From c78e9de1c8436ad8131800ad70635556c998845f Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <paul-christian.volkmer@mni.thm.de>
Date: Thu, 25 Oct 2012 14:24:34 +0200
Subject: [PATCH] Removed obsolete method from SessionService and fixed
 security issue

Method SessionService::broadcastFeedbackChanges is obsolete since this
method is used in FeedbackService.

FeedbackService::broadcastFeedbackChanges must not be annotated with
"@Authenticated" since authentication is not implemented for web sockets.
---
 .../de/thm/arsnova/services/FeedbackService.java |  1 -
 .../de/thm/arsnova/services/SessionService.java  | 16 ----------------
 2 files changed, 17 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/services/FeedbackService.java b/src/main/java/de/thm/arsnova/services/FeedbackService.java
index c7b798744..58ffc66c7 100644
--- a/src/main/java/de/thm/arsnova/services/FeedbackService.java
+++ b/src/main/java/de/thm/arsnova/services/FeedbackService.java
@@ -98,7 +98,6 @@ public class FeedbackService implements IFeedbackService {
 	 * @param allAffectedSessions For convenience, this represents the union of all session keywords mentioned above.
 	 */
 	@Override
-	@Authenticated
 	public void broadcastFeedbackChanges(Map<String, Set<String>> affectedUsers, Set<String> allAffectedSessions) {
 		for (Map.Entry<String, Set<String>> e : affectedUsers.entrySet()) {
 			// Is this user registered with a socket connection?
diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 1a1ce89f0..aaf506163 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -71,22 +71,6 @@ public class SessionService implements ISessionService {
 	public boolean sessionKeyAvailable(String keyword) {
 		return databaseDao.sessionKeyAvailable(keyword);
 	}
-
-	/**
-	 * 
-	 * @param affectedUsers The user whose feedback got deleted along with all affected session keywords
-	 * @param allAffectedSessions For convenience, this represents the union of all session keywords mentioned above.
-	 */
-	public void broadcastFeedbackChanges(Map<String, Set<String>> affectedUsers, Set<String> allAffectedSessions) {
-		for (Map.Entry<String, Set<String>> e : affectedUsers.entrySet()) {
-			// Is this user registered with a socket connection?
-			String connectedSocket = userService.getSessionForUser(e.getKey());
-			if (connectedSocket != null) {
-				this.server.reportDeletedFeedback(e.getKey(), e.getValue());
-			}
-		}
-		this.server.reportUpdatedFeedbackForSessions(allAffectedSessions);
-	}
 	
 	@Override
 	public String generateKeyword() {
-- 
GitLab