jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r392905 - in /jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav: DavServletRequest.java WebdavRequestImpl.java
Date Mon, 10 Apr 2006 08:12:17 GMT
Author: angela
Date: Mon Apr 10 01:12:16 2006
New Revision: 392905

URL: http://svn.apache.org/viewcvs?rev=392905&view=rev
Log:
HCR-389: WebDAV server should treat non-wellformed XML in request bodies as error.

Modified:
    jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/DavServletRequest.java
    jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/WebdavRequestImpl.java

Modified: jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/DavServletRequest.java
URL: http://svn.apache.org/viewcvs/jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/DavServletRequest.java?rev=392905&r1=392904&r2=392905&view=diff
==============================================================================
--- jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/DavServletRequest.java
(original)
+++ jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/DavServletRequest.java
Mon Apr 10 01:12:16 2006
@@ -116,11 +116,13 @@
 
     /**
      * Parse the Xml request body and return a {@link org.w3c.dom.Document}.
-     * If the request body can not be parsed <code>null</code> is returned.
      *
-     * @return Document representing the Xml request body or <code>null</code>.
+     * @return Document representing the Xml request body or <code>null</code>
+     * if no request body is present.
+     * @throws DavException If the request body cannot be parsed into an Xml
+     * Document. 
      */
-    public Document getRequestDocument();
+    public Document getRequestDocument() throws DavException;
 
     /**
      * Return the type of PROPFIND request as indicated by the PROPFIND request
@@ -204,4 +206,4 @@
      * @return true, if the test is successful, false otherwise.
      */
     public boolean matchesIfHeader(String href, String token, String eTag);
-}
\ No newline at end of file
+}

Modified: jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/WebdavRequestImpl.java
URL: http://svn.apache.org/viewcvs/jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/WebdavRequestImpl.java?rev=392905&r1=392904&r2=392905&view=diff
==============================================================================
--- jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/WebdavRequestImpl.java
(original)
+++ jackrabbit/trunk/jcr-server/webdav/src/java/org/apache/jackrabbit/webdav/WebdavRequestImpl.java
Mon Apr 10 01:12:16 2006
@@ -56,6 +56,8 @@
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
+
+import java.io.BufferedInputStream;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -239,15 +241,15 @@
     }
 
     /**
-     * @return Xml document
      * @see DavServletRequest#getRequestDocument()
      */
-    public Document getRequestDocument() {
+    public Document getRequestDocument() throws DavException {
         Document requestDocument = null;
         /*
-        Don't attempt to parse the body if the contentlength header is 0
-        NOTE: a value of -1 indicates that the length is unknown, thus we have to parse the
body.
-        NOTE that http1.1 request using chunked transfer coding will therefore not be detected
here
+        Don't attempt to parse the body if the contentlength header is 0.
+        NOTE: a value of -1 indicates that the length is unknown, thus we have
+        to parse the body. Note that http1.1 request using chunked transfer
+        coding will therefore not be detected here.
         */
         if (httpRequest.getContentLength() == 0) {
             return requestDocument;
@@ -256,19 +258,32 @@
         try {
             InputStream in = httpRequest.getInputStream();
             if (in != null) {
-                DocumentBuilder docBuilder = BUILDER_FACTORY.newDocumentBuilder();
-                requestDocument = docBuilder.parse(in);
+                // use a buffered input stream to find out whether there actually
+                // is a request body
+                InputStream bin = new BufferedInputStream(in);
+                bin.mark(1);
+                boolean isEmpty = -1 == bin.read();
+                bin.reset();
+                if (!isEmpty) {
+                    DocumentBuilder docBuilder = BUILDER_FACTORY.newDocumentBuilder();
+                    requestDocument = docBuilder.parse(bin);
+                }
             }
         } catch (IOException e) {
             if (log.isDebugEnabled()) {
                 log.debug("Unable to build an XML Document from the request body: " + e.getMessage());
             }
+            throw new DavException(DavServletResponse.SC_BAD_REQUEST);
         } catch (ParserConfigurationException e) {
             if (log.isDebugEnabled()) {
                 log.debug("Unable to build an XML Document from the request body: " + e.getMessage());
             }
+            throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR);
         } catch (SAXException e) {
-            log.debug("Unable to build an XML Document from the request body: " + e.getMessage());
+            if (log.isDebugEnabled()) {
+                log.debug("Unable to build an XML Document from the request body: " + e.getMessage());
+            }
+            throw new DavException(DavServletResponse.SC_BAD_REQUEST);
         }
         return requestDocument;
     }
@@ -310,8 +325,7 @@
     private void parsePropFindRequest() throws DavException {
         propfindProps = new DavPropertyNameSet();
         Document requestDocument = getRequestDocument();
-        // propfind httpRequest with empty body or invalid Xml >> retrieve all property
-        // TODO: invalid XML -> spec requires a 'BAD REQUEST' error code
+        // propfind httpRequest with empty body >> retrieve all property
         if (requestDocument == null) {
             return;
         }
@@ -882,4 +896,4 @@
     public String getRealPath(String s) {
         return httpRequest.getRealPath(s);
     }
-}
\ No newline at end of file
+}



Mime
View raw message