You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2017/02/18 09:36:13 UTC
camel git commit: Add CSRF support
Repository: camel
Updated Branches:
refs/heads/master da54b7c27 -> 03b04db57
Add CSRF support
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/03b04db5
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/03b04db5
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/03b04db5
Branch: refs/heads/master
Commit: 03b04db5784b18af3a09b5e54e52d634a8b3a73f
Parents: da54b7c
Author: lionel-bonitasoft <li...@bonitasoft.com>
Authored: Fri Feb 17 15:47:07 2017 -0500
Committer: Claus Ibsen <da...@apache.org>
Committed: Sat Feb 18 10:34:30 2017 +0100
----------------------------------------------------------------------
.../camel/component/bonita/api/BonitaAPI.java | 2 +-
.../bonita/api/filter/BonitaAuthFilter.java | 6 ++++
.../bonita/api/util/BonitaAPIUtil.java | 36 ++++++++------------
.../component/bonita/api/BonitaAPITest.java | 4 +--
.../api/BonitaAuthFilterConnectionTest.java | 15 +++++++-
.../bonita/api/BonitaAuthFilterTest.java | 2 ++
.../util/BonitaAPIUtilPrepareInputsTest.java | 10 +++---
7 files changed, 45 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/BonitaAPI.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/BonitaAPI.java b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/BonitaAPI.java
index 0d3ec4f..a1d8c72 100644
--- a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/BonitaAPI.java
+++ b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/BonitaAPI.java
@@ -69,7 +69,7 @@ public class BonitaAPI {
}
public CaseCreationResponse startCase(ProcessDefinitionResponse processDefinition,
- Map<String, Serializable> rawInputs) {
+ Map<String, Serializable> rawInputs) throws Exception {
if (processDefinition == null) {
throw new IllegalArgumentException("ProcessDefinition is null");
}
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/filter/BonitaAuthFilter.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/filter/BonitaAuthFilter.java b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/filter/BonitaAuthFilter.java
index 68deba8..8256baf 100644
--- a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/filter/BonitaAuthFilter.java
+++ b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/filter/BonitaAuthFilter.java
@@ -49,6 +49,7 @@ public class BonitaAuthFilter implements ClientRequestFilter {
if (requestContext.getCookies().get("JSESSIONID") == null) {
String username = bonitaApiConfig.getUsername();
String password = bonitaApiConfig.getPassword();
+ String bonitaApiToken = null;
if (ObjectHelper.isEmpty(username)) {
throw new IllegalArgumentException("Username provided is null or empty.");
}
@@ -68,9 +69,14 @@ public class BonitaAuthFilter implements ClientRequestFilter {
Map<String, NewCookie> cr = response.getCookies();
ArrayList<Object> cookies = new ArrayList<>();
for (NewCookie cookie : cr.values()) {
+ if ("X-Bonita-API-Token".equals(cookie.getName())) {
+ bonitaApiToken = cookie.getValue();
+ requestContext.getHeaders().add("X-Bonita-API-Token", bonitaApiToken);
+ }
cookies.add(cookie.toCookie());
}
requestContext.getHeaders().put("Cookie", cookies);
+
}
}
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtil.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtil.java b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtil.java
index 2f6ac14..cf4c580 100644
--- a/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtil.java
+++ b/components/camel-bonita/src/main/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtil.java
@@ -72,31 +72,25 @@ public class BonitaAPIUtil {
}
public UploadFileResponse uploadFile(ProcessDefinitionResponse processDefinition,
- FileInput file) {
+ FileInput file) throws Exception {
WebTarget resource = webTarget
- .path("portal/resource/process/{processName}/{processVersion}/API/formFileUpload")
- .resolveTemplate("processName", processDefinition.getName())
- .resolveTemplate("processVersion", processDefinition.getVersion());
- try {
- File tempFile = File.createTempFile("tempFile", ".tmp");
- FileOutputStream fos = new FileOutputStream(tempFile);
- fos.write(file.getContent());
- fos.close();
- final FileDataBodyPart filePart =
- new FileDataBodyPart("file", tempFile, MediaType.APPLICATION_OCTET_STREAM_TYPE);
- final MultiPart multipart = new FormDataMultiPart().bodyPart(filePart);
- // resource.request().header("ContentType", "application/json");
- return resource.request().accept(MediaType.APPLICATION_JSON).post(
- entity(multipart, MediaType.MULTIPART_FORM_DATA), UploadFileResponse.class);
- } catch (Exception e) {
- e.printStackTrace();
- }
- return null;
-
+ .path("portal/resource/process/{processName}/{processVersion}/API/formFileUpload")
+ .resolveTemplate("processName", processDefinition.getName())
+ .resolveTemplate("processVersion", processDefinition.getVersion());
+ File tempFile = File.createTempFile("tempFile", ".tmp");
+ FileOutputStream fos = new FileOutputStream(tempFile);
+ fos.write(file.getContent());
+ fos.close();
+ final FileDataBodyPart filePart =
+ new FileDataBodyPart("file", tempFile, MediaType.APPLICATION_OCTET_STREAM_TYPE);
+ final MultiPart multipart = new FormDataMultiPart().bodyPart(filePart);
+ return resource.request().accept(MediaType.APPLICATION_JSON).post(
+ entity(multipart, MediaType.MULTIPART_FORM_DATA), UploadFileResponse.class);
+
}
public Map<String, Serializable> prepareInputs(ProcessDefinitionResponse processDefinition,
- Map<String, Serializable> inputs) {
+ Map<String, Serializable> inputs) throws Exception {
for (Entry<String, Serializable> entry : inputs.entrySet()) {
if (entry.getValue() instanceof FileInput) {
FileInput file = (FileInput) entry.getValue();
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAPITest.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAPITest.java b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAPITest.java
index 6dc7aff..5eaea61 100644
--- a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAPITest.java
+++ b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAPITest.java
@@ -35,7 +35,7 @@ public class BonitaAPITest {
@Test(
expected = IllegalArgumentException.class)
- public void testStartCaseEmptyProcessDefinitionId() {
+ public void testStartCaseEmptyProcessDefinitionId() throws Exception {
BonitaAPI bonitaApi = BonitaAPIBuilder
.build(new BonitaAPIConfig("hostname", "port", "username", "password"));
bonitaApi.startCase(null, new HashMap<String, Serializable>());
@@ -43,7 +43,7 @@ public class BonitaAPITest {
@Test(
expected = IllegalArgumentException.class)
- public void testStartCaseNUllContractInput() {
+ public void testStartCaseNUllContractInput() throws Exception {
BonitaAPI bonitaApi = BonitaAPIBuilder
.build(new BonitaAPIConfig("hostname", "port", "username", "password"));
ProcessDefinitionResponse processDefinition = new ProcessDefinitionResponse();
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterConnectionTest.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterConnectionTest.java b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterConnectionTest.java
index 0b2a860..9f4ced8 100644
--- a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterConnectionTest.java
+++ b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterConnectionTest.java
@@ -43,7 +43,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
import static org.junit.Assert.assertEquals;
@RunWith(PowerMockRunner.class)
-@PowerMockIgnore("javax.net.ssl.*")
+@PowerMockIgnore({"javax.net.ssl.*", "javax.management.*"})
public class BonitaAuthFilterConnectionTest {
@Rule
@@ -70,5 +70,18 @@ public class BonitaAuthFilterConnectionTest {
bonitaAuthFilter.filter(requestContext);
assertEquals(1, requestContext.getHeaders().size());
}
+
+ @Test
+ public void testConnectionSupportCSRF() throws Exception {
+ String port = wireMockRule.port() + "";
+ stubFor(post(urlEqualTo("/bonita/loginservice"))
+ .willReturn(aResponse().withHeader("Set-Cookie", "JSESSIONID=something", "X-Bonita-API-Token=something")));
+
+ BonitaAPIConfig bonitaApiConfig =
+ new BonitaAPIConfig("localhost", port, "username", "password");
+ BonitaAuthFilter bonitaAuthFilter = new BonitaAuthFilter(bonitaApiConfig);
+ bonitaAuthFilter.filter(requestContext);
+ assertEquals(2, requestContext.getHeaders().size());
+ }
}
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterTest.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterTest.java b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterTest.java
index 44d2ec7..2d33d07 100644
--- a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterTest.java
+++ b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/BonitaAuthFilterTest.java
@@ -30,9 +30,11 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.modules.junit4.PowerMockRunner;
@RunWith(PowerMockRunner.class)
+@PowerMockIgnore("javax.management.*")
public class BonitaAuthFilterTest {
@Mock
http://git-wip-us.apache.org/repos/asf/camel/blob/03b04db5/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtilPrepareInputsTest.java
----------------------------------------------------------------------
diff --git a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtilPrepareInputsTest.java b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtilPrepareInputsTest.java
index 1750d15..5c6fae6 100644
--- a/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtilPrepareInputsTest.java
+++ b/components/camel-bonita/src/test/java/org/apache/camel/component/bonita/api/util/BonitaAPIUtilPrepareInputsTest.java
@@ -55,7 +55,7 @@ public class BonitaAPIUtilPrepareInputsTest {
}
@Test
- public void testPrepareInputsEmpty() {
+ public void testPrepareInputsEmpty() throws Exception {
Map<String, Serializable> rawInputs = new HashMap<String, Serializable>();
Map<String, Serializable> inputs =
bonitaApiUtil.prepareInputs(processDefinition, rawInputs);
@@ -63,7 +63,7 @@ public class BonitaAPIUtilPrepareInputsTest {
}
@Test
- public void testPrepareInputsNoFiles() {
+ public void testPrepareInputsNoFiles() throws Exception {
Map<String, Serializable> rawInputs = new HashMap<String, Serializable>();
rawInputs.put("myVariable", 1);
Map<String, Serializable> inputs =
@@ -72,7 +72,7 @@ public class BonitaAPIUtilPrepareInputsTest {
}
@Test
- public void testPrepareInputsOneFile() {
+ public void testPrepareInputsOneFile() throws Exception {
Map<String, Serializable> rawInputs = new HashMap<String, Serializable>();
FileInput file = new FileInput("filename", "String".getBytes());
@@ -89,7 +89,7 @@ public class BonitaAPIUtilPrepareInputsTest {
}
@Test
- public void testPrepareInputsFileType() {
+ public void testPrepareInputsFileType() throws Exception {
Map<String, Serializable> rawInputs = new HashMap<String, Serializable>();
FileInput file = new FileInput("filename", "String".getBytes());
@@ -105,7 +105,7 @@ public class BonitaAPIUtilPrepareInputsTest {
}
@Test
- public void testPrepareInputsTempFilePath() {
+ public void testPrepareInputsTempFilePath() throws Exception {
Map<String, Serializable> rawInputs = new HashMap<String, Serializable>();
FileInput file = new FileInput("filename", "String".getBytes());