------------------------------------------------------------ revno: 13764 committer: Morten Olav Hansen <[email protected]> branch nick: dhis2 timestamp: Fri 2014-01-17 14:31:46 +0700 message: csd: improved csd request validation removed: dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java added: dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java modified: dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java
-- lp:dhis2 https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk Your team DHIS 2 developers is subscribed to branch lp:dhis2. To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java 2014-01-17 06:14:44 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java 2014-01-17 07:31:46 +0000 @@ -31,7 +31,7 @@ /** * @author Morten Olav Hansen <[email protected]> */ -public abstract class SoapException extends RuntimeException +public class SoapException extends RuntimeException { private String faultCode = "env:Sender"; === added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java 2014-01-17 07:31:46 +0000 @@ -0,0 +1,42 @@ +package org.hisp.dhis.web.ohie.csd.exception; + +/* + * Copyright (c) 2004-2013, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.web.ohie.common.exception.SoapException; + +/** + * @author Morten Olav Hansen <[email protected]> + */ +public class MissingGetDirectoryModificationsRequestException extends SoapException +{ + public MissingGetDirectoryModificationsRequestException() + { + super("Missing or invalid urn:ihe:iti:csd:2013:GetDirectoryModificationsRequest action."); + } +} === removed file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java 2014-01-17 06:14:44 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java 1970-01-01 00:00:00 +0000 @@ -1,42 +0,0 @@ -package org.hisp.dhis.web.ohie.csd.exception; - -/* - * Copyright (c) 2004-2013, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -import org.hisp.dhis.web.ohie.common.exception.SoapException; - -/** - * @author Morten Olav Hansen <[email protected]> - */ -public class MissingGetModificationsRequestElement extends SoapException -{ - public MissingGetModificationsRequestElement() - { - super( "Missing urn:ihe:iti:csd:2013:GetModificationsRequest element." ); - } -} === added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java 2014-01-17 07:31:46 +0000 @@ -0,0 +1,42 @@ +package org.hisp.dhis.web.ohie.csd.exception; + +/* + * Copyright (c) 2004-2013, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.web.ohie.common.exception.SoapException; + +/** + * @author Morten Olav Hansen <[email protected]> + */ +public class MissingGetModificationsRequestException extends SoapException +{ + public MissingGetModificationsRequestException() + { + super( "Missing urn:ihe:iti:csd:2013:GetModificationsRequest element." ); + } +} === added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java 2014-01-17 07:31:46 +0000 @@ -0,0 +1,42 @@ +package org.hisp.dhis.web.ohie.csd.exception; + +/* + * Copyright (c) 2004-2013, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.web.ohie.common.exception.SoapException; + +/** + * @author Morten Olav Hansen <[email protected]> + */ +public class MissingLastModifiedException extends SoapException +{ + public MissingLastModifiedException() + { + super("Missing urn:ihe:iti:csd:2013:lastModified element."); + } +} === modified file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java' --- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java 2014-01-17 06:14:44 +0000 +++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java 2014-01-17 07:31:46 +0000 @@ -49,7 +49,9 @@ import org.hisp.dhis.web.ohie.csd.domain.Person; import org.hisp.dhis.web.ohie.csd.domain.Record; import org.hisp.dhis.web.ohie.csd.domain.Service; -import org.hisp.dhis.web.ohie.csd.exception.MissingGetModificationsRequestElement; +import org.hisp.dhis.web.ohie.csd.exception.MissingGetDirectoryModificationsRequestException; +import org.hisp.dhis.web.ohie.csd.exception.MissingGetModificationsRequestException; +import org.hisp.dhis.web.ohie.csd.exception.MissingLastModifiedException; import org.hisp.dhis.web.ohie.fred.webapi.v1.utils.GeoUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; @@ -76,6 +78,8 @@ @RequestMapping( value = "/csd" ) public class CsdController { + private static String SOAP_CONTENT_TYPE = "application/soap+xml"; + // ------------------------------------------------------------------------- // Dependencies // ------------------------------------------------------------------------- @@ -117,12 +121,14 @@ Object o = unmarshaller.unmarshal( request.getInputStream() ); Envelope env = (Envelope) o; + validateRequest( env ); + List<OrganisationUnit> organisationUnits = getOrganisationUnits( env ); Csd csd = createCsd( organisationUnits ); Envelope envelope = createResponse( csd, env.getHeader().getMessageID().getValue() ); - response.setContentType( "application/soap+xml" ); + response.setContentType( SOAP_CONTENT_TYPE ); marshaller.marshal( envelope, response.getOutputStream() ); } @@ -135,7 +141,7 @@ envelope.getBody().getFault().getCode().getValue().setValue( ex.getFaultCode() ); envelope.getBody().getFault().getReason().getText().setValue( ex.getMessage() ); - response.setContentType( "application/soap+xml" ); + response.setContentType( SOAP_CONTENT_TYPE ); marshaller.marshal( envelope, response.getOutputStream() ); } @@ -144,18 +150,42 @@ // Helpers // ------------------------------------------------------------------------- - private List<OrganisationUnit> getOrganisationUnits( Envelope envelope ) throws MissingGetModificationsRequestElement - { - Date lastModified; - - try - { - lastModified = envelope.getBody().getGetModificationsRequest().getLastModified(); - } - catch ( NullPointerException ex ) - { - throw new MissingGetModificationsRequestElement(); - } + private void validateRequest( Envelope env ) + { + if ( !"urn:ihe:iti:csd:2013:GetDirectoryModificationsRequest".equals( + env.getHeader().getAction().getValue() ) ) + { + throw new MissingGetDirectoryModificationsRequestException(); + } + + try + { + if ( env.getBody().getGetModificationsRequest() == null ) + { + throw new MissingGetModificationsRequestException(); + } + } + catch ( NullPointerException ex ) + { + throw new SoapException(); + } + + try + { + if ( env.getBody().getGetModificationsRequest().getLastModified() == null ) + { + throw new MissingLastModifiedException(); + } + } + catch ( NullPointerException ex ) + { + throw new SoapException(); + } + } + + private List<OrganisationUnit> getOrganisationUnits( Envelope envelope ) throws MissingGetModificationsRequestException + { + Date lastModified = envelope.getBody().getGetModificationsRequest().getLastModified(); return new ArrayList<OrganisationUnit>( organisationUnitService.getAllOrganisationUnitsByLastUpdated( lastModified ) );
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
