You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2016/06/14 15:58:19 UTC

[03/17] syncope git commit: [SYNCOPE-829] Moving result size protection onto external layers

[SYNCOPE-829] Moving result size protection onto external layers


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9d15e6f1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9d15e6f1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9d15e6f1

Branch: refs/heads/SYNCOPE-862
Commit: 9d15e6f19bd0db7375a024a4d313fe3f84dac70a
Parents: 6401a90
Author: Francesco Chicchiricc� <il...@apache.org>
Authored: Mon Jun 13 11:33:25 2016 +0200
Committer: Francesco Chicchiricc� <il...@apache.org>
Committed: Mon Jun 13 11:33:25 2016 +0200

----------------------------------------------------------------------
 .../common/rest/api/beans/ConnObjectTOListQuery.java      | 10 +++++++++-
 .../java/org/apache/syncope/core/logic/ResourceLogic.java |  8 +++-----
 2 files changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/9d15e6f1/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ConnObjectTOListQuery.java
----------------------------------------------------------------------
diff --git a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ConnObjectTOListQuery.java b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ConnObjectTOListQuery.java
index 53df9fb..16d0e66 100644
--- a/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ConnObjectTOListQuery.java
+++ b/common/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ConnObjectTOListQuery.java
@@ -19,6 +19,7 @@
 package org.apache.syncope.common.rest.api.beans;
 
 import java.io.Serializable;
+import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.QueryParam;
@@ -32,6 +33,8 @@ public class ConnObjectTOListQuery implements Serializable {
 
     private static final long serialVersionUID = -371488230250055359L;
 
+    private static final int MAX_SIZE = 100;
+
     public static class Builder {
 
         private final ConnObjectTOListQuery instance = new ConnObjectTOListQuery();
@@ -64,10 +67,15 @@ public class ConnObjectTOListQuery implements Serializable {
     private String orderBy;
 
     public Integer getSize() {
-        return size;
+        return size == null
+                ? 25
+                : size > MAX_SIZE
+                        ? MAX_SIZE
+                        : size;
     }
 
     @Min(1)
+    @Max(MAX_SIZE)
     @QueryParam(JAXRSService.PARAM_SIZE)
     @DefaultValue("25")
     public void setSize(final Integer size) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/9d15e6f1/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
index 34d9544..915d8ff 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
@@ -77,8 +77,6 @@ import org.springframework.transaction.annotation.Transactional;
 @Component
 public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> {
 
-    private static final transient int MAX_CONNOBJ_SEARCH_SIZE = 1000;
-
     @Autowired
     private ExternalResourceDAO resourceDAO;
 
@@ -320,7 +318,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> {
     @PreAuthorize("hasRole('" + StandardEntitlement.RESOURCE_LIST_CONNOBJECT + "')")
     @Transactional(readOnly = true)
     public Pair<SearchResult, List<ConnObjectTO>> listConnObjects(final String key, final String anyTypeKey,
-            final Integer size, final String pagedResultsCookie, final List<OrderByClause> orderBy) {
+            final int size, final String pagedResultsCookie, final List<OrderByClause> orderBy) {
 
         Triple<ExternalResource, AnyType, Provision> init = connObjectInit(key, anyTypeKey);
 
@@ -349,9 +347,9 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> {
             @Override
             public boolean handle(final ConnectorObject connectorObject) {
                 connObjects.add(connObjectUtils.getConnObjectTO(connectorObject));
-                // provide safety approach in case of pagination not supported or not required (SYNCOPE-829 reworking)
+                // safety protection against uncontrolled result size
                 count++;
-                return count < MAX_CONNOBJ_SEARCH_SIZE;
+                return count < size;
             }
         }, size, pagedResultsCookie, orderBy, mapItems);