You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2011/02/14 22:08:42 UTC
svn commit: r1070671 - in /incubator/wookie/trunk: WebContent/WEB-INF/web.xml
src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java
src/org/apache/wookie/flatpack/FlatpackController.java
Author: scottbw
Date: Mon Feb 14 21:08:41 2011
New Revision: 1070671
URL: http://svn.apache.org/viewvc?rev=1070671&view=rev
Log:
Created a controller and tests for Flatpack (See WOOKIE-182). I've also implemented some very basic security features (can't request a package URL without a valid API key, can't get access to the directory listing they're contained in, hard-to-guess filenames).
Added:
incubator/wookie/trunk/src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java
incubator/wookie/trunk/src/org/apache/wookie/flatpack/FlatpackController.java
Modified:
incubator/wookie/trunk/WebContent/WEB-INF/web.xml
Modified: incubator/wookie/trunk/WebContent/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/incubator/wookie/trunk/WebContent/WEB-INF/web.xml?rev=1070671&r1=1070670&r2=1070671&view=diff
==============================================================================
--- incubator/wookie/trunk/WebContent/WEB-INF/web.xml (original)
+++ incubator/wookie/trunk/WebContent/WEB-INF/web.xml Mon Feb 14 21:08:41 2011
@@ -120,6 +120,27 @@
<servlet-name>ParticipantServlet</servlet-name>
<url-pattern>/participants</url-pattern>
</servlet-mapping>
+
+
+ <servlet>
+ <description></description>
+ <display-name>Flatpack</display-name>
+ <servlet-name>Flatpack</servlet-name>
+ <servlet-class>
+ org.apache.wookie.flatpack.FlatpackController
+ </servlet-class>
+ <load-on-startup>2</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>Flatpack</servlet-name>
+ <url-pattern>/export</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/export/*.wgt</url-pattern>
+ <param-name>dirAllowed</param-name>
+ <param-value>false</param-value>
+ </servlet-mapping>
<servlet>
<description></description>
Added: incubator/wookie/trunk/src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java
URL: http://svn.apache.org/viewvc/incubator/wookie/trunk/src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java?rev=1070671&view=auto
==============================================================================
--- incubator/wookie/trunk/src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java (added)
+++ incubator/wookie/trunk/src-tests/org/apache/wookie/tests/functional/FlatpackControllerTest.java Mon Feb 14 21:08:41 2011
@@ -0,0 +1,82 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wookie.tests.functional;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+
+import java.io.IOException;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+
+public class FlatpackControllerTest extends AbstractControllerTest {
+
+ private static final String TEST_FLATPACK_SERVICE_URL_VALID = TEST_SERVER_LOCATION+"export";
+
+ @BeforeClass
+ public static void setup() throws HttpException, IOException{
+ HttpClient client = new HttpClient();
+ PostMethod post = new PostMethod(TEST_INSTANCES_SERVICE_URL_VALID);
+ post.setQueryString("api_key="+API_KEY_VALID+"&widgetid="+WIDGET_ID_VALID+"&userid=FPtest&shareddatakey=test");
+ client.executeMethod(post);
+ int code = post.getStatusCode();
+ post.releaseConnection();
+ }
+
+ @Test
+ public void sniff(){
+ try {
+ HttpClient client = new HttpClient();
+ GetMethod get = new GetMethod(TEST_FLATPACK_SERVICE_URL_VALID);
+ client.executeMethod(get);
+ int code = get.getStatusCode();
+ assertEquals(403, code);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ fail("post failed");
+ }
+ }
+
+ @Test
+ public void getPack(){
+ try {
+ HttpClient client = new HttpClient();
+ PostMethod post = new PostMethod(TEST_FLATPACK_SERVICE_URL_VALID);
+ post.setQueryString("api_key="+API_KEY_VALID+"&widgetid="+WIDGET_ID_VALID+"&userid=FPtest&shareddatakey=test");
+ client.executeMethod(post);
+ int code = post.getStatusCode();
+ assertEquals(200,code);
+ String url = post.getResponseBodyAsString();
+ post.releaseConnection();
+
+ // Now lets try to download it!
+ GetMethod get = new GetMethod(url);
+ client.executeMethod(get);
+ code = get.getStatusCode();
+ assertEquals(200, code);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ fail("post failed");
+ }
+ }
+}
Added: incubator/wookie/trunk/src/org/apache/wookie/flatpack/FlatpackController.java
URL: http://svn.apache.org/viewvc/incubator/wookie/trunk/src/org/apache/wookie/flatpack/FlatpackController.java?rev=1070671&view=auto
==============================================================================
--- incubator/wookie/trunk/src/org/apache/wookie/flatpack/FlatpackController.java (added)
+++ incubator/wookie/trunk/src/org/apache/wookie/flatpack/FlatpackController.java Mon Feb 14 21:08:41 2011
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wookie.flatpack;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.apache.wookie.beans.IWidgetInstance;
+import org.apache.wookie.controller.Controller;
+import org.apache.wookie.controller.WidgetInstancesController;
+import org.apache.wookie.exceptions.InvalidParametersException;
+import org.apache.wookie.exceptions.UnauthorizedAccessException;
+import org.apache.wookie.helpers.WidgetKeyManager;
+
+/**
+ * @author scottbw@apache.org
+ *
+ */
+public class FlatpackController extends Controller {
+
+ private static final long serialVersionUID = 2907712805939515004L;
+ static Logger _logger = Logger.getLogger(FlatpackController.class.getName());
+
+
+
+ /**
+ * Deny access to the listing of the flatpack folder
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ response.getWriter().write(createFlatpack(request));
+ response.setStatus(HttpServletResponse.SC_OK);
+ } catch (InvalidParametersException e){
+ _logger.error(e.getMessage(), e);
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ } catch (UnauthorizedAccessException e){
+ _logger.error(e.getMessage(), e);
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+ }
+
+ /**
+ * Create a flatpack for the request
+ * @param request
+ * @return the URL for the flatpack
+ * @throws UnauthorizedAccessException if there is no valid API key supplied
+ * @throws InvalidParametersException if there is no valid widget instance
+ */
+ private String createFlatpack(HttpServletRequest request) throws UnauthorizedAccessException, InvalidParametersException{
+ if (!WidgetKeyManager.isValidRequest(request)) throw new UnauthorizedAccessException();
+ String path;
+ try {
+ IWidgetInstance instance = WidgetInstancesController.findWidgetInstance(request);
+ FlatpackFactory fac = new FlatpackFactory(instance);
+ // Set the folder to save the flatpack to an appropriate location on this server
+ fac.setFlatpackFolder(new File(request.getSession().getServletContext().getRealPath(FlatpackFactory.DEFAULT_FLATPACK_FOLDER.getPath())));
+ // Construct the URL to the file
+ String serverName = request.getSession().getServletContext().getContextPath();
+ path = serverName + "/" + FlatpackFactory.DEFAULT_FLATPACK_FOLDER + "/" + fac.pack().getName();
+ URL url = new URL(request.getScheme() , request.getServerName() , request.getServerPort() , path);
+ path = url.toString();
+ } catch (Exception e) {
+ throw new InvalidParametersException();
+ }
+ return path;
+ }
+
+
+}