protected static final String PATH_TAGS = "/tags";
/**
+ * The path for token renewal.
+ */
+ protected static final String PATH_TOKEN = "/newtoken";
+
+ /**
* The GSS-specific header for the request timestamp.
*/
- private static final String GSS_DATE_HEADER = "X-GSS-Date";
+ protected static final String GSS_DATE_HEADER = "X-GSS-Date";
/**
* The RFC 2616 date header.
*/
- private static final String DATE_HEADER = "Date";
+ protected static final String DATE_HEADER = "Date";
/**
* The Authorization HTTP header.
*/
- private static final String AUTHORIZATION_HEADER = "Authorization";
+ protected static final String AUTHORIZATION_HEADER = "Authorization";
/**
* The group parameter name.
methodsAllowed.put(PATH_SHARED, METHOD_GET);
methodsAllowed.put(PATH_TAGS, METHOD_GET);
methodsAllowed.put(PATH_TRASH, METHOD_GET + ", " + METHOD_DELETE);
+ methodsAllowed.put(PATH_TOKEN, METHOD_GET);
}
/**
} else if (path.startsWith(PATH_SEARCH)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ } else if (path.startsWith(PATH_TOKEN)) {
+ resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN));
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_USERS)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_USERS));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_SEARCH)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ } else if (path.startsWith(PATH_TOKEN)) {
+ resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN));
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_USERS)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_USERS));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
new OthersHandler().serveOthers(req, resp);
else if (path.startsWith(PATH_TAGS))
new TagsHandler().serveTags(req, resp);
+ else if (path.startsWith(PATH_TOKEN))
+ new TokenHandler().newToken(req, resp);
else
resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
}
} else if (path.startsWith(PATH_SEARCH)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ } else if (path.startsWith(PATH_TOKEN)) {
+ resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN));
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_USERS)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_USERS));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_SEARCH)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ } else if (path.startsWith(PATH_TOKEN)) {
+ resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN));
+ resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_USERS)) {
- resp.addHeader("Allow", methodsAllowed.get(PATH_USERS));
+ resp.addHeader("Allow", methodsAllowed.get(PATH_USERS));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_SHARED)) {
resp.addHeader("Allow", methodsAllowed.get(PATH_SHARED));
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else if (path.startsWith(PATH_FILES))
new FilesHandler(getServletContext()).postResource(req, resp);
+ else if (path.equals("/"))
+ new UserHandler().postUser(req, resp);
else
resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI());
}
o = getService().findUser(owner);
} catch (RpcException e) {
logger.error("", e);
- throw new ObjectNotFoundException("User " + owner + " not found, due to internal server error");
+ throw new ObjectNotFoundException("User " + owner +
+ " not found, due to internal server error");
}
if (o != null) {
req.setAttribute(OWNER_ATTRIBUTE, o);
return path.substring(slash + 1);
}
- if (!path.startsWith(PATH_SEARCH) && !path.startsWith(PATH_USERS))
+ if (!path.startsWith(PATH_SEARCH) && !path.startsWith(PATH_USERS) &&
+ !path.startsWith(PATH_TOKEN))
throw new ObjectNotFoundException("User " + owner + " not found");
return path;
}
// Fetch the Authorization header and find the user specified in it.
String auth = request.getHeader(AUTHORIZATION_HEADER);
+ if (auth == null)
+ return false;
String[] authParts = auth.split(" ");
if (authParts.length != 2)
return false;
return result;
}
+
+ /**
+ * Reject illegal resource names, like '.' or '..' or resource names containing '/'.
+ */
+ protected boolean isValidResourceName(String name) {
+ if (".".equals(name) || "..".equals(name) || name.contains("/"))
+ return false;
+ return true;
+ }
}
projects / pithos / blobdiff