Loading gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,9 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; public class GmsApplication { public class GmsApplication { public static void main(String[] args) { public static void main(String[] args) { // Needed to use %5C (backslash URL encoded) in path variables (otherwise BadRequest error is sent) System.setProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "true"); SpringApplication.run(GmsApplication.class, args); SpringApplication.run(GmsApplication.class, args); } } Loading gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java +20 −4 Original line number Original line Diff line number Diff line Loading @@ -21,6 +21,8 @@ import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.rap.data.RapUser; import it.inaf.ia2.rap.data.RapUser; import java.io.IOException; import java.io.IOException; import java.io.PrintWriter; import java.io.PrintWriter; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.security.Principal; import java.security.Principal; import java.util.ArrayList; import java.util.ArrayList; import java.util.HashMap; import java.util.HashMap; Loading Loading @@ -105,8 +107,10 @@ public class JWTWebServiceController { * be defined adding ".+", otherwise Spring will think it is a file * be defined adding ".+", otherwise Spring will think it is a file * extension (thanks https://stackoverflow.com/a/16333149/771431) * extension (thanks https://stackoverflow.com/a/16333149/771431) */ */ @GetMapping(value = {"/ws/jwt/search/{group:.+}", "/vo/search/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE) @GetMapping(value = {"/ws/jwt/search/**", "/vo/search/**"}, produces = MediaType.TEXT_PLAIN_VALUE) public void isMemberOf(@PathVariable("group") String group, HttpServletResponse response) throws IOException { public void isMemberOf(HttpServletRequest request, HttpServletResponse response) throws IOException { String group = getGroupFromRequest(request, "/ws/jwt/search/", "/vo/search/"); List<String> groupNames = groupNameService.extractGroupNames(group); List<String> groupNames = groupNameService.extractGroupNames(group); Loading Loading @@ -338,8 +342,10 @@ public class JWTWebServiceController { response.setStatus(HttpServletResponse.SC_CREATED); response.setStatus(HttpServletResponse.SC_CREATED); } } @GetMapping(value = {"/ws/jwt/email/{group:.+}", "/email/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE) @GetMapping(value = {"/ws/jwt/email/**", "/email/**"}, produces = MediaType.TEXT_PLAIN_VALUE) public void getEmailOfMembers(@PathVariable("group") String groupNames, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException { public void getEmailOfMembers(HttpServletRequest request, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException { String groupNames = getGroupFromRequest(request, "/ws/jwt/email/", "/email/"); GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames)); GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames)); Loading Loading @@ -379,4 +385,14 @@ public class JWTWebServiceController { responseBody.put("mergedId", mergedId); responseBody.put("mergedId", mergedId); return ResponseEntity.ok(responseBody); return ResponseEntity.ok(responseBody); } } private String getGroupFromRequest(HttpServletRequest request, String... basePaths) { for (String basePath : basePaths) { String completeBasePath = request.getContextPath() + basePath; if (request.getRequestURI().startsWith(completeBasePath)) { return URLDecoder.decode(request.getRequestURI().substring(completeBasePath.length()), StandardCharsets.UTF_8); } } return ""; } } } gms/src/main/java/it/inaf/ia2/gms/service/GroupNameService.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -3,6 +3,8 @@ package it.inaf.ia2.gms.service; import it.inaf.ia2.gms.exception.BadRequestException; import it.inaf.ia2.gms.exception.BadRequestException; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.model.GroupEntity; import it.inaf.ia2.gms.persistence.model.GroupEntity; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.ArrayList; import java.util.Arrays; import java.util.Arrays; import java.util.Collections; import java.util.Collections; Loading Loading @@ -136,6 +138,8 @@ public class GroupNameService { return new ArrayList<>(); return new ArrayList<>(); } } groupStr = URLDecoder.decode(groupStr, StandardCharsets.UTF_8); List<String> names = new ArrayList<>(); List<String> names = new ArrayList<>(); String currentName = ""; String currentName = ""; for (int i = 0; i < groupStr.length(); i++) { for (int i = 0; i < groupStr.length(); i++) { Loading gms/src/test/java/it/inaf/ia2/gms/service/GroupNameServiceTest.java +7 −7 Original line number Original line Diff line number Diff line Loading @@ -31,7 +31,7 @@ public class GroupNameServiceTest { private GroupNameService groupNameService; private GroupNameService groupNameService; @Test @Test public void getNamesTest() { public void testGetNames() { GroupEntity group = new GroupEntity(); GroupEntity group = new GroupEntity(); group.setName("Child\\.withDot"); group.setName("Child\\.withDot"); Loading @@ -54,7 +54,7 @@ public class GroupNameServiceTest { } } @Test @Test public void getRootTest() { public void testGetRoot() { Set<String> groupIds = new HashSet<>(); Set<String> groupIds = new HashSet<>(); groupIds.add("ROOT"); groupIds.add("ROOT"); Loading @@ -79,9 +79,9 @@ public class GroupNameServiceTest { } } @Test @Test public void extractGroupNamesTest() { public void testExtractGroupNames() { List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another\\.composite"); List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another%5C.composite"); assertEquals(4, names.size()); assertEquals(4, names.size()); assertEquals("group1", names.get(0)); assertEquals("group1", names.get(0)); Loading @@ -91,12 +91,12 @@ public class GroupNameServiceTest { } } @Test @Test public void extractGroupNamesTestEmpty() { public void testExtractGroupNamesEmpty() { assertTrue(groupNameService.extractGroupNames("").isEmpty()); assertTrue(groupNameService.extractGroupNames("").isEmpty()); } } @Test @Test public void extractGroupNamesTestNull() { public void testExtractGroupNamesNull() { assertTrue(groupNameService.extractGroupNames(null).isEmpty()); assertTrue(groupNameService.extractGroupNames(null).isEmpty()); } } Loading Loading
gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,9 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; public class GmsApplication { public class GmsApplication { public static void main(String[] args) { public static void main(String[] args) { // Needed to use %5C (backslash URL encoded) in path variables (otherwise BadRequest error is sent) System.setProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "true"); SpringApplication.run(GmsApplication.class, args); SpringApplication.run(GmsApplication.class, args); } } Loading
gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java +20 −4 Original line number Original line Diff line number Diff line Loading @@ -21,6 +21,8 @@ import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.rap.data.RapUser; import it.inaf.ia2.rap.data.RapUser; import java.io.IOException; import java.io.IOException; import java.io.PrintWriter; import java.io.PrintWriter; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.security.Principal; import java.security.Principal; import java.util.ArrayList; import java.util.ArrayList; import java.util.HashMap; import java.util.HashMap; Loading Loading @@ -105,8 +107,10 @@ public class JWTWebServiceController { * be defined adding ".+", otherwise Spring will think it is a file * be defined adding ".+", otherwise Spring will think it is a file * extension (thanks https://stackoverflow.com/a/16333149/771431) * extension (thanks https://stackoverflow.com/a/16333149/771431) */ */ @GetMapping(value = {"/ws/jwt/search/{group:.+}", "/vo/search/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE) @GetMapping(value = {"/ws/jwt/search/**", "/vo/search/**"}, produces = MediaType.TEXT_PLAIN_VALUE) public void isMemberOf(@PathVariable("group") String group, HttpServletResponse response) throws IOException { public void isMemberOf(HttpServletRequest request, HttpServletResponse response) throws IOException { String group = getGroupFromRequest(request, "/ws/jwt/search/", "/vo/search/"); List<String> groupNames = groupNameService.extractGroupNames(group); List<String> groupNames = groupNameService.extractGroupNames(group); Loading Loading @@ -338,8 +342,10 @@ public class JWTWebServiceController { response.setStatus(HttpServletResponse.SC_CREATED); response.setStatus(HttpServletResponse.SC_CREATED); } } @GetMapping(value = {"/ws/jwt/email/{group:.+}", "/email/{group:.+}"}, produces = MediaType.TEXT_PLAIN_VALUE) @GetMapping(value = {"/ws/jwt/email/**", "/email/**"}, produces = MediaType.TEXT_PLAIN_VALUE) public void getEmailOfMembers(@PathVariable("group") String groupNames, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException { public void getEmailOfMembers(HttpServletRequest request, @RequestParam("permission") Optional<Permission> permission, HttpServletResponse response) throws IOException { String groupNames = getGroupFromRequest(request, "/ws/jwt/email/", "/email/"); GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames)); GroupEntity groupEntity = groupNameService.getGroupFromNames(Optional.of(groupNames)); Loading Loading @@ -379,4 +385,14 @@ public class JWTWebServiceController { responseBody.put("mergedId", mergedId); responseBody.put("mergedId", mergedId); return ResponseEntity.ok(responseBody); return ResponseEntity.ok(responseBody); } } private String getGroupFromRequest(HttpServletRequest request, String... basePaths) { for (String basePath : basePaths) { String completeBasePath = request.getContextPath() + basePath; if (request.getRequestURI().startsWith(completeBasePath)) { return URLDecoder.decode(request.getRequestURI().substring(completeBasePath.length()), StandardCharsets.UTF_8); } } return ""; } } }
gms/src/main/java/it/inaf/ia2/gms/service/GroupNameService.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -3,6 +3,8 @@ package it.inaf.ia2.gms.service; import it.inaf.ia2.gms.exception.BadRequestException; import it.inaf.ia2.gms.exception.BadRequestException; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.model.GroupEntity; import it.inaf.ia2.gms.persistence.model.GroupEntity; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.ArrayList; import java.util.Arrays; import java.util.Arrays; import java.util.Collections; import java.util.Collections; Loading Loading @@ -136,6 +138,8 @@ public class GroupNameService { return new ArrayList<>(); return new ArrayList<>(); } } groupStr = URLDecoder.decode(groupStr, StandardCharsets.UTF_8); List<String> names = new ArrayList<>(); List<String> names = new ArrayList<>(); String currentName = ""; String currentName = ""; for (int i = 0; i < groupStr.length(); i++) { for (int i = 0; i < groupStr.length(); i++) { Loading
gms/src/test/java/it/inaf/ia2/gms/service/GroupNameServiceTest.java +7 −7 Original line number Original line Diff line number Diff line Loading @@ -31,7 +31,7 @@ public class GroupNameServiceTest { private GroupNameService groupNameService; private GroupNameService groupNameService; @Test @Test public void getNamesTest() { public void testGetNames() { GroupEntity group = new GroupEntity(); GroupEntity group = new GroupEntity(); group.setName("Child\\.withDot"); group.setName("Child\\.withDot"); Loading @@ -54,7 +54,7 @@ public class GroupNameServiceTest { } } @Test @Test public void getRootTest() { public void testGetRoot() { Set<String> groupIds = new HashSet<>(); Set<String> groupIds = new HashSet<>(); groupIds.add("ROOT"); groupIds.add("ROOT"); Loading @@ -79,9 +79,9 @@ public class GroupNameServiceTest { } } @Test @Test public void extractGroupNamesTest() { public void testExtractGroupNames() { List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another\\.composite"); List<String> names = groupNameService.extractGroupNames("group1.people.name\\.surname.another%5C.composite"); assertEquals(4, names.size()); assertEquals(4, names.size()); assertEquals("group1", names.get(0)); assertEquals("group1", names.get(0)); Loading @@ -91,12 +91,12 @@ public class GroupNameServiceTest { } } @Test @Test public void extractGroupNamesTestEmpty() { public void testExtractGroupNamesEmpty() { assertTrue(groupNameService.extractGroupNames("").isEmpty()); assertTrue(groupNameService.extractGroupNames("").isEmpty()); } } @Test @Test public void extractGroupNamesTestNull() { public void testExtractGroupNamesNull() { assertTrue(groupNameService.extractGroupNames(null).isEmpty()); assertTrue(groupNameService.extractGroupNames(null).isEmpty()); } } Loading
