Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 8499 invoked from network); 19 Jul 2009 18:19:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 19 Jul 2009 18:19:24 -0000 Received: (qmail 40946 invoked by uid 500); 19 Jul 2009 18:20:29 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 40828 invoked by uid 500); 19 Jul 2009 18:20:29 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 40819 invoked by uid 99); 19 Jul 2009 18:20:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Jul 2009 18:20:29 +0000 X-ASF-Spam-Status: No, hits=-1998.5 required=10.0 tests=ALL_TRUSTED,WEIRD_PORT X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Jul 2009 18:20:25 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id C0BCD23888E9; Sun, 19 Jul 2009 18:20:04 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r795583 - in /cxf/trunk: rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/ rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ systests/src/test/java/org/apache/cxf/systest/jaxrs/security/ Date: Sun, 19 Jul 2009 18:20:04 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090719182004.C0BCD23888E9@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Sun Jul 19 18:20:03 2009 New Revision: 795583 URL: http://svn.apache.org/viewvc?rev=795583&view=rev Log: [CXF-2346] Checking servlet request params in cases when input stream was consumed by filters Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java?rev=795583&r1=795582&r2=795583&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/FormEncodingProvider.java Sun Jul 19 18:20:03 2009 @@ -120,7 +120,10 @@ AttachmentUtils.getMultipartBody(mc, attachmentDir, attachmentThreshold); FormUtils.populateMapFromMultipart(params, body, decode); } else { - FormUtils.populateMapFromString(params, FormUtils.readBody(is), decode); + FormUtils.populateMapFromString(params, + FormUtils.readBody(is), + decode, + mc != null ? mc.getHttpServletRequest() : null); } } Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java?rev=795583&r1=795582&r2=795583&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java Sun Jul 19 18:20:03 2009 @@ -23,9 +23,11 @@ import java.io.IOException; import java.io.InputStream; import java.util.Arrays; +import java.util.Enumeration; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MultivaluedMap; @@ -68,7 +70,8 @@ } public static void populateMapFromString(MultivaluedMap params, - String postBody, boolean decode) { + String postBody, boolean decode, + HttpServletRequest request) { if (!StringUtils.isEmpty(postBody)) { List parts = Arrays.asList(postBody.split("&")); for (String part : parts) { @@ -85,6 +88,12 @@ params.add(keyValue[0], ""); } } + } else if (request != null) { + for (Enumeration en = request.getParameterNames(); en.hasMoreElements();) { + String paramName = en.nextElement().toString(); + String[] values = request.getParameterValues(paramName); + params.put(paramName, Arrays.asList(values)); + } } } Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java?rev=795583&r1=795582&r2=795583&view=diff ============================================================================== --- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java (original) +++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java Sun Jul 19 18:20:03 2009 @@ -597,7 +597,8 @@ body = FormUtils.readBody(m.getContent(InputStream.class)); m.put("org.apache.cxf.jaxrs.provider.form.body", body); } - FormUtils.populateMapFromString(params, (String)body, decode); + HttpServletRequest request = (HttpServletRequest)m.get(AbstractHTTPDestination.HTTP_REQUEST); + FormUtils.populateMapFromString(params, (String)body, decode, request); } else { MultipartBody body = AttachmentUtils.getMultipartBody(mc); FormUtils.populateMapFromMultipart(params, body, decode); Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java?rev=795583&r1=795582&r2=795583&view=diff ============================================================================== --- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java (original) +++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRSSpringSecurityClassTest.java Sun Jul 19 18:20:03 2009 @@ -19,6 +19,16 @@ package org.apache.cxf.systest.jaxrs.security; +import java.io.InputStream; + +import javax.ws.rs.core.Response; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Unmarshaller; + +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.jaxrs.ext.form.Form; +import org.apache.cxf.systest.jaxrs.Book; + import org.junit.BeforeClass; import org.junit.Test; @@ -38,6 +48,19 @@ } @Test + public void testBookFromForm() throws Exception { + + WebClient wc = WebClient.create("http://localhost:9080/bookstorestorage/bookforms", + "foo", "bar", null); + + Response r = wc.form(new Form().set("name", "CXF Rocks").set("id", "123")); + + Book b = readBook((InputStream)r.getEntity()); + assertEquals("CXF Rocks", b.getName()); + assertEquals(123L, b.getId()); + } + + @Test public void testGetBookUserAdmin() throws Exception { String endpointAddress = "http://localhost:9080/bookstorestorage/thosebooks/123"; @@ -62,6 +85,12 @@ getBook(endpointAddress, "bob", "bobspassword", 403); } + private Book readBook(InputStream is) throws Exception { + JAXBContext c = JAXBContext.newInstance(new Class[]{Book.class}); + Unmarshaller u = c.createUnmarshaller(); + return (Book)u.unmarshal(is); + } + @Test public void testGetBookSubresourceAdmin() throws Exception { String endpointAddress = @@ -70,5 +99,5 @@ getBook(endpointAddress, "bob", "bobspassword", 403); } - + } Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java?rev=795583&r1=795582&r2=795583&view=diff ============================================================================== --- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java (original) +++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/jaxrs/security/SecureBookStoreNoInterface.java Sun Jul 19 18:20:03 2009 @@ -22,7 +22,9 @@ import java.util.HashMap; import java.util.Map; +import javax.ws.rs.FormParam; import javax.ws.rs.GET; +import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; @@ -42,6 +44,16 @@ books.put(book.getId(), book); } + @POST + @Path("/bookforms") + @Secured({"ROLE_USER", "ROLE_ADMIN" }) + public Book getBookFromFormParams(@FormParam("name") String name, @FormParam("id") long id) { + if (name == null || id == 0) { + throw new RuntimeException("FormParams are not set"); + } + return new Book(name, id); + } + @GET @Path("/thosebooks/{bookId}/{id}") @Produces("application/xml")