Author: asoldano
Date: 2013-12-09 06:04:23 -0500 (Mon, 09 Dec 2013)
New Revision: 18154
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/RequestHandlerImpl.java
Log:
[JBWS-3743] Block HTTP GET requests with no query string
Modified:
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/RequestHandlerImpl.java
===================================================================
---
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/RequestHandlerImpl.java 2013-12-09
07:56:52 UTC (rev 18153)
+++
stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/RequestHandlerImpl.java 2013-12-09
11:04:23 UTC (rev 18154)
@@ -24,6 +24,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.io.Writer;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
@@ -64,7 +65,7 @@
*/
public class RequestHandlerImpl implements RequestHandler
{
- private static RequestHandlerImpl me = new RequestHandlerImpl();
+ private static final RequestHandlerImpl me = new RequestHandlerImpl();
RequestHandlerImpl()
{
@@ -191,7 +192,7 @@
* @throws ServletException if some problem occurs
*/
private final boolean handleQuery(HttpServletRequest req, HttpServletResponse res,
AbstractHTTPDestination dest, Bus bus)
- throws ServletException
+ throws ServletException, IOException
{
final String queryString = req.getQueryString();
if ((null != queryString) && (queryString.length() > 0))
@@ -226,6 +227,16 @@
}
}
}
+ else if ("GET".equals(req.getMethod()))
+ {
+ //reject HTTP GET without query string (only support messages sent w/ POST)
+ res.setStatus(405);
+ res.setContentType("text/plain");
+ Writer out = res.getWriter();
+ out.write("HTTP GET not supported");
+ out.close();
+ return true;
+ }
return false;
}
Show replies by date