Yi

### This file controls the configuration of the svnserve daemon, if you

### use it to allow access to this repository.  (If you only allow

### access through http: and/or file: URLs, then this file is

### irrelevant.)

### Visit http://subversion.tigris.org/ for more information.

[general]

### These options control access to the repository for unauthenticated

### and authenticated users.  Valid values are "write", "read",

### and "none".  The sample settings below are the defaults.

anon-access = none

auth-access = write

### The password-db option controls the location of the password

### database file.  Unless you specify a path starting with a /,

### the file's location is relative to the directory containing

### this configuration file.

### If SASL is enabled (see below), this file will NOT be used.

### Uncomment the line below to use the default password file.

password-db = passwd

### The authz-db option controls the location of the authorization

### rules for path-based access control.  Unless you specify a path

### starting with a /, the file's location is relative to the the

### directory containing this file.  If you don't specify an

### authz-db, no path-based access control is done.

### Uncomment the line below to use the default authorization file.

#authz-db = authz

### This option specifies the authentication realm of the repository.

### If two repositories have the same authentication realm, they should

### have the same password database, and vice versa.  The default realm

### is repository's uuid.

#realm = My First Repository

[sasl]

### This option specifies whether you want to use the Cyrus SASL

### library for authentication. Default is false.

### This section will be ignored if svnserve is not built with Cyrus

### SASL support; to check, run 'svnserve --version' and look for a line

### reading 'Cyrus SASL authentication is available.'

# use-sasl = true

### These options specify the desired strength of the security layer

### that you want SASL to provide. 0 means no encryption, 1 means

### integrity-checking only, values larger than 1 are correlated

### to the effective key length for encryption (e.g. 128 means 128-bit

### encryption). The values below are the defaults.

# min-encryption = 0

# max-encryption = 256

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
 
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
 
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
mygroup = suma,tiwaz
 
# [/foo/bar]
# harry = rw
# &joe = r
# * =
 
#[repository:/]
# @harry_and_sally = rw
# * = r
 
[/]
@mygroup = rw
 
[sample:/]
* = r

@mygroup = rw

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class Token {
 
 private static final String TOKEN_KEY = "TOKEN_KEY";
 
 public static void set(HttpServletRequest request) {
  HttpSession session = request.getSession(true);
  long systemTime = System.currentTimeMillis();
  byte[] time = new Long(systemTime).toString().getBytes();
  byte[] id = session.getId().getBytes();
  
  try {
   MessageDigest md5 = MessageDigest.getInstance("MD5");
   md5.update(id);
   md5.update(time);
   
   String token = toHex(md5.digest());
   request.setAttribute(TOKEN_KEY, token);
   session.setAttribute(TOKEN_KEY, token);
  } catch (NoSuchAlgorithmException e) {
   e.printStackTrace();
  }
 }
 
 public static boolean isValid(HttpServletRequest request) {
  HttpSession session = request.getSession(true);
  String requestToken = request.getParameter(TOKEN_KEY);
  String sessionToken = (String)session.getAttribute(TOKEN_KEY);
  if(requestToken == null || sessionToken == null) {
   return false;
  } else {
   return requestToken.equals(sessionToken);
  }
 }
 
 private static String toHex(byte[] digest) {
  StringBuffer buf = new StringBuffer();
  for(int i=0;i<digest.length;i++) {
   buf.append(Integer.toHexString((int)digest[i] & 0x00ff));
  }
  return buf.toString();
 }
}