You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2023/01/22 10:25:05 UTC
[struts] 03/15: Adds new http interceptor to allow block access based on method type
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch http-interceptor
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 80c7005bea37c5f62a68c4e5678cab2c2b9c67f5
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Sat Apr 19 17:50:32 2014 +0200
Adds new http interceptor to allow block access based on method type
---
.../httpmethod/HttpMethodInterceptor.java | 97 ++++++++++++++++++++++
1 file changed, 97 insertions(+)
diff --git a/core/src/main/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptor.java
new file mode 100644
index 000000000..36efb5266
--- /dev/null
+++ b/core/src/main/java/org/apache/struts2/interceptor/httpmethod/HttpMethodInterceptor.java
@@ -0,0 +1,97 @@
+package org.apache.struts2.interceptor.httpmethod;
+
+import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
+import com.opensymphony.xwork2.util.AnnotationUtils;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+import org.apache.struts2.ServletActionContext;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+public class HttpMethodInterceptor extends AbstractInterceptor {
+
+ public static final Class[] HTTP_METHOD_ANNOTATIONS = { AllowedMethod.class, PostOnly.class, GetOnly.class, GetPostOnly.class };
+
+ private static final Logger LOG = LoggerFactory.getLogger(HttpMethodInterceptor.class);
+
+ private String badRequestResultName = "bad-request";
+
+ @Override
+ public String intercept(ActionInvocation invocation) throws Exception {
+ Object action = invocation.getAction();
+ HttpServletRequest request = ServletActionContext.getRequest();
+ if (action instanceof HttpMethodAware) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Action #0 implements #1, setting request method #3",
+ action, HttpMethodAware.class.getSimpleName(), request.getMethod());
+ }
+ ((HttpMethodAware) (action)).setMethod(HttpMethod.valueOf(request.getMethod()));
+ }
+ if (AnnotationUtils.isAnnotatedBy(action.getClass(), HTTP_METHOD_ANNOTATIONS)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Action #0 annotated with #1, checking if request #2 meets allowed methods!",
+ action, AllowedMethod.class.getSimpleName(), request.getMethod());
+ }
+ return doIntercept(invocation);
+ }
+ return invocation.invoke();
+ }
+
+ protected String doIntercept(ActionInvocation invocation) throws Exception {
+ List<HttpMethod> allowedMethods = readAllowedMethods(invocation.getAction().getClass());
+ HttpServletRequest request = ServletActionContext.getRequest();
+ HttpMethod requestedMethod = HttpMethod.valueOf(request.getMethod());
+ if (allowedMethods.contains(requestedMethod)) {
+ if(LOG.isTraceEnabled()) {
+ LOG.trace("Request method #0 matches allowed methods #1, continuing invocation!", requestedMethod, allowedMethods);
+ }
+ return invocation.invoke();
+ } else {
+ if(LOG.isTraceEnabled()) {
+ LOG.trace("Request method #0 doesn't match allowed methods #1, continuing invocation!", requestedMethod, allowedMethods);
+ }
+ return getBadRequestResultName(invocation);
+ }
+ }
+
+ protected List<HttpMethod> readAllowedMethods(Class<? extends Object> klass) {
+ List<HttpMethod> allowedMethods = Collections.emptyList();
+ if (AnnotationUtils.isAnnotatedBy(klass, AllowedMethod.class)) {
+ allowedMethods = Arrays.asList(klass.getAnnotation(AllowedMethod.class).value());
+ }
+ if (AnnotationUtils.isAnnotatedBy(klass, GetOnly.class)) {
+ allowedMethods = Arrays.asList(klass.getAnnotation(GetOnly.class).value());
+ }
+ if (AnnotationUtils.isAnnotatedBy(klass, PostOnly.class)) {
+ allowedMethods = Arrays.asList(klass.getAnnotation(PostOnly.class).value());
+ }
+ if (AnnotationUtils.isAnnotatedBy(klass, GetPostOnly.class)) {
+ allowedMethods = Arrays.asList(klass.getAnnotation(GetPostOnly.class).value());
+ }
+ return Collections.unmodifiableList(allowedMethods);
+ }
+
+ protected String getBadRequestResultName(ActionInvocation invocation) {
+ Object action = invocation.getAction();
+ String resultName = badRequestResultName;
+ if (action instanceof HttpMethodAware) {
+ String actionResultName = ((HttpMethodAware) action).getBadRequestResultName();
+ if (actionResultName != null) {
+ resultName = actionResultName;
+ }
+ }
+ if (LOG.isTraceEnabled()) {
+ LOG.trace("Bad request result name is #0", resultName);
+ }
+ return resultName;
+ }
+
+ public void setBadRequestResultName(String badRequestResultName) {
+ this.badRequestResultName = badRequestResultName;
+ }
+
+}