[exo-jcr-commits] exo-jcr SVN: r5638 - in jcr/trunk/exo.jcr.component.webdav/src: test/java/org/exoplatform/services/jcr/webdav/command and 1 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Wed Feb 15 05:20:38 EST 2012
Author: dkuleshov
Date: 2012-02-15 05:20:35 -0500 (Wed, 15 Feb 2012)
New Revision: 5638
Modified:
jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java
jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java
jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java
jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml
Log:
EXOJCR-1719: added new WebDavServiceImpl initial parameter - 'untrusted-user-agents'
Modified: jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java 2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java 2012-02-15 10:20:35 UTC (rev 5638)
@@ -67,7 +67,7 @@
Response head(String repoName, String repoPath, UriInfo baseURI);
/**
- * WedDAV "HEAD" method. See <a
+ * WedDAV "PUT" method. See <a
* href='http://www.ietf.org/rfc/rfc2518.txt'>HTTP methods for distributed
* authoring sec. 8.7 "PUT"</a>.
*
@@ -82,16 +82,39 @@
* @param inputStream stream that contain incoming data
* @return the instance of javax.ws.rs.core.Response
*/
+ @Deprecated
Response put(String repoName, String repoPath, String lockTokenHeader, String ifHeader, String fileNodeTypeHeader,
String contentNodeTypeHeader, String mixinTypes, MediaType mediatype, InputStream inputStream);
/**
+ * WedDAV "PUT" method. See <a
+ * href='http://www.ietf.org/rfc/rfc2518.txt'>HTTP methods for distributed
+ * authoring sec. 8.7 "PUT"</a>.
+ *
* @param repoName repository name
* @param repoPath path in repository
* @param lockTokenHeader Lock-Token HTTP header
* @param ifHeader If HTTP Header
+ * @param fileNodeTypeHeader JCR NodeType header
+ * @param contentNodeTypeHeader JCR Content-NodeType header
+ * @param mixinTypes JCR Mixin types header
+ * @param mimeType Content-Type HTTP header
+ * @param userAgent User-Agent HTTP header
+ * @param inputStream stream that contain incoming data
+ * @param UriInfo URI info
* @return the instance of javax.ws.rs.core.Response
*/
+ Response put(String repoName, String repoPath, String lockTokenHeader, String ifHeader, String fileNodeTypeHeader,
+ String contentNodeTypeHeader, String mixinTypes, MediaType mediatype, String userAgent, InputStream inputStream,
+ UriInfo uriInfo);
+
+ /**
+ * @param repoName repository name
+ * @param repoPath path in repository
+ * @param lockTokenHeader Lock-Token HTTP header
+ * @param ifHeader If HTTP Header
+ * @return the instance of javax.ws.rs.core.Response
+ */
Response delete(String repoName, String repoPath, String lockTokenHeader, String ifHeader);
/**
Modified: jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java 2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java 2012-02-15 10:20:35 UTC (rev 5638)
@@ -23,6 +23,7 @@
import org.exoplatform.commons.utils.MimeTypeResolver;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ValueParam;
+import org.exoplatform.container.xml.ValuesParam;
import org.exoplatform.services.jcr.RepositoryService;
import org.exoplatform.services.jcr.core.ManageableRepository;
import org.exoplatform.services.jcr.ext.app.ThreadLocalSessionProviderService;
@@ -78,8 +79,10 @@
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.PathNotFoundException;
@@ -143,6 +146,8 @@
public static final String FOLDER_ICON_PATH = "folder-icon-path";
+ public static final String UNTRUSTED_USER_AGENTS = "untrusted-user-agents";
+
/**
* Logger.
*/
@@ -194,6 +199,11 @@
private Map<String, String> xsltParams = new HashMap<String, String>();
/**
+ * Set of untrusted user agents. Special rules are applied for listed agents.
+ */
+ private Set<String> untrustedUserAgents = new HashSet<String>();
+
+ /**
* The list of allowed methods.
*/
private static final String ALLOW;
@@ -303,6 +313,13 @@
}
}
+
+ ValuesParam pUntrustedUserAgents = params.getValuesParam(UNTRUSTED_USER_AGENTS);
+ if (pUntrustedUserAgents != null)
+ {
+ untrustedUserAgents.addAll((List<String>)pUntrustedUserAgents.getValues());
+ }
+
this.mimeTypeResolver = new MimeTypeResolver();
this.mimeTypeResolver.setDefaultMimeType(defaultFileMimeType);
}
@@ -386,6 +403,24 @@
}
}
+
+ /*
+ * As this constructor receives Map<String, String> instead of InitParams
+ * we cannot pass multi-valued parameters in the form of
+ * String -> Collection
+ * We pass a set of 'untrusted-user-agents' as a single String
+ * with mime types separated by comma (",")
+ * i.e. "agent1, agent2, agent3"
+ */
+ paramValue = params.get(UNTRUSTED_USER_AGENTS);
+ if (paramValue != null)
+ {
+ for (String mimeType : paramValue.split(","))
+ {
+ untrustedUserAgents.add(mimeType.trim());
+ }
+ }
+
this.mimeTypeResolver = new MimeTypeResolver();
this.mimeTypeResolver.setDefaultMimeType(defaultFileMimeType);
}
@@ -1129,6 +1164,21 @@
/**
* {@inheritDoc}
*/
+ @Deprecated
+ public Response put(@PathParam("repoName") String repoName, @PathParam("repoPath") String repoPath,
+ @HeaderParam(ExtHttpHeaders.LOCKTOKEN) String lockTokenHeader, @HeaderParam(ExtHttpHeaders.IF) String ifHeader,
+ @HeaderParam(ExtHttpHeaders.FILE_NODETYPE) String fileNodeTypeHeader,
+ @HeaderParam(ExtHttpHeaders.CONTENT_NODETYPE) String contentNodeTypeHeader,
+ @HeaderParam(ExtHttpHeaders.CONTENT_MIXINTYPES) String mixinTypes,
+ @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype, InputStream inputStream, @Context UriInfo uriInfo)
+ {
+ return put(repoName, repoPath, lockTokenHeader, ifHeader, fileNodeTypeHeader, contentNodeTypeHeader, mixinTypes,
+ mediatype, null, inputStream, uriInfo);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
@PUT
@Path("/{repoName}/{repoPath:.*}/")
public Response put(@PathParam("repoName") String repoName, @PathParam("repoPath") String repoPath,
@@ -1136,7 +1186,8 @@
@HeaderParam(ExtHttpHeaders.FILE_NODETYPE) String fileNodeTypeHeader,
@HeaderParam(ExtHttpHeaders.CONTENT_NODETYPE) String contentNodeTypeHeader,
@HeaderParam(ExtHttpHeaders.CONTENT_MIXINTYPES) String mixinTypes,
- @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype, InputStream inputStream, @Context UriInfo uriInfo)
+ @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype,
+ @HeaderParam(ExtHttpHeaders.USER_AGENT) String userAgent, InputStream inputStream, @Context UriInfo uriInfo)
{
if (log.isDebugEnabled())
{
@@ -1150,7 +1201,7 @@
String mimeType = null;
String encoding = null;
- if (mediatype == null)
+ if (mediatype == null || untrustedUserAgents.contains(userAgent))
{
mimeType = mimeTypeResolver.getMimeType(TextUtil.nameOnly(repoPath));
}
@@ -1528,4 +1579,5 @@
return new URI(TextUtil.escape(path, '%', true));
}
}
+
}
Modified: jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java 2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java 2012-02-15 10:20:35 UTC (rev 5638)
@@ -184,6 +184,85 @@
.toString());
}
+ /**
+ * Testing if we use MimeTypeResolver to define jcr:mimeType property
+ * for untrusted user agents during resource creation.
+ */
+ public void testUntrustedUserAgentResourceCreation() throws Exception
+ {
+ String content = TestUtils.getFileContent();
+ String path = TestUtils.getFileName();
+
+ // create User-Agent header indicating that the resource we create
+ // has application/octet-stream type
+ // though it's extension is .txt
+ MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+ headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM);
+ headers.add(HttpHeaders.USER_AGENT, "test-user-agent");
+
+ // fullfiling the request
+ service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+ Node node = session.getRootNode().getNode(TextUtil.relativizePath(path)).getNode("jcr:content");
+ // though that we passed application/octet-stream mime type
+ // the user agent is within untrusted user agents set
+ // so we use MimeTypeResolver to define the mimeType and
+ // ignore Content-Type header
+ assertEquals(MediaType.TEXT_PLAIN, node.getProperty("jcr:mimeType").getString());
+ }
+
+ /**
+ * Testing if we use MimeTypeResolver to define jcr:mimeType property
+ * for untrusted user agents during resource modification.
+ */
+ public void testUntrustedUserAgentResourceModification() throws Exception
+ {
+ String content = TestUtils.getFileContent();
+ String path = TestUtils.getFileName();
+
+ // create data with 'trusted' user agent
+ // (all user agents are considered to be trusted
+ // if they are not listed as untrusted)
+ MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+ headers.add(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN);
+
+ service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+ headers.clear();
+ content = TestUtils.getFileContent();
+ // define user agent to be among untrusted user agents
+ headers.add(HttpHeaders.USER_AGENT, "test-user-agent");
+ // define incorrect mime-type via seting Content-Type header
+ headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM);
+
+ service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+ Node node = session.getRootNode().getNode(TextUtil.relativizePath(path)).getNode("jcr:content");
+ // mime-type should still be correct
+ assertEquals(MediaType.TEXT_PLAIN, node.getProperty("jcr:mimeType").getString());
+ }
+
+ /**
+ * Testing if we can modify mime-type of previously defined resource
+ * via trusted user agent
+ */
+ public void testTrustedUserAgentResourceModification() throws Exception
+ {
+ String content = TestUtils.getFileContent();
+ String path = TestUtils.getFileName() + ".html";
+
+ service(WebDAVMethods.PUT, getPathWS() + path, "", null, content.getBytes());
+ Node node = session.getRootNode().getNode(TextUtil.relativizePath(path));
+ // mime-type is defined according to resource's extension
+ assertEquals(MediaType.TEXT_HTML, node.getNode("jcr:content").getProperty("jcr:mimeType").getString());
+
+ MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+ headers.add(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_XML);
+ service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+ // mime-type modified according to Content-Type header content
+ assertEquals(MediaType.TEXT_XML, node.getNode("jcr:content").getProperty("jcr:mimeType").getString());
+ }
+
@Override
protected String getRepositoryName()
{
Modified: jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml 2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml 2012-02-15 10:20:35 UTC (rev 5638)
@@ -209,6 +209,16 @@
<name>folder-icon-path</name>
<value>/absolute/path/to/file</value>
</value-param>
+
+ <!--
+ For testing untrusted-user-agents proper treatment.
+ Content-type headers of listed here user agents should be
+ ignored and MimeTypeResolver should be explicitly used instead
+ -->
+ <values-param>
+ <name>untrusted-user-agents</name>
+ <value>test-user-agent</value>
+ </values-param>
</init-params>
</component>
More information about the exo-jcr-commits
mailing list