[exo-jcr-commits] exo-jcr SVN: r5638 - in jcr/trunk/exo.jcr.component.webdav/src: test/java/org/exoplatform/services/jcr/webdav/command and 1 other directories.

[do-not-reply at jboss.org]

Author: dkuleshov
Date: 2012-02-15 05:20:35 -0500 (Wed, 15 Feb 2012)
New Revision: 5638

Modified:
   jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java
   jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java
   jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java
   jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml
Log:
EXOJCR-1719: added new WebDavServiceImpl initial parameter - 'untrusted-user-agents' 

Modified: jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java	2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavService.java	2012-02-15 10:20:35 UTC (rev 5638)
@@ -67,7 +67,7 @@
    Response head(String repoName, String repoPath, UriInfo baseURI);
 
    /**
-    * WedDAV "HEAD" method. See <a
+    * WedDAV "PUT" method. See <a
     * href='http://www.ietf.org/rfc/rfc2518.txt'>HTTP methods for distributed
     * authoring sec. 8.7 "PUT"</a>.
     * 
@@ -82,16 +82,39 @@
     * @param inputStream stream that contain incoming data
     * @return the instance of javax.ws.rs.core.Response
     */
+   @Deprecated
    Response put(String repoName, String repoPath, String lockTokenHeader, String ifHeader, String fileNodeTypeHeader,
       String contentNodeTypeHeader, String mixinTypes, MediaType mediatype, InputStream inputStream);
 
    /**
+    * WedDAV "PUT" method. See <a
+    * href='http://www.ietf.org/rfc/rfc2518.txt'>HTTP methods for distributed
+    * authoring sec. 8.7 "PUT"</a>.
+    * 
     * @param repoName repository name
     * @param repoPath path in repository
     * @param lockTokenHeader Lock-Token HTTP header
     * @param ifHeader If HTTP Header
+    * @param fileNodeTypeHeader JCR NodeType header
+    * @param contentNodeTypeHeader JCR Content-NodeType header
+    * @param mixinTypes JCR Mixin types header
+    * @param mimeType Content-Type HTTP header
+    * @param userAgent User-Agent HTTP header
+    * @param inputStream stream that contain incoming data
+    * @param UriInfo URI info
     * @return the instance of javax.ws.rs.core.Response
     */
+   Response put(String repoName, String repoPath, String lockTokenHeader, String ifHeader, String fileNodeTypeHeader,
+      String contentNodeTypeHeader, String mixinTypes, MediaType mediatype, String userAgent, InputStream inputStream,
+      UriInfo uriInfo);
+
+   /**
+    * @param repoName repository name
+    * @param repoPath path in repository
+    * @param lockTokenHeader Lock-Token HTTP header
+    * @param ifHeader If HTTP Header
+    * @return the instance of javax.ws.rs.core.Response
+    */
    Response delete(String repoName, String repoPath, String lockTokenHeader, String ifHeader);
 
    /**

Modified: jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java	2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/main/java/org/exoplatform/services/jcr/webdav/WebDavServiceImpl.java	2012-02-15 10:20:35 UTC (rev 5638)
@@ -23,6 +23,7 @@
 import org.exoplatform.commons.utils.MimeTypeResolver;
 import org.exoplatform.container.xml.InitParams;
 import org.exoplatform.container.xml.ValueParam;
+import org.exoplatform.container.xml.ValuesParam;
 import org.exoplatform.services.jcr.RepositoryService;
 import org.exoplatform.services.jcr.core.ManageableRepository;
 import org.exoplatform.services.jcr.ext.app.ThreadLocalSessionProviderService;
@@ -78,8 +79,10 @@
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.jcr.NoSuchWorkspaceException;
 import javax.jcr.PathNotFoundException;
@@ -143,6 +146,8 @@
 
    public static final String FOLDER_ICON_PATH = "folder-icon-path";
 
+   public static final String UNTRUSTED_USER_AGENTS = "untrusted-user-agents";
+
    /**
     * Logger.
     */
@@ -194,6 +199,11 @@
    private Map<String, String> xsltParams = new HashMap<String, String>();
 
    /**
+    * Set of untrusted user agents. Special rules are applied for listed agents.
+    */
+   private Set<String> untrustedUserAgents = new HashSet<String>();
+
+   /**
     * The list of allowed methods.
     */
    private static final String ALLOW;
@@ -303,6 +313,13 @@
          }
 
       }
+
+      ValuesParam pUntrustedUserAgents = params.getValuesParam(UNTRUSTED_USER_AGENTS);
+      if (pUntrustedUserAgents != null)
+      {
+         untrustedUserAgents.addAll((List<String>)pUntrustedUserAgents.getValues());
+      }
+
       this.mimeTypeResolver = new MimeTypeResolver();
       this.mimeTypeResolver.setDefaultMimeType(defaultFileMimeType);
    }
@@ -386,6 +403,24 @@
          }
 
       }
+
+      /*
+       * As this constructor receives Map<String, String> instead of InitParams
+       * we cannot pass multi-valued parameters in the form of 
+       * String -> Collection  
+       * We pass a set of 'untrusted-user-agents' as a single String
+       * with mime types separated by comma (",")
+       * i.e. "agent1, agent2, agent3"
+       */
+      paramValue = params.get(UNTRUSTED_USER_AGENTS);
+      if (paramValue != null)
+      {
+         for (String mimeType : paramValue.split(","))
+         {
+            untrustedUserAgents.add(mimeType.trim());
+         }
+      }
+
       this.mimeTypeResolver = new MimeTypeResolver();
       this.mimeTypeResolver.setDefaultMimeType(defaultFileMimeType);
    }
@@ -1129,6 +1164,21 @@
    /**
     * {@inheritDoc}
     */
+   @Deprecated
+   public Response put(@PathParam("repoName") String repoName, @PathParam("repoPath") String repoPath,
+      @HeaderParam(ExtHttpHeaders.LOCKTOKEN) String lockTokenHeader, @HeaderParam(ExtHttpHeaders.IF) String ifHeader,
+      @HeaderParam(ExtHttpHeaders.FILE_NODETYPE) String fileNodeTypeHeader,
+      @HeaderParam(ExtHttpHeaders.CONTENT_NODETYPE) String contentNodeTypeHeader,
+      @HeaderParam(ExtHttpHeaders.CONTENT_MIXINTYPES) String mixinTypes,
+      @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype, InputStream inputStream, @Context UriInfo uriInfo)
+   {
+      return put(repoName, repoPath, lockTokenHeader, ifHeader, fileNodeTypeHeader, contentNodeTypeHeader, mixinTypes,
+         mediatype, null, inputStream, uriInfo);
+   }
+
+   /**
+    * {@inheritDoc}
+    */
    @PUT
    @Path("/{repoName}/{repoPath:.*}/")
    public Response put(@PathParam("repoName") String repoName, @PathParam("repoPath") String repoPath,
@@ -1136,7 +1186,8 @@
       @HeaderParam(ExtHttpHeaders.FILE_NODETYPE) String fileNodeTypeHeader,
       @HeaderParam(ExtHttpHeaders.CONTENT_NODETYPE) String contentNodeTypeHeader,
       @HeaderParam(ExtHttpHeaders.CONTENT_MIXINTYPES) String mixinTypes,
-      @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype, InputStream inputStream, @Context UriInfo uriInfo)
+      @HeaderParam(ExtHttpHeaders.CONTENT_TYPE) MediaType mediatype,
+      @HeaderParam(ExtHttpHeaders.USER_AGENT) String userAgent, InputStream inputStream, @Context UriInfo uriInfo)
    {
       if (log.isDebugEnabled())
       {
@@ -1150,7 +1201,7 @@
          String mimeType = null;
          String encoding = null;
 
-         if (mediatype == null)
+         if (mediatype == null || untrustedUserAgents.contains(userAgent))
          {
             mimeType = mimeTypeResolver.getMimeType(TextUtil.nameOnly(repoPath));
          }
@@ -1528,4 +1579,5 @@
          return new URI(TextUtil.escape(path, '%', true));
       }
    }
+
 }

Modified: jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java	2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/test/java/org/exoplatform/services/jcr/webdav/command/TestPut.java	2012-02-15 10:20:35 UTC (rev 5638)
@@ -184,6 +184,85 @@
          .toString());
    }
 
+   /**
+    * Testing if we use MimeTypeResolver to define jcr:mimeType property
+    * for untrusted user agents during resource creation. 
+    */
+   public void testUntrustedUserAgentResourceCreation() throws Exception
+   {
+      String content = TestUtils.getFileContent();
+      String path = TestUtils.getFileName();
+
+      // create User-Agent header indicating that the resource we create
+      // has application/octet-stream type
+      // though it's extension is .txt
+      MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+      headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM);
+      headers.add(HttpHeaders.USER_AGENT, "test-user-agent");
+
+      // fullfiling the request
+      service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+      Node node = session.getRootNode().getNode(TextUtil.relativizePath(path)).getNode("jcr:content");
+      // though that we passed application/octet-stream mime type
+      // the user agent is within untrusted user agents set
+      // so we use MimeTypeResolver to define the mimeType and
+      // ignore Content-Type header
+      assertEquals(MediaType.TEXT_PLAIN, node.getProperty("jcr:mimeType").getString());
+   }
+
+   /**
+    * Testing if we use MimeTypeResolver to define jcr:mimeType property
+    * for untrusted user agents during resource modification. 
+    */
+   public void testUntrustedUserAgentResourceModification() throws Exception
+   {
+      String content = TestUtils.getFileContent();
+      String path = TestUtils.getFileName();
+
+      // create data with 'trusted' user agent 
+      // (all user agents are considered to be trusted
+      // if they are not listed as untrusted)
+      MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+      headers.add(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN);
+
+      service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+      headers.clear();
+      content = TestUtils.getFileContent();
+      // define user agent to be among untrusted user agents 
+      headers.add(HttpHeaders.USER_AGENT, "test-user-agent");
+      // define incorrect mime-type via seting Content-Type header
+      headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_OCTET_STREAM);
+
+      service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+
+      Node node = session.getRootNode().getNode(TextUtil.relativizePath(path)).getNode("jcr:content");
+      // mime-type should still be correct
+      assertEquals(MediaType.TEXT_PLAIN, node.getProperty("jcr:mimeType").getString());
+   }
+
+   /**
+    * Testing if we can modify mime-type of previously defined resource
+    * via trusted user agent
+    */
+   public void testTrustedUserAgentResourceModification() throws Exception
+   {
+      String content = TestUtils.getFileContent();
+      String path = TestUtils.getFileName() + ".html";
+
+      service(WebDAVMethods.PUT, getPathWS() + path, "", null, content.getBytes());
+      Node node = session.getRootNode().getNode(TextUtil.relativizePath(path));
+      // mime-type is defined according to resource's extension
+      assertEquals(MediaType.TEXT_HTML, node.getNode("jcr:content").getProperty("jcr:mimeType").getString());
+
+      MultivaluedMap<String, String> headers = new MultivaluedMapImpl();
+      headers.add(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_XML);
+      service(WebDAVMethods.PUT, getPathWS() + path, "", headers, content.getBytes());
+      // mime-type modified according to Content-Type header content
+      assertEquals(MediaType.TEXT_XML, node.getNode("jcr:content").getProperty("jcr:mimeType").getString());
+   }
+
    @Override
    protected String getRepositoryName()
    {

Modified: jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml
===================================================================
--- jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml	2012-02-15 09:40:04 UTC (rev 5637)
+++ jcr/trunk/exo.jcr.component.webdav/src/test/resources/conf/standalone/test-configuration.xml	2012-02-15 10:20:35 UTC (rev 5638)
@@ -209,6 +209,16 @@
             <name>folder-icon-path</name>
             <value>/absolute/path/to/file</value>
          </value-param>
+         
+         <!-- 
+            For testing untrusted-user-agents proper treatment.
+            Content-type headers of listed here user agents should be
+            ignored and MimeTypeResolver should be explicitly used instead 
+         -->
+         <values-param>
+            <name>untrusted-user-agents</name>
+            <value>test-user-agent</value>
+         </values-param>
 
       </init-params>
    </component>