X-Git-Url: https://code.grnet.gr/git/pithos/blobdiff_plain/7513cffa5899cf530ded234e51e68720966b8ccf..37adb76803bf3ee181df17e4aa19fde5e2aed0e7:/src/gr/ebs/gss/server/rest/RequestHandler.java diff --git a/src/gr/ebs/gss/server/rest/RequestHandler.java b/src/gr/ebs/gss/server/rest/RequestHandler.java index 93abbeb..84270b6 100644 --- a/src/gr/ebs/gss/server/rest/RequestHandler.java +++ b/src/gr/ebs/gss/server/rest/RequestHandler.java @@ -101,19 +101,24 @@ public class RequestHandler extends Webdav { protected static final String PATH_TAGS = "/tags"; /** + * The path for token renewal. + */ + protected static final String PATH_TOKEN = "/newtoken"; + + /** * The GSS-specific header for the request timestamp. */ - private static final String GSS_DATE_HEADER = "X-GSS-Date"; + protected static final String GSS_DATE_HEADER = "X-GSS-Date"; /** * The RFC 2616 date header. */ - private static final String DATE_HEADER = "Date"; + protected static final String DATE_HEADER = "Date"; /** * The Authorization HTTP header. */ - private static final String AUTHORIZATION_HEADER = "Authorization"; + protected static final String AUTHORIZATION_HEADER = "Authorization"; /** * The group parameter name. @@ -188,6 +193,7 @@ public class RequestHandler extends Webdav { methodsAllowed.put(PATH_SHARED, METHOD_GET); methodsAllowed.put(PATH_TAGS, METHOD_GET); methodsAllowed.put(PATH_TRASH, METHOD_GET + ", " + METHOD_DELETE); + methodsAllowed.put(PATH_TOKEN, METHOD_GET); } /** @@ -264,6 +270,9 @@ public class RequestHandler extends Webdav { } else if (path.startsWith(PATH_SEARCH)) { resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + } else if (path.startsWith(PATH_TOKEN)) { + resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN)); + resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_USERS)) { resp.addHeader("Allow", methodsAllowed.get(PATH_USERS)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); @@ -311,6 +320,9 @@ public class RequestHandler extends Webdav { } else if (path.startsWith(PATH_SEARCH)) { resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + } else if (path.startsWith(PATH_TOKEN)) { + resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN)); + resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_USERS)) { resp.addHeader("Allow", methodsAllowed.get(PATH_USERS)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); @@ -372,6 +384,8 @@ public class RequestHandler extends Webdav { new OthersHandler().serveOthers(req, resp); else if (path.startsWith(PATH_TAGS)) new TagsHandler().serveTags(req, resp); + else if (path.startsWith(PATH_TOKEN)) + new TokenHandler().newToken(req, resp); else resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI()); } @@ -401,6 +415,9 @@ public class RequestHandler extends Webdav { } else if (path.startsWith(PATH_SEARCH)) { resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + } else if (path.startsWith(PATH_TOKEN)) { + resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN)); + resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_USERS)) { resp.addHeader("Allow", methodsAllowed.get(PATH_USERS)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); @@ -449,8 +466,11 @@ public class RequestHandler extends Webdav { } else if (path.startsWith(PATH_SEARCH)) { resp.addHeader("Allow", methodsAllowed.get(PATH_SEARCH)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + } else if (path.startsWith(PATH_TOKEN)) { + resp.addHeader("Allow", methodsAllowed.get(PATH_TOKEN)); + resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_USERS)) { - resp.addHeader("Allow", methodsAllowed.get(PATH_USERS)); + resp.addHeader("Allow", methodsAllowed.get(PATH_USERS)); resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_SHARED)) { resp.addHeader("Allow", methodsAllowed.get(PATH_SHARED)); @@ -465,6 +485,8 @@ public class RequestHandler extends Webdav { resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else if (path.startsWith(PATH_FILES)) new FilesHandler(getServletContext()).postResource(req, resp); + else if (path.equals("/")) + new UserHandler().postUser(req, resp); else resp.sendError(HttpServletResponse.SC_NOT_FOUND, req.getRequestURI()); } @@ -489,13 +511,15 @@ public class RequestHandler extends Webdav { o = getService().findUser(owner); } catch (RpcException e) { logger.error("", e); - throw new ObjectNotFoundException("User " + owner + " not found, due to internal server error"); + throw new ObjectNotFoundException("User " + owner + + " not found, due to internal server error"); } if (o != null) { req.setAttribute(OWNER_ATTRIBUTE, o); return path.substring(slash + 1); } - if (!path.startsWith(PATH_SEARCH) && !path.startsWith(PATH_USERS)) + if (!path.startsWith(PATH_SEARCH) && !path.startsWith(PATH_USERS) && + !path.startsWith(PATH_TOKEN)) throw new ObjectNotFoundException("User " + owner + " not found"); return path; } @@ -606,6 +630,8 @@ public class RequestHandler extends Webdav { // Fetch the Authorization header and find the user specified in it. String auth = request.getHeader(AUTHORIZATION_HEADER); + if (auth == null) + return false; String[] authParts = auth.split(" "); if (authParts.length != 2) return false; @@ -716,4 +742,13 @@ public class RequestHandler extends Webdav { return result; } + + /** + * Reject illegal resource names, like '.' or '..' or resource names containing '/'. + */ + protected boolean isValidResourceName(String name) { + if (".".equals(name) || "..".equals(name) || name.contains("/")) + return false; + return true; + } }