Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SLING-11722 - The SlingRequestDispatcher doesn't correctly implement …
…the RequestDispatcher API * added two new configuration options to the Sling Main Servlet: sling.includes.protectheaders and sling.includes.checkcontenttype * the former doesn't allow included servlets to set a status code or response headers, whereas the latter also makes the Sling Engine throw a RuntimeException every time an included servlet tries to override the Content-Type response header * sling.includes.protectheaders can be overridden per include, using the RequestDispatcherOptions
- Loading branch information
1 parent
55c080a
commit 5d8df33
Showing
11 changed files
with
255 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
src/main/java/org/apache/sling/engine/impl/IncludeNoContentTypeOverrideResponseWrapper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
~ Licensed to the Apache Software Foundation (ASF) under one | ||
~ or more contributor license agreements. See the NOTICE file | ||
~ distributed with this work for additional information | ||
~ regarding copyright ownership. The ASF licenses this file | ||
~ to you under the Apache License, Version 2.0 (the | ||
~ "License"); you may not use this file except in compliance | ||
~ with the License. You may obtain a copy of the License at | ||
~ | ||
~ http://www.apache.org/licenses/LICENSE-2.0 | ||
~ | ||
~ Unless required by applicable law or agreed to in writing, | ||
~ software distributed under the License is distributed on an | ||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
~ KIND, either express or implied. See the License for the | ||
~ specific language governing permissions and limitations | ||
~ under the License. | ||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ | ||
package org.apache.sling.engine.impl; | ||
|
||
import java.util.Arrays; | ||
import java.util.Optional; | ||
|
||
import org.apache.sling.api.SlingException; | ||
import org.apache.sling.api.SlingHttpServletResponse; | ||
import org.apache.sling.engine.impl.request.RequestData; | ||
import org.jetbrains.annotations.NotNull; | ||
|
||
public class IncludeNoContentTypeOverrideResponseWrapper extends IncludeResponseWrapper { | ||
|
||
private final RequestData requestData; | ||
|
||
/** | ||
* Wraps a response object and throws a {@link RuntimeException} if {@link #setContentType(String)} is called with | ||
* a value that would override the response's previously set value. | ||
* | ||
* @param requestData the request data object | ||
* @param wrappedResponse the response to be wrapped | ||
*/ | ||
public IncludeNoContentTypeOverrideResponseWrapper(@NotNull RequestData requestData, | ||
@NotNull SlingHttpServletResponse wrappedResponse) { | ||
super(wrappedResponse); | ||
this.requestData = requestData; | ||
} | ||
|
||
@Override | ||
public void setContentType(String type) { | ||
String contentTypeString = getContentType(); | ||
if (contentTypeString != null) { | ||
Optional<String> currentMime = Arrays.stream(contentTypeString.split(";")).findFirst(); | ||
Optional<String> setMime = Arrays.stream(type.split(";")).findFirst(); | ||
if (currentMime.isPresent() && setMime.isPresent() && !currentMime.get().equals(setMime.get())) { | ||
String message = String.format( | ||
"Servlet %s tried to override the 'Content-Type' header from '%s' to '%s', however the" + | ||
" %s forbids this via the %s configuration property.", | ||
requestData.getActiveServletName(), | ||
currentMime.get(), | ||
setMime.get(), | ||
Config.PID, | ||
"sling.includes.checkcontenttype" | ||
); | ||
requestData.getRequestProgressTracker().log("ERROR: " + message); | ||
throw new ContentTypeChangeException(message); | ||
} | ||
} | ||
} | ||
|
||
private static class ContentTypeChangeException extends SlingException { | ||
protected ContentTypeChangeException(String text) { | ||
super(text); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.