update to safer parameter handling
This commit is contained in:
parent
07e6a16f11
commit
cf71fd1d2e
17 changed files with 39 additions and 39 deletions
|
@ -1,5 +1,5 @@
|
|||
group = org.xbib
|
||||
name = net-http
|
||||
version = 3.4.2
|
||||
version = 3.5.0
|
||||
|
||||
org.gradle.warning.mode = ALL
|
||||
|
|
|
@ -144,7 +144,7 @@ public final class Bootstrap {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL session = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
|
|
@ -143,7 +143,7 @@ public final class Bootstrap {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL session = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
|
|
@ -70,7 +70,7 @@ public class NettyHttpsServerMultiRequestLoadTest {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL peer host = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
@ -157,7 +157,7 @@ public class NettyHttpsServerMultiRequestLoadTest {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL session = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
|
|
@ -74,7 +74,7 @@ public class NettyHttpsServerTest {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL peer host = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
@ -152,7 +152,7 @@ public class NettyHttpsServerTest {
|
|||
" SNI host = " + ctx.getRequest().as(HttpsRequest.class).getSNIHost() +
|
||||
" SSL session = " + ctx.getRequest().as(HttpsRequest.class).getSSLSession() +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
|
|
@ -55,7 +55,7 @@ public class NettyHttp2ServerMultiRequestLoadTest {
|
|||
.charset(StandardCharsets.UTF_8)
|
||||
.body("domain: " +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress());
|
||||
|
|
|
@ -50,7 +50,7 @@ public class NettyHttpServerBodyTest {
|
|||
ctx.status(HttpResponseStatus.OK)
|
||||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
.body("parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
|
|
|
@ -3,7 +3,6 @@ package org.xbib.net.http.netty.test;
|
|||
import io.netty.bootstrap.Bootstrap;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.xbib.net.NetworkClass;
|
||||
import org.xbib.net.Parameter;
|
||||
import org.xbib.net.URL;
|
||||
import org.xbib.net.http.HttpAddress;
|
||||
import org.xbib.net.http.HttpHeaderNames;
|
||||
|
@ -58,13 +57,10 @@ class NettyHttpServerByteOrderMarkTest {
|
|||
logger.log(Level.FINEST, "handler starting");
|
||||
String content = ctx.getRequestBuilder().getBodyAsChars(StandardCharsets.UTF_8).toString();
|
||||
logger.log(Level.FINEST, "got content = " + content);
|
||||
logger.log(Level.FINEST, "got FORM params op = " + ctx.getRequest().getParameter().getAll("op", Parameter.Domain.FORM));
|
||||
logger.log(Level.FINEST, "got FORM params key = " + ctx.getRequest().getParameter().getAll("key", Parameter.Domain.FORM));
|
||||
logger.log(Level.FINEST, "got FORM params query = " + ctx.getRequest().getParameter().getAll("query", Parameter.Domain.FORM));
|
||||
ctx.status(HttpResponseStatus.OK)
|
||||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
.body("parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
|
|
|
@ -56,7 +56,7 @@ public class NettyHttpServerFailureTest {
|
|||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("domain" +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes());
|
||||
|
|
|
@ -66,7 +66,7 @@ public class NettyHttpServerFileUploadTest {
|
|||
ctx.status(HttpResponseStatus.OK)
|
||||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
.body("parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
|
@ -149,7 +149,7 @@ public class NettyHttpServerFileUploadTest {
|
|||
ctx.status(HttpResponseStatus.OK)
|
||||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
.body("parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
|
|
|
@ -55,7 +55,7 @@ public class NettyHttpServerMultiRequestLoadTest {
|
|||
.charset(StandardCharsets.UTF_8)
|
||||
.body("domain: " +
|
||||
" base URL = " + ctx.getRequest().getBaseURL() +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" attributes = " + ctx.getAttributes() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress())
|
||||
|
|
|
@ -51,7 +51,7 @@ public class NettyHttpServerTest {
|
|||
.header(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
|
||||
.charset(StandardCharsets.UTF_8)
|
||||
.body("domain" +
|
||||
" parameter = " + ctx.getRequest().getParameter().allToString() +
|
||||
" parameter = " + ctx.getRequest().getParameter().toString() +
|
||||
" local address = " + ctx.getRequest().getLocalAddress() +
|
||||
" remote address = " + ctx.getRequest().getRemoteAddress() +
|
||||
" attributes = " + ctx.getAttributes())
|
||||
|
|
|
@ -4,6 +4,7 @@ import java.io.IOException;
|
|||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.xbib.net.Parameter;
|
||||
import org.xbib.net.ParameterException;
|
||||
import org.xbib.net.SecurityRealm;
|
||||
import org.xbib.net.URL;
|
||||
import org.xbib.net.UserProfile;
|
||||
|
@ -59,15 +60,17 @@ public class FormAuthenticationHandler extends LoginAuthenticationHandler implem
|
|||
prepareFormAuthentication(context);
|
||||
return;
|
||||
}
|
||||
String username = parameter.getAsString(usernameParameter, Parameter.Domain.FORM);
|
||||
String password = parameter.getAsString(passwordParameter, Parameter.Domain.FORM);
|
||||
logger.log(Level.FINE, "username and password found, ready for authentication");
|
||||
try {
|
||||
String username = parameter.getAsString(usernameParameter, Parameter.Domain.FORM);
|
||||
String password = parameter.getAsString(passwordParameter, Parameter.Domain.FORM);
|
||||
logger.log(Level.FINE, "username and password found, ready for authentication");
|
||||
authenticate(userProfile, username, password, context.getRequest());
|
||||
logger.log(Level.FINE, "successful authentication");
|
||||
return;
|
||||
} catch (ParameterException e) {
|
||||
logger.log(Level.SEVERE, "parameter error");
|
||||
} catch (Exception e) {
|
||||
logger.log(Level.SEVERE, "authentication error for " + username);
|
||||
logger.log(Level.SEVERE, "authentication error");
|
||||
}
|
||||
prepareFormAuthentication(context);
|
||||
}
|
||||
|
|
|
@ -248,17 +248,13 @@ public class BaseHttpRouter implements HttpRouter {
|
|||
cookieBox.forEach(c -> cookieParameterBuilder.add(c.name(), c.value()));
|
||||
}
|
||||
Parameter queryParameter = url.getQueryParams();
|
||||
logger.log(Level.FINER, "adding query parameters = " + queryParameter.getDomain() + " " + queryParameter.allToString());
|
||||
parameterBuilder.add(queryParameter);
|
||||
Parameter formParameter = formParameterBuilder.build();
|
||||
logger.log(Level.FINER, "adding form parameters = " + formParameter.getDomain() + " " + formParameter.allToString());
|
||||
parameterBuilder.add(formParameter);
|
||||
Parameter cookieParameter = cookieParameterBuilder.build();
|
||||
logger.log(Level.FINER, "adding cookie parameters = " + cookieParameter.getDomain() + " " + cookieParameter.allToString());
|
||||
parameterBuilder.add(cookieParameter);
|
||||
if (pathResolverResult != null) {
|
||||
Parameter pathParameter = pathResolverResult.getParameter();
|
||||
logger.log(Level.FINER, "adding path parameters = " + pathParameter.getDomain() + " " + pathParameter.allToString());
|
||||
parameterBuilder.add(pathParameter);
|
||||
}
|
||||
httpRequestBuilder.setParameter(parameterBuilder.build());
|
||||
|
|
|
@ -167,7 +167,7 @@ public class BaseHttpRouteResolverTest {
|
|||
AtomicInteger atomicInteger = new AtomicInteger(0);
|
||||
resolver.resolve(route, r -> {
|
||||
assertEquals(1, r.getValue());
|
||||
assertEquals("[token=abcdef]", r.getParameter().allToString());
|
||||
assertEquals("[token=abcdef]", r.getParameter().toString());
|
||||
atomicInteger.incrementAndGet();
|
||||
});
|
||||
assertEquals(1, atomicInteger.get());
|
||||
|
@ -183,7 +183,7 @@ public class BaseHttpRouteResolverTest {
|
|||
AtomicInteger atomicInteger = new AtomicInteger(0);
|
||||
resolver.resolve(route, r -> {
|
||||
assertEquals(1, r.getValue());
|
||||
assertEquals("[token=abcdef, key=123456]", r.getParameter().allToString());
|
||||
assertEquals("[token=abcdef, key=123456]", r.getParameter().toString());
|
||||
atomicInteger.incrementAndGet();
|
||||
});
|
||||
assertEquals(1, atomicInteger.get());
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package org.xbib.net.http.template.groovy;
|
||||
|
||||
import groovy.text.markup.BaseTemplate;
|
||||
import org.xbib.net.ParameterException;
|
||||
import org.xbib.net.http.server.application.BaseApplicationModule;
|
||||
import org.xbib.net.http.server.application.Application;
|
||||
import org.xbib.net.http.server.HttpRequest;
|
||||
|
@ -60,9 +61,13 @@ public class GroovyTemplateApplicationModule extends BaseApplicationModule {
|
|||
|
||||
@Override
|
||||
public void onOpen(HttpRouterContext httpRouterContext, HttpService httpService, HttpRequest httpRequest) {
|
||||
httpRouterContext.getAttributes().put("request", httpRequest);
|
||||
httpRouterContext.getAttributes().put("params", httpRequest.getParameter().asSingleValuedMap());
|
||||
application.getModules().forEach(module -> httpRouterContext.getAttributes().put(module.getName(), module));
|
||||
try {
|
||||
httpRouterContext.getAttributes().put("request", httpRequest);
|
||||
httpRouterContext.getAttributes().put("params", httpRequest.getParameter().asSingleValuedMap());
|
||||
application.getModules().forEach(module -> httpRouterContext.getAttributes().put(module.getName(), module));
|
||||
} catch (ParameterException e) {
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -2,13 +2,13 @@ dependencyResolutionManagement {
|
|||
versionCatalogs {
|
||||
libs {
|
||||
version('gradle', '8.1.1')
|
||||
version('junit', '5.9.3')
|
||||
version('groovy', '4.0.12')
|
||||
version('netty', '4.1.93.Final')
|
||||
version('junit', '5.10.0')
|
||||
version('groovy', '4.0.13')
|
||||
version('netty', '4.1.96.Final')
|
||||
version('netty-tcnative', '2.0.61.Final')
|
||||
version('datastructures', '2.3.0')
|
||||
version('config', '5.0.3')
|
||||
version('net', '3.2.0')
|
||||
version('net', '3.3.0')
|
||||
library('junit-jupiter-api', 'org.junit.jupiter', 'junit-jupiter-api').versionRef('junit')
|
||||
library('junit-jupiter-params', 'org.junit.jupiter', 'junit-jupiter-params').versionRef('junit')
|
||||
library('junit-jupiter-engine', 'org.junit.jupiter', 'junit-jupiter-engine').versionRef('junit')
|
||||
|
@ -20,7 +20,7 @@ dependencyResolutionManagement {
|
|||
library('netty-epoll', 'io.netty', 'netty-transport-native-epoll').versionRef('netty')
|
||||
library('netty-kqueue', 'io.netty', 'netty-transport-native-kqueue').versionRef('netty')
|
||||
library('netty-boringssl', 'io.netty', 'netty-tcnative-boringssl-static').versionRef('netty-tcnative')
|
||||
library('bouncycastle', 'org.bouncycastle', 'bcpkix-jdk18on').version('1.73')
|
||||
library('bouncycastle', 'org.bouncycastle', 'bcpkix-jdk18on').version('1.76')
|
||||
library('conscrypt', 'org.conscrypt', 'conscrypt-openjdk-uber').version('2.5.2')
|
||||
library('jackson', 'com.fasterxml.jackson.core', 'jackson-databind').version('2.14.2')
|
||||
library('jna', 'net.java.dev.jna', 'jna').version('5.13.0')
|
||||
|
@ -40,8 +40,8 @@ dependencyResolutionManagement {
|
|||
library('config', 'org.xbib', 'config').versionRef('config')
|
||||
library('settings-datastructures-json', 'org.xbib', 'settings-datastructures-json').versionRef('config')
|
||||
library('settings-datastructures-yaml', 'org.xbib', 'settings-datastructures-yaml').versionRef('config')
|
||||
library('jdbc-query', 'org.xbib', 'jdbc-query').version('1.1.0')
|
||||
library('jdbc-connection-pool', 'org.xbib', 'jdbc-connection-pool').version('1.1.0')
|
||||
library('jdbc-query', 'org.xbib', 'jdbc-query').version('1.3.0')
|
||||
library('jdbc-connection-pool', 'org.xbib', 'jdbc-connection-pool').version('1.3.0')
|
||||
library('event', 'org.xbib', 'event').version('0.0.1')
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue