You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2022/08/29 22:31:07 UTC
[cxf] branch 3.4.x-fixes updated: feat(CXF-8752): list of redirectable verbs configurable. (#987)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.4.x-fixes by this push:
new f2cc3790fe feat(CXF-8752): list of redirectable verbs configurable. (#987)
f2cc3790fe is described below
commit f2cc3790fec967f8c57e4b8b5928605afd6f50dc
Author: ypiel <yp...@talend.com>
AuthorDate: Mon Aug 29 23:03:08 2022 +0200
feat(CXF-8752): list of redirectable verbs configurable. (#987)
* feat(CXF-8752): list of redirectable verbs configurable.
* feat(CXF-8752): add getContextualStrings in MessageUtils.
* feat(CXF-8752): use getContextualStrings.
---
.../java/org/apache/cxf/message/MessageUtils.java | 18 ++++++++++++++++
.../org/apache/cxf/message/MessageUtilsTest.java | 24 ++++++++++++++++++++++
.../org/apache/cxf/transport/http/HTTPConduit.java | 9 +++++++-
3 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/cxf/message/MessageUtils.java b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
index 5e8342675c..5fd4d3176d 100644
--- a/core/src/main/java/org/apache/cxf/message/MessageUtils.java
+++ b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
@@ -24,6 +24,8 @@ import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Optional;
+import java.util.Set;
+import java.util.TreeSet;
import java.util.logging.Logger;
import org.w3c.dom.Node;
@@ -192,6 +194,22 @@ public final class MessageUtils {
return defaultValue;
}
+ public static Set<String> getContextualStrings(Message m, String key, Set<String> defaultValue) {
+ if (m != null) {
+ Object o = m.getContextualProperty(key);
+ if (o instanceof String) {
+ Set<String> values = new TreeSet<>();
+ for (String value : ((String) o).split(",")) {
+ if (!StringUtils.isEmpty(value)) {
+ values.add(value.trim());
+ }
+ }
+ return values;
+ }
+ }
+ return defaultValue;
+ }
+
public static Object getContextualProperty(Message m, String propPreferred, String propDefault) {
Object prop = null;
if (m != null) {
diff --git a/core/src/test/java/org/apache/cxf/message/MessageUtilsTest.java b/core/src/test/java/org/apache/cxf/message/MessageUtilsTest.java
index eec1c94de7..243d52b821 100644
--- a/core/src/test/java/org/apache/cxf/message/MessageUtilsTest.java
+++ b/core/src/test/java/org/apache/cxf/message/MessageUtilsTest.java
@@ -20,7 +20,10 @@ package org.apache.cxf.message;
import java.lang.reflect.Method;
import java.util.Arrays;
+import java.util.Collections;
import java.util.Optional;
+import java.util.Set;
+import java.util.TreeSet;
import javax.xml.namespace.QName;
@@ -93,4 +96,25 @@ public class MessageUtilsTest {
assertThat(MessageUtils.getContextualIntegers(message, "invalid-key", Arrays.asList(0, 1)),
contains(0, 1));
}
+
+ @Test
+ public void getContextualStrings() {
+ Message message = new MessageImpl();
+ String key = "key1";
+ message.put(key, "aaaa, bbb , cc, d");
+ Set contextualStrings = MessageUtils.getContextualStrings(message, key, Collections.EMPTY_SET);
+ assertEquals(4, contextualStrings.size());
+ assertTrue(contextualStrings.remove("aaaa"));
+ assertTrue(contextualStrings.remove("bbb"));
+ assertTrue(contextualStrings.remove("cc"));
+ assertTrue(contextualStrings.remove("d"));
+ assertTrue(contextualStrings.isEmpty());
+
+ Set<String> defaults = new TreeSet<>();
+ defaults.add("aaa");
+ defaults.add("zzz");
+ defaults.add("eee");
+ Set contextualStringsDefault = MessageUtils.getContextualStrings(message, "unknownKey", defaults);
+ assertEquals(defaults, contextualStringsDefault);
+ }
}
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
index c56b463e42..cfc33246c4 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
@@ -201,6 +201,9 @@ public abstract class HTTPConduit
private static final String HTTP_GET_METHOD = "GET";
private static final Set<String> KNOWN_HTTP_VERBS_WITH_NO_CONTENT =
new HashSet<>(Arrays.asList(new String[]{"GET", "HEAD", "OPTIONS", "TRACE"}));
+
+ private static final String AUTHORIZED_REDIRECTED_HTTP_VERBS = "http.redirect.allowed.verbs";
+
/**
* This constant is the Message(Map) key for a list of visited URLs that
* is used in redirect loop protection.
@@ -1428,9 +1431,13 @@ public abstract class HTTPConduit
* @throws IOException
*/
protected void handleRetransmits() throws IOException {
+
+ Set<String> allowedVerbsSet = MessageUtils.getContextualStrings(outMessage,
+ AUTHORIZED_REDIRECTED_HTTP_VERBS, KNOWN_HTTP_VERBS_WITH_NO_CONTENT);
+
// If we have a cachedStream, we are caching the request.
if (cachedStream != null
- || getClient().isAutoRedirect() && KNOWN_HTTP_VERBS_WITH_NO_CONTENT.contains(getMethod())
+ || getClient().isAutoRedirect() && allowedVerbsSet.contains(getMethod())
|| authSupplier != null && authSupplier.requiresRequestCaching()) {
if (LOG.isLoggable(Level.FINE) && cachedStream != null) {