You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ju...@apache.org on 2010/06/01 17:12:16 UTC
svn commit: r950102 - in
/sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post:
AbstractSlingPostOperation.java impl/operations/ModifyOperation.java
Author: justin
Date: Tue Jun 1 15:12:16 2010
New Revision: 950102
URL: http://svn.apache.org/viewvc?rev=950102&view=rev
Log:
SLING-1447 - modifying post servlet to strip workspace prefix from paths; also checks that the workspace path prefix matches the workspace name from the request-provided session
Modified:
sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractSlingPostOperation.java
sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/ModifyOperation.java
Modified: sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractSlingPostOperation.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractSlingPostOperation.java?rev=950102&r1=950101&r2=950102&view=diff
==============================================================================
--- sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractSlingPostOperation.java (original)
+++ sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/AbstractSlingPostOperation.java Tue Jun 1 15:12:16 2010
@@ -64,25 +64,24 @@ public abstract class AbstractSlingPostO
public void run(SlingHttpServletRequest request,
HtmlResponse response,
SlingPostProcessor[] processors) {
+ Session session = request.getResourceResolver().adaptTo(Session.class);
- // calculate the paths
- String path = getItemPath(request);
- response.setPath(path);
-
- // location
- response.setLocation(externalizePath(request, path));
-
- // parent location
- path = ResourceUtil.getParent(path);
- if (path != null) {
- response.setParentLocation(externalizePath(request, path));
- }
+ try {
+ // calculate the paths
+ String path = getItemPath(request);
+ path = removeAndValidateWorkspace(path, session);
+ response.setPath(path);
- Session session = request.getResourceResolver().adaptTo(Session.class);
+ // location
+ response.setLocation(externalizePath(request, path));
- final List<Modification> changes = new ArrayList<Modification>();
+ // parent location
+ path = ResourceUtil.getParent(path);
+ if (path != null) {
+ response.setParentLocation(externalizePath(request, path));
+ }
- try {
+ final List<Modification> changes = new ArrayList<Modification>();
doRun(request, response, changes);
@@ -125,6 +124,26 @@ public abstract class AbstractSlingPostO
}
/**
+ * Remove the workspace name, if any, from the start of the path and validate that the
+ * session's workspace name matches the path workspace name.
+ */
+ protected String removeAndValidateWorkspace(String path, Session session) throws RepositoryException {
+ final int wsSepPos = path.indexOf(":/");
+ if (wsSepPos != -1) {
+ final String workspaceName = path.substring(0, wsSepPos);
+ if (!workspaceName.equals(session.getWorkspace().getName())) {
+ throw new RepositoryException("Incorrect workspace. Expecting " + workspaceName + ". Received "
+ + session.getWorkspace().getName());
+ } else {
+ return path.substring(wsSepPos + 1);
+ }
+ } else {
+ return path;
+ }
+ }
+
+
+ /**
* Returns the path of the resource of the request as the item path.
* <p>
* This method may be overwritten by extension if the operation has
Modified: sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/ModifyOperation.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/ModifyOperation.java?rev=950102&r1=950101&r2=950102&view=diff
==============================================================================
--- sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/ModifyOperation.java (original)
+++ sling/trunk/bundles/servlets/post/src/main/java/org/apache/sling/servlets/post/impl/operations/ModifyOperation.java Tue Jun 1 15:12:16 2010
@@ -38,6 +38,7 @@ import org.apache.sling.api.SlingHttpSer
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.resource.NonExistingResource;
import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.servlets.post.AbstractSlingPostOperation;
@@ -198,24 +199,33 @@ public class ModifyOperation extends Abs
// a generated node name
basePath += "/" + generatedName;
+ basePath = ensureUniquePath(request, basePath);
+
+ return basePath;
+ }
+
+ private String ensureUniquePath(SlingHttpServletRequest request, String basePath) throws RepositoryException {
// if resulting path exists, add a suffix until it's not the case
// anymore
Session session = request.getResourceResolver().adaptTo(Session.class);
+ String jcrPath = removeAndValidateWorkspace(basePath, session);
+
// if resulting path exists, add a suffix until it's not the case
// anymore
- if (session.itemExists(basePath)) {
+ if (session.itemExists(jcrPath)) {
for (int idx = 0; idx < 1000; idx++) {
- String newPath = basePath + "_" + idx;
+ String newPath = jcrPath + "_" + idx;
if (!session.itemExists(newPath)) {
- basePath = newPath;
+ basePath = basePath + "_" + idx;
+ jcrPath = newPath;
break;
}
}
}
// if it still exists there are more than 1000 nodes ?
- if (session.itemExists(basePath)) {
+ if (session.itemExists(jcrPath)) {
throw new RepositoryException(
"Collision in generated node names for path=" + basePath);
}
@@ -233,6 +243,7 @@ public class ModifyOperation extends Abs
throws RepositoryException {
String path = response.getPath();
+
if (!session.itemExists(path)) {
deepGetOrCreateNode(session, path, reqProperties, changes);