entails safe filename/url characters: 0-9 plus a-z + String path = Integer.toString(id.hashCode(), Math.min(36, Character.MAX_RADIX)); + return path.substring(path.charAt(0) == '-' ? 1 : 0); + } @PostConstruct private void init() {