You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by va...@apache.org on 2023/02/17 07:21:21 UTC
[qpid-broker-j] branch main updated: QPID-8620 - [Broker-J] HTTP management plugin can reveal system data or debug information (#173)
This is an automated email from the ASF dual-hosted git repository.
vavrtom pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/main by this push:
new c0b41d0225 QPID-8620 - [Broker-J] HTTP management plugin can reveal system data or debug information (#173)
c0b41d0225 is described below
commit c0b41d0225fd5ec89e177214d4c2f66b00ccf6a2
Author: Daniil Kirilyuk <da...@gmail.com>
AuthorDate: Fri Feb 17 08:21:16 2023 +0100
QPID-8620 - [Broker-J] HTTP management plugin can reveal system data or debug information (#173)
---
.../plugin/servlet/rest/AbstractServlet.java | 14 ++++++++------
.../plugin/servlet/rest/QueryServlet.java | 21 +++++++--------------
.../management/plugin/servlet/rest/RestServlet.java | 11 ++++++++---
3 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
index 383fa5be39..f1c1469075 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java
@@ -76,6 +76,8 @@ public abstract class AbstractServlet extends HttpServlet
public static final String CONTENT_DISPOSITION_ATTACHMENT_FILENAME_PARAM = "contentDispositionAttachmentFilename";
private static final Logger LOGGER = LoggerFactory.getLogger(AbstractServlet.class);
public static final String CONTENT_DISPOSITION = "Content-Disposition";
+ protected static final String GENERIC_ERROR_MESSAGE = "There was an error when performing request, " +
+ "see log file for details";
/**
* Allowed response headers
@@ -255,12 +257,12 @@ public abstract class AbstractServlet extends HttpServlet
writeObjectToResponse(object, request, response);
}
- protected final void sendJsonErrorResponse(HttpServletRequest request,
- HttpServletResponse response,
- int responseCode,
- String message) throws IOException
+ protected final void sendJsonErrorResponse(final HttpServletRequest request,
+ final HttpServletResponse response,
+ final int responseCode,
+ final String message) throws IOException
{
- sendJsonResponse(Collections.singletonMap("errorMessage", message), request, response, responseCode, false);
+ sendJsonResponse(Map.of("errorMessage", GENERIC_ERROR_MESSAGE), request, response, responseCode, false);
}
protected void sendError(final HttpServletResponse resp, int responseCode)
@@ -300,7 +302,7 @@ public abstract class AbstractServlet extends HttpServlet
catch (IOException e)
{
LOGGER.warn("Unexpected exception processing request", e);
- sendJsonErrorResponse(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ sendJsonErrorResponse(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, GENERIC_ERROR_MESSAGE);
}
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/QueryServlet.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/QueryServlet.java
index 465f1acf74..0fd52e2075 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/QueryServlet.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/QueryServlet.java
@@ -118,7 +118,7 @@ public abstract class QueryServlet<X extends ConfiguredObject<?>> extends Abstra
}
catch (Exception e)
{
- sendJsonErrorResponse(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ sendJsonErrorResponse(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, GENERIC_ERROR_MESSAGE);
LOGGER.error("Error when executing query", e);
}
}
@@ -126,7 +126,7 @@ public abstract class QueryServlet<X extends ConfiguredObject<?>> extends Abstra
private void performQuery(final HttpServletRequest request,
final HttpServletResponse response,
final ConfiguredObject<?> managedObject)
- throws IOException, ServletException
+ throws IOException
{
String categoryName;
X parent = getParent(request, managedObject);
@@ -172,25 +172,18 @@ public abstract class QueryServlet<X extends ConfiguredObject<?>> extends Abstra
}
catch (SelectorParsingException e)
{
- sendJsonErrorResponse(request,
- response,
- HttpServletResponse.SC_BAD_REQUEST,
- e.getMessage());
+ sendJsonErrorResponse(request, response, HttpServletResponse.SC_BAD_REQUEST, GENERIC_ERROR_MESSAGE);
+ LOGGER.error("Error when executing request" , e);
}
catch (EvaluationException e)
{
- sendJsonErrorResponse(request,
- response,
- SC_UNPROCESSABLE_ENTITY,
- e.getMessage());
+ sendJsonErrorResponse(request, response, SC_UNPROCESSABLE_ENTITY, GENERIC_ERROR_MESSAGE);
+ LOGGER.error("Error when executing request" , e);
}
}
else
{
- sendJsonErrorResponse(request,
- response,
- HttpServletResponse.SC_NOT_FOUND,
- "Unknown object type " + categoryName);
+ sendJsonErrorResponse(request, response, HttpServletResponse.SC_NOT_FOUND, "Unknown object type " + categoryName);
}
}
diff --git a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
index 1ad13d770b..32cdb9fe59 100644
--- a/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
+++ b/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
@@ -45,6 +45,8 @@ import javax.servlet.http.Part;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.google.common.base.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.management.plugin.ManagementController;
@@ -62,6 +64,7 @@ public class RestServlet extends AbstractServlet
{
private static final long serialVersionUID = 1L;
private static final String APPLICATION_JSON = "application/json";
+ private static final Logger LOGGER = LoggerFactory.getLogger(RestServlet.class);
private transient ManagementController _managementController;
@@ -120,6 +123,7 @@ public class RestServlet extends AbstractServlet
}
catch (ManagementException e)
{
+ LOGGER.error("Error when executing GET request", e);
sendResponse(e, httpServletRequest, httpServletResponse);
}
}
@@ -139,6 +143,7 @@ public class RestServlet extends AbstractServlet
}
catch (ManagementException e)
{
+ LOGGER.error("Error when executing POST request", e);
sendResponse(e, httpServletRequest, httpServletResponse);
}
}
@@ -158,6 +163,7 @@ public class RestServlet extends AbstractServlet
}
catch (ManagementException e)
{
+ LOGGER.error("Error when executing PUT request", e);
sendResponse(e, httpServletRequest, httpServletResponse);
}
}
@@ -177,6 +183,7 @@ public class RestServlet extends AbstractServlet
}
catch (ManagementException e)
{
+ LOGGER.error("Error when executing DELETE request", e);
sendResponse(e, httpServletRequest, httpServletResponse);
}
}
@@ -193,9 +200,7 @@ public class RestServlet extends AbstractServlet
setHeaders(response);
setExceptionHeaders(managementException, response);
response.setStatus(managementException.getStatusCode());
- writeJsonResponse(Collections.singletonMap("errorMessage", managementException.getMessage()),
- request,
- response);
+ writeJsonResponse(Map.of("errorMessage", GENERIC_ERROR_MESSAGE), request, response);
}
private void setExceptionHeaders(final ManagementException managementException, final HttpServletResponse response)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org