From ace3eaa5c95bb3543ae57a0697d4237c3ae5d765 Mon Sep 17 00:00:00 2001 From: Juan Marcos Bellini Date: Tue, 21 Nov 2017 20:40:01 -0300 Subject: [PATCH 1/2] Add a CustomHiddenHttpMethodFilter - Enables hitting the API with a hidden method (i.e method indicated in headers) --- .../web/config/CustomHiddenMethodFilter.java | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/config/CustomHiddenMethodFilter.java diff --git a/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/config/CustomHiddenMethodFilter.java b/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/config/CustomHiddenMethodFilter.java new file mode 100644 index 0000000..4bf77b0 --- /dev/null +++ b/server-webapp/src/main/java/ar/edu/itba/iot/carne_iot/server/web/config/CustomHiddenMethodFilter.java @@ -0,0 +1,71 @@ +package ar.edu.itba.iot.carne_iot.server.web.config; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; +import org.springframework.web.filter.OncePerRequestFilter; +import org.springframework.web.util.WebUtils; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.Locale; + +/** + * A Custom {@link javax.servlet.Filter} to create a request given a method in a header from a POST request. + * Idea taken from {@link org.springframework.web.filter.HiddenHttpMethodFilter}, + * using headers instead of form fields. + */ +@Component +@Order(Ordered.HIGHEST_PRECEDENCE + 1) +public class CustomHiddenMethodFilter extends OncePerRequestFilter { + + /** + * Default method parameter: {@code _method} + */ + private static final String DEFAULT_METHOD_PARAM = "X-Hidden-Method"; + + private static final Logger LOGGER = LoggerFactory.getLogger(CustomHiddenMethodFilter.class); + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + + HttpServletRequest requestToUse = request; + + if ("POST".equals(request.getMethod()) && request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) == null) { + String paramValue = request.getHeader(DEFAULT_METHOD_PARAM); + if (StringUtils.hasLength(paramValue)) { + LOGGER.debug("Changing hidden method request to a {} request", paramValue); + requestToUse = new CustomHiddenMethodFilter.HttpMethodRequestWrapper(request, paramValue); + } + } + filterChain.doFilter(requestToUse, response); + } + + /** + * Simple {@link HttpServletRequest} wrapper that returns the supplied method for + * {@link HttpServletRequest#getMethod()}. + */ + private static class HttpMethodRequestWrapper extends HttpServletRequestWrapper { + + private final String method; + + private HttpMethodRequestWrapper(HttpServletRequest request, String method) { + super(request); + this.method = method.toUpperCase(Locale.ENGLISH); + } + + @Override + public String getMethod() { + return this.method; + } + } +} From 30207d767945717f78455cc02bbf70fd55802904 Mon Sep 17 00:00:00 2001 From: Juan Marcos Bellini Date: Tue, 21 Nov 2017 20:47:06 -0300 Subject: [PATCH 2/2] Change maven version to 0.0.5.RELEASE --- pom.xml | 2 +- server-core/pom.xml | 2 +- server-persistence-interfaces/pom.xml | 2 +- server-persistence/pom.xml | 2 +- server-services-interfaces/pom.xml | 2 +- server-services/pom.xml | 2 +- server-webapp/pom.xml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index a1666df..f570c2a 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE pom ${project.groupId}:${project.artifactId} diff --git a/server-core/pom.xml b/server-core/pom.xml index 1920da8..c3bb093 100644 --- a/server-core/pom.xml +++ b/server-core/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-core diff --git a/server-persistence-interfaces/pom.xml b/server-persistence-interfaces/pom.xml index b6edb4d..6642470 100644 --- a/server-persistence-interfaces/pom.xml +++ b/server-persistence-interfaces/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-persistence-interfaces diff --git a/server-persistence/pom.xml b/server-persistence/pom.xml index 36bde53..742de3e 100644 --- a/server-persistence/pom.xml +++ b/server-persistence/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-persistence diff --git a/server-services-interfaces/pom.xml b/server-services-interfaces/pom.xml index faa4ada..0dcf8b7 100644 --- a/server-services-interfaces/pom.xml +++ b/server-services-interfaces/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-services-interfaces diff --git a/server-services/pom.xml b/server-services/pom.xml index c01dd63..45433bd 100644 --- a/server-services/pom.xml +++ b/server-services/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-services diff --git a/server-webapp/pom.xml b/server-webapp/pom.xml index cec3705..4797b04 100644 --- a/server-webapp/pom.xml +++ b/server-webapp/pom.xml @@ -8,7 +8,7 @@ ar.edu.itba.iot.carne-iot server - 0.0.4.RELEASE + 0.0.5.RELEASE server-webapp