From 2b0b1cd95284da65a743daea4c649bcb1c51c085 Mon Sep 17 00:00:00 2001 From: Drew Wills Date: Tue, 1 May 2018 16:00:07 -0700 Subject: [PATCH] chore(refactor)/formalize the association between portlet ActionURLs and HTTP POST --- .../portal/rendering/PortalController.java | 8 +++++++- .../apereo/portal/url/IPortalUrlProvider.java | 16 ++++++---------- .../rendering/DynamicRenderingPipeline.java | 4 +--- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/uPortal-rendering/src/main/java/org/apereo/portal/rendering/PortalController.java b/uPortal-rendering/src/main/java/org/apereo/portal/rendering/PortalController.java index 39ed0ae0d04..d6e78589847 100644 --- a/uPortal-rendering/src/main/java/org/apereo/portal/rendering/PortalController.java +++ b/uPortal-rendering/src/main/java/org/apereo/portal/rendering/PortalController.java @@ -32,6 +32,7 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; @Controller @RequestMapping(value = "/**") @@ -108,9 +109,14 @@ public void renderRequest(HttpServletRequest request, HttpServletResponse respon } } - @RequestMapping(headers = {"org.apereo.portal.url.UrlType=ACTION"}) + /** HTTP POST required for security. */ + @RequestMapping( + headers = {"org.apereo.portal.url.UrlType=ACTION"}, + method = RequestMethod.POST + ) public void actionRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + final IPortalRequestInfo portalRequestInfo = this.urlSyntaxProvider.getPortalRequestInfo(request); final IPortletRequestInfo portletRequestInfo = diff --git a/uPortal-url/src/main/java/org/apereo/portal/url/IPortalUrlProvider.java b/uPortal-url/src/main/java/org/apereo/portal/url/IPortalUrlProvider.java index a76cf7c8932..82ee6a27d5d 100644 --- a/uPortal-url/src/main/java/org/apereo/portal/url/IPortalUrlProvider.java +++ b/uPortal-url/src/main/java/org/apereo/portal/url/IPortalUrlProvider.java @@ -24,7 +24,7 @@ public interface IPortalUrlProvider { * @return The current portal action url builder, null if there is no portal action url builder * for this requet */ - public IPortalActionUrlBuilder getPortalActionUrlBuilder(HttpServletRequest request); + IPortalActionUrlBuilder getPortalActionUrlBuilder(HttpServletRequest request); /** * Converts a standard {@link IPortalUrlBuilder} to a {@link IPortalActionUrlBuilder} @@ -33,7 +33,7 @@ public interface IPortalUrlProvider { * @param portalUrlBuilder The url builder to convert * @return A portal action url builder */ - public IPortalActionUrlBuilder convertToPortalActionUrlBuilder( + IPortalActionUrlBuilder convertToPortalActionUrlBuilder( HttpServletRequest request, IPortalUrlBuilder portalUrlBuilder); /** @@ -43,7 +43,7 @@ public IPortalActionUrlBuilder convertToPortalActionUrlBuilder( * @param request The current portal request * @return Default {@link IPortalUrlBuilder} */ - public IPortalUrlBuilder getDefaultUrl(HttpServletRequest request); + IPortalUrlBuilder getDefaultUrl(HttpServletRequest request); /** * Get a portal URL builder that targets the specified layout node. @@ -55,13 +55,9 @@ public IPortalActionUrlBuilder convertToPortalActionUrlBuilder( * @throws IllegalArgumentException If the specified ID doesn't exist for a folder in the users * layout. */ - public IPortalUrlBuilder getPortalUrlBuilderByLayoutNode( + IPortalUrlBuilder getPortalUrlBuilderByLayoutNode( HttpServletRequest request, String layoutNodeId, UrlType urlType); - // Not implemented until all folders have fnames? - // public IPortalUrlBuilder getPortalUrlBuilderByLayoutFName(HttpServletRequest request, String - // folderFname, UrlType urlType); - /** * Get a portal URL builder that targets the specified portlet window. * @@ -72,7 +68,7 @@ public IPortalUrlBuilder getPortalUrlBuilderByLayoutNode( * @throws IllegalArgumentException If the specified ID doesn't exist for a folder in the users * layout. */ - public IPortalUrlBuilder getPortalUrlBuilderByPortletWindow( + IPortalUrlBuilder getPortalUrlBuilderByPortletWindow( HttpServletRequest request, IPortletWindowId portletWindowId, UrlType urlType); /** @@ -85,6 +81,6 @@ public IPortalUrlBuilder getPortalUrlBuilderByPortletWindow( * @throws IllegalArgumentException If the specified ID doesn't exist for a folder in the users * layout. */ - public IPortalUrlBuilder getPortalUrlBuilderByPortletFName( + IPortalUrlBuilder getPortalUrlBuilderByPortletFName( HttpServletRequest request, String portletFName, UrlType urlType); } diff --git a/uPortal-web/src/main/java/org/apereo/portal/rendering/DynamicRenderingPipeline.java b/uPortal-web/src/main/java/org/apereo/portal/rendering/DynamicRenderingPipeline.java index 9d6f8d2a288..eb5620576e5 100644 --- a/uPortal-web/src/main/java/org/apereo/portal/rendering/DynamicRenderingPipeline.java +++ b/uPortal-web/src/main/java/org/apereo/portal/rendering/DynamicRenderingPipeline.java @@ -16,7 +16,6 @@ import java.io.IOException; import java.io.PrintWriter; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.OutputKeys; @@ -61,8 +60,7 @@ public void setPipeline(CharacterPipelineComponent pipeline) { } @Override - public void renderState(HttpServletRequest req, HttpServletResponse res) - throws ServletException, IOException { + public void renderState(HttpServletRequest req, HttpServletResponse res) throws IOException { // Disable page caching res.setHeader("pragma", "no-cache"); res.setHeader("Cache-Control", "no-cache, max-age=0, must-revalidate");