Permalink
Browse files

SHORTURL-38 merge trunk r105252

  • Loading branch information...
steve.swinsburg@gmail.com
steve.swinsburg@gmail.com committed Feb 28, 2012
1 parent 18012ef commit e9984a733ec2420f5a125cd967706762bd97fe2a
@@ -10,6 +10,7 @@
<!-- shared -->
<dependencySet>
<outputDirectory>shared/lib</outputDirectory>
+ <useProjectArtifact>false</useProjectArtifact>
<useTransitiveDependencies>false</useTransitiveDependencies>
<includes>
<include>org.sakaiproject.shortenedurl:shortenedurl-api:jar:*</include>
@@ -19,6 +20,7 @@
<!-- components -->
<dependencySet>
<outputDirectory>components/shortenedurl-pack</outputDirectory>
+ <useProjectArtifact>false</useProjectArtifact>
<useTransitiveDependencies>false</useTransitiveDependencies>
<includes>
<include>org.sakaiproject.shortenedurl:shortenedurl-pack:war:*</include>
@@ -30,6 +32,7 @@
<dependencySet>
<outputDirectory>webapps/</outputDirectory>
<outputFileNameMapping>${artifact.artifactId}.war</outputFileNameMapping>
+ <useProjectArtifact>false</useProjectArtifact>
<useTransitiveDependencies>false</useTransitiveDependencies>
<includes>
<include>org.sakaiproject.shortenedurl:x:war:*</include>
@@ -38,14 +41,4 @@
</dependencySet>
</dependencySets>
- <!-- additional files -->
- <fileSets>
- <fileSet>
- <outputDirectory></outputDirectory>
- <includes>
- <include>${project.basedir}/README*</include>
- </includes>
- </fileSet>
- </fileSets>
-
</assembly>
View
@@ -38,6 +38,18 @@
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </dependency>
<!-- kernel dependencies -->
<dependency>
@@ -3,17 +3,21 @@
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
-import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletResponse;
+
+import lombok.Setter;
+import lombok.extern.apachecommons.CommonsLog;
+
import org.apache.commons.lang.StringUtils;
-import org.sakaiproject.entitybroker.EntityReference;
+import org.sakaiproject.component.api.ServerConfigurationService;
import org.sakaiproject.entitybroker.EntityView;
-import org.sakaiproject.entitybroker.entityprovider.CoreEntityProvider;
+import org.sakaiproject.entitybroker.entityprovider.EntityProvider;
import org.sakaiproject.entitybroker.entityprovider.annotations.EntityCustomAction;
+import org.sakaiproject.entitybroker.entityprovider.capabilities.ActionsExecutable;
import org.sakaiproject.entitybroker.entityprovider.capabilities.AutoRegisterEntityProvider;
-import org.sakaiproject.entitybroker.entityprovider.capabilities.RESTful;
-import org.sakaiproject.entitybroker.entityprovider.search.Search;
+import org.sakaiproject.entitybroker.entityprovider.capabilities.Describeable;
import org.sakaiproject.entitybroker.exception.EntityException;
import org.sakaiproject.shortenedurl.api.ShortenedUrlService;
@@ -23,7 +27,8 @@
* @author Steve Swinsburg (steve.swinsburg@gmail.com)
*
*/
-public class ShortenedUrlServiceEntityProviderImpl implements ShortenedUrlServiceEntityProvider, CoreEntityProvider, AutoRegisterEntityProvider, RESTful {
+@CommonsLog
+public class ShortenedUrlServiceEntityProviderImpl implements ShortenedUrlServiceEntityProvider, EntityProvider, AutoRegisterEntityProvider, Describeable, ActionsExecutable {
public String getEntityPrefix() {
@@ -38,6 +43,34 @@ public Object shorten(OutputStream out, EntityView view, Map<String, Object> par
throw new EntityException("Invalid path.", path);
}
+ //SHORTURL-38 check if eternal urls are allowed to be shortened, defaults to false (only internal urls are allowed)
+ //if external not allowed then we need to check the host and the url to be shortened, otherwise we don't care
+ boolean externalAllowed = serverConfigurationService.getBoolean("shortenedurl.external.enabled", false);
+ if(!externalAllowed) {
+ String serverUrl = serverConfigurationService.getServerUrl();
+
+ //decode path
+ String pathDecoded;
+ try {
+ pathDecoded = URLDecoder.decode(path, "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ throw new EntityException("Unable to decode path.", path);
+ }
+
+ //path could be a relative fragment (ie /portal/site/abc), if so, create full url and check
+ String fullUrl = pathDecoded;
+ if(StringUtils.startsWith(pathDecoded, "/")) {
+ fullUrl = serverUrl + pathDecoded;
+ log.debug("Path: " + pathDecoded + ", full URL: " + fullUrl);
+ }
+
+ //now have full url so check they start with the same value. otherwise it is external and it should be blocked.
+ if(!StringUtils.startsWith(fullUrl, serverUrl)) {
+ log.error("Attempted to shorten:" + pathDecoded + ", but this does not have the same prefix as the current server: " + serverUrl);
+ throw new EntityException("Couldn't shorten URL as external URLs are not permitted. The path parameter must contain either a relative path or a full URL that is for the same host.", path, HttpServletResponse.SC_FORBIDDEN);
+ }
+ }
+
boolean secure = Boolean.parseBoolean((String)params.get("secure"));
try {
@@ -52,44 +85,10 @@ public Object shorten(OutputStream out, EntityView view, Map<String, Object> par
}
-
+ @Setter
private ShortenedUrlService shortenedUrlService;
- public void setShortenedUrlService(ShortenedUrlService shortenedUrlService) {
- this.shortenedUrlService = shortenedUrlService;
- }
-
-
- public boolean entityExists(String eid) {
- return true;
- }
-
- public Object getSampleEntity() {
- return null;
- }
- public Object getEntity(EntityReference ref) {
- return null;
- }
+ @Setter
+ private ServerConfigurationService serverConfigurationService;
- public String[] getHandledOutputFormats() {
- return new String[] {};
- }
-
- public String[] getHandledInputFormats() {
- return new String[] {};
- }
-
- public String createEntity(EntityReference ref, Object entity, Map<String, Object> params) {
- return null;
- }
-
- public void updateEntity(EntityReference ref, Object entity,Map<String, Object> params) {
- }
-
- public void deleteEntity(EntityReference ref, Map<String, Object> params) {
- }
-
- public List<?> getEntities(EntityReference ref, Search search) {
- return null;
- }
}
@@ -2,5 +2,6 @@
url = An entity provider to allow shortening of URLs via the ShortenedUrlService
url.action.shorten=Shorten a given URL using the configured implementation. \
-The URL should be passed in via the path URL parameter and should be URL encoded. \
-If you want to use the 'secure' method (RandomisedUrlService only), also pass it as a URL parameter and use true|false as the value.
+The URL should be passed in via the 'path' URL parameter and should be URL encoded. \
+If you want to use the 'secure' method (RandomisedUrlService only), also pass it as a URL parameter and use true|false as the value. \
+Note that by default, for security reasons, external URLs cannot be shortened. If you want to allow this, set shortenedurl.external.enabled=true in sakai.properties.
@@ -75,6 +75,7 @@
<bean id="org.sakaiproject.shortenedurl.entityprovider.ShortenedUrlServiceEntityProvider"
class="org.sakaiproject.shortenedurl.entityprovider.ShortenedUrlServiceEntityProviderImpl">
<property name="shortenedUrlService" ref="org.sakaiproject.shortenedurl.api.ShortenedUrlService" />
+ <property name="serverConfigurationService" ref="org.sakaiproject.component.api.ServerConfigurationService" />
</bean>
<!-- Cache -->
View
12 pom.xml
@@ -183,6 +183,18 @@
<version>4.0</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ <version>0.10.6</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>2.4</version>
+ <scope>provided</scope>
+ </dependency>
<!-- java 1.5 requires this at compilation time for org.apache.http.impl.client.DefaultHttpClient -->
<dependency>

0 comments on commit e9984a7

Please sign in to comment.