Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IA2
GMS
Commits
5a8ed6cd
Commit
5a8ed6cd
authored
Mar 22, 2021
by
Sonia Zorba
Browse files
Added URL encoding of group names and configuration for allowing encoded backslash character
parent
cdc85827
Pipeline
#1225
passed with stages
in 32 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
View file @
5a8ed6cd
...
...
@@ -16,6 +16,9 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
public
class
GmsApplication
{
public
static
void
main
(
String
[]
args
)
{
// Needed to use %5C (backslash URL encoded) in path variables (otherwise BadRequest error is sent)
System
.
setProperty
(
"org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH"
,
"true"
);
SpringApplication
.
run
(
GmsApplication
.
class
,
args
);
}
...
...
gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java
View file @
5a8ed6cd
...
...
@@ -21,6 +21,8 @@ import it.inaf.ia2.gms.service.SearchService;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.io.IOException
;
import
java.io.PrintWriter
;
import
java.net.URLDecoder
;
import
java.nio.charset.StandardCharsets
;
import
java.security.Principal
;
import
java.util.ArrayList
;
import
java.util.HashMap
;
...
...
@@ -105,8 +107,10 @@ public class JWTWebServiceController {
* be defined adding ".+", otherwise Spring will think it is a file
* extension (thanks https://stackoverflow.com/a/16333149/771431)
*/
@GetMapping
(
value
=
{
"/ws/jwt/search/{group:.+}"
,
"/vo/search/{group:.+}"
},
produces
=
MediaType
.
TEXT_PLAIN_VALUE
)
public
void
isMemberOf
(
@PathVariable
(
"group"
)
String
group
,
HttpServletResponse
response
)
throws
IOException
{
@GetMapping
(
value
=
{
"/ws/jwt/search/**"
,
"/vo/search/**"
},
produces
=
MediaType
.
TEXT_PLAIN_VALUE
)
public
void
isMemberOf
(
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
{
String
group
=
getGroupFromRequest
(
request
,
"/ws/jwt/search/"
,
"/vo/search/"
);
List
<
String
>
groupNames
=
groupNameService
.
extractGroupNames
(
group
);
...
...
@@ -338,8 +342,10 @@ public class JWTWebServiceController {
response
.
setStatus
(
HttpServletResponse
.
SC_CREATED
);
}
@GetMapping
(
value
=
{
"/ws/jwt/email/{group:.+}"
,
"/email/{group:.+}"
},
produces
=
MediaType
.
TEXT_PLAIN_VALUE
)
public
void
getEmailOfMembers
(
@PathVariable
(
"group"
)
String
groupNames
,
@RequestParam
(
"permission"
)
Optional
<
Permission
>
permission
,
HttpServletResponse
response
)
throws
IOException
{
@GetMapping
(
value
=
{
"/ws/jwt/email/**"
,
"/email/**"
},
produces
=
MediaType
.
TEXT_PLAIN_VALUE
)
public
void
getEmailOfMembers
(
HttpServletRequest
request
,
@RequestParam
(
"permission"
)
Optional
<
Permission
>
permission
,
HttpServletResponse
response
)
throws
IOException
{
String
groupNames
=
getGroupFromRequest
(
request
,
"/ws/jwt/email/"
,
"/email/"
);
GroupEntity
groupEntity
=
groupNameService
.
getGroupFromNames
(
Optional
.
of
(
groupNames
));
...
...
@@ -379,4 +385,14 @@ public class JWTWebServiceController {
responseBody
.
put
(
"mergedId"
,
mergedId
);
return
ResponseEntity
.
ok
(
responseBody
);
}
private
String
getGroupFromRequest
(
HttpServletRequest
request
,
String
...
basePaths
)
{
for
(
String
basePath
:
basePaths
)
{
String
completeBasePath
=
request
.
getContextPath
()
+
basePath
;
if
(
request
.
getRequestURI
().
startsWith
(
completeBasePath
))
{
return
URLDecoder
.
decode
(
request
.
getRequestURI
().
substring
(
completeBasePath
.
length
()),
StandardCharsets
.
UTF_8
);
}
}
return
""
;
}
}
gms/src/main/java/it/inaf/ia2/gms/service/GroupNameService.java
View file @
5a8ed6cd
...
...
@@ -3,6 +3,8 @@ package it.inaf.ia2.gms.service;
import
it.inaf.ia2.gms.exception.BadRequestException
;
import
it.inaf.ia2.gms.persistence.GroupsDAO
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
java.net.URLDecoder
;
import
java.nio.charset.StandardCharsets
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.Collections
;
...
...
@@ -136,6 +138,8 @@ public class GroupNameService {
return
new
ArrayList
<>();
}
groupStr
=
URLDecoder
.
decode
(
groupStr
,
StandardCharsets
.
UTF_8
);
List
<
String
>
names
=
new
ArrayList
<>();
String
currentName
=
""
;
for
(
int
i
=
0
;
i
<
groupStr
.
length
();
i
++)
{
...
...
gms/src/test/java/it/inaf/ia2/gms/service/GroupNameServiceTest.java
View file @
5a8ed6cd
...
...
@@ -31,7 +31,7 @@ public class GroupNameServiceTest {
private
GroupNameService
groupNameService
;
@Test
public
void
g
etNames
Test
()
{
public
void
testG
etNames
()
{
GroupEntity
group
=
new
GroupEntity
();
group
.
setName
(
"Child\\.withDot"
);
...
...
@@ -54,7 +54,7 @@ public class GroupNameServiceTest {
}
@Test
public
void
g
etRoot
Test
()
{
public
void
testG
etRoot
()
{
Set
<
String
>
groupIds
=
new
HashSet
<>();
groupIds
.
add
(
"ROOT"
);
...
...
@@ -79,9 +79,9 @@ public class GroupNameServiceTest {
}
@Test
public
void
e
xtractGroupNames
Test
()
{
public
void
testE
xtractGroupNames
()
{
List
<
String
>
names
=
groupNameService
.
extractGroupNames
(
"group1.people.name\\.surname.another
\\
.composite"
);
List
<
String
>
names
=
groupNameService
.
extractGroupNames
(
"group1.people.name\\.surname.another
%5C
.composite"
);
assertEquals
(
4
,
names
.
size
());
assertEquals
(
"group1"
,
names
.
get
(
0
));
...
...
@@ -89,14 +89,14 @@ public class GroupNameServiceTest {
assertEquals
(
"name.surname"
,
names
.
get
(
2
));
assertEquals
(
"another.composite"
,
names
.
get
(
3
));
}
@Test
public
void
e
xtractGroupNames
Test
Empty
()
{
public
void
testE
xtractGroupNamesEmpty
()
{
assertTrue
(
groupNameService
.
extractGroupNames
(
""
).
isEmpty
());
}
@Test
public
void
e
xtractGroupNames
Test
Null
()
{
public
void
testE
xtractGroupNamesNull
()
{
assertTrue
(
groupNameService
.
extractGroupNames
(
null
).
isEmpty
());
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment