Author: sergeyb
Date: Sun Jul 19 18:20:03 2009
New Revision: 795583
URL: http://svn.apache.org/viewvc?rev=795583&view=rev
Log:
[CXF-2346] Checking servlet request params in cases when input stream was
consumed by filters
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java?rev=795583&r1=795582&r2=795583&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java
Sun Jul 19 18:20:03 2009
@@ -120,7 +120,10 @@
AttachmentUtils.getMultipartBody(mc, attachmentDir,
attachmentThreshold);
FormUtils.populateMapFromMultipart(params, body, decode);
} else {
- FormUtils.populateMapFromString(params, FormUtils.readBody(is),
decode);
+ FormUtils.populateMapFromString(params,
+ FormUtils.readBody(is),
+ decode,
+ mc != null ?
mc.getHttpServletRequest() : null);
}
}
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java?rev=795583&r1=795582&r2=795583&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
Sun Jul 19 18:20:03 2009
@@ -23,9 +23,11 @@
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
+import java.util.Enumeration;
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
@@ -68,7 +70,8 @@
}
public static void populateMapFromString(MultivaluedMap<String, String>
params,
- String postBody, boolean decode) {
+ String postBody, boolean decode,
+ HttpServletRequest request) {
if (!StringUtils.isEmpty(postBody)) {
List<String> parts = Arrays.asList(postBody.split("&"));
for (String part : parts) {
@@ -85,6 +88,12 @@
params.add(keyValue[0], "");
}
}
+ } else if (request != null) {
+ for (Enumeration en = request.getParameterNames();
en.hasMoreElements();) {
+ String paramName = en.nextElement().toString();
+ String[] values = request.getParameterValues(paramName);
+ params.put(paramName, Arrays.asList(values));
+ }
}
}
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java?rev=795583&r1=795582&r2=795583&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java
Sun Jul 19 18:20:03 2009
@@ -597,7 +597,8 @@
body = FormUtils.readBody(m.getContent(InputStream.class));
m.put("org.apache.cxf.jaxrs.provider.form.body", body);
}
- FormUtils.populateMapFromString(params, (String)body, decode);
+ HttpServletRequest request =
(HttpServletRequest)m.get(AbstractHTTPDestination.HTTP_REQUEST);
+ FormUtils.populateMapFromString(params, (String)body, decode,
request);
} else {
MultipartBody body = AttachmentUtils.getMultipartBody(mc);
FormUtils.populateMapFromMultipart(params, body, decode);
Modified:
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java?rev=795583&r1=795582&r2=795583&view=diff
==============================================================================
---
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java
(original)
+++
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java
Sun Jul 19 18:20:03 2009
@@ -19,6 +19,16 @@
package org.apache.cxf.systest.jaxrs.security;
+import java.io.InputStream;
+
+import javax.ws.rs.core.Response;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.form.Form;
+import org.apache.cxf.systest.jaxrs.Book;
+
import org.junit.BeforeClass;
import org.junit.Test;
@@ -38,6 +48,19 @@
}
@Test
+ public void testBookFromForm() throws Exception {
+
+ WebClient wc =
WebClient.create("http://localhost:9080/bookstorestorage/bookforms";,
+ "foo", "bar", null);
+
+ Response r = wc.form(new Form().set("name", "CXF Rocks").set("id",
"123"));
+
+ Book b = readBook((InputStream)r.getEntity());
+ assertEquals("CXF Rocks", b.getName());
+ assertEquals(123L, b.getId());
+ }
+
+ @Test
public void testGetBookUserAdmin() throws Exception {
String endpointAddress =
"http://localhost:9080/bookstorestorage/thosebooks/123";;
@@ -62,6 +85,12 @@
getBook(endpointAddress, "bob", "bobspassword", 403);
}
+ private Book readBook(InputStream is) throws Exception {
+ JAXBContext c = JAXBContext.newInstance(new Class[]{Book.class});
+ Unmarshaller u = c.createUnmarshaller();
+ return (Book)u.unmarshal(is);
+ }
+
@Test
public void testGetBookSubresourceAdmin() throws Exception {
String endpointAddress =
@@ -70,5 +99,5 @@
getBook(endpointAddress, "bob", "bobspassword", 403);
}
-
+
}
Modified:
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java?rev=795583&r1=795582&r2=795583&view=diff
==============================================================================
---
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java
(original)
+++
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java
Sun Jul 19 18:20:03 2009
@@ -22,7 +22,9 @@
import java.util.HashMap;
import java.util.Map;
+import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
@@ -42,6 +44,16 @@
books.put(book.getId(), book);
}
+ @POST
+ @Path("/bookforms")
+ @Secured({"ROLE_USER", "ROLE_ADMIN" })
+ public Book getBookFromFormParams(@FormParam("name") String name,
@FormParam("id") long id) {
+ if (name == null || id == 0) {
+ throw new RuntimeException("FormParams are not set");
+ }
+ return new Book(name, id);
+ }
+
@GET
@Path("/thosebooks/{bookId}/{id}")
@Produces("application/xml")
