Example #1
0
 private static JaggeryContext createJaggeryContext(
     OutputStream out,
     String scriptPath,
     HttpServletRequest request,
     HttpServletResponse response) {
   WebAppContext context = new WebAppContext();
   context.setTenantId(Integer.toString(CarbonContext.getCurrentContext().getTenantId()));
   context.setOutputStream(out);
   context.setServletRequest(request);
   context.setServletResponse(response);
   context.setServletConext(request.getServletContext());
   context.setScriptPath(scriptPath);
   context.getIncludesCallstack().push(scriptPath);
   context.getIncludedScripts().put(scriptPath, true);
   return context;
 }
Example #2
0
  private static void defineProperties(Context cx, JaggeryContext context, ScriptableObject scope) {
    WebAppContext ctx = (WebAppContext) context;

    JavaScriptProperty request = new JavaScriptProperty("request");
    request.setValue(cx.newObject(scope, "Request", new Object[] {ctx.getServletRequest()}));
    request.setAttribute(ScriptableObject.READONLY);
    RhinoEngine.defineProperty(scope, request);

    JavaScriptProperty response = new JavaScriptProperty("response");
    response.setValue(cx.newObject(scope, "Response", new Object[] {ctx.getServletResponse()}));
    response.setAttribute(ScriptableObject.READONLY);
    RhinoEngine.defineProperty(scope, response);

    JavaScriptProperty session = new JavaScriptProperty("session");
    session.setValue(
        cx.newObject(scope, "Session", new Object[] {ctx.getServletRequest().getSession()}));
    session.setAttribute(ScriptableObject.READONLY);
    RhinoEngine.defineProperty(scope, session);

    JavaScriptProperty application = new JavaScriptProperty("application");
    application.setValue(cx.newObject(scope, "Application", new Object[] {ctx.getServletConext()}));
    application.setAttribute(ScriptableObject.READONLY);
    RhinoEngine.defineProperty(scope, application);

    if (isWebSocket(ctx.getServletRequest())) {
      JavaScriptProperty websocket = new JavaScriptProperty("websocket");
      websocket.setValue(cx.newObject(scope, "WebSocket", new Object[0]));
      websocket.setAttribute(ScriptableObject.READONLY);
      RhinoEngine.defineProperty(scope, websocket);
    }
  }
Example #3
0
  private void run() throws Exception {
    InetSocketAddress address;

    if (this.host != null) {
      address = new InetSocketAddress(this.host, this.port);
    } else {
      address = new InetSocketAddress(this.port);
    }

    Server server = new Server(address);

    ContextHandlerCollection handlerCollection = new ContextHandlerCollection();

    final ModelRegistry modelRegistry = new ModelRegistry();

    final MetricRegistry metricRegistry = new MetricRegistry();

    Binder binder =
        new AbstractBinder() {

          @Override
          protected void configure() {
            bind(modelRegistry).to(ModelRegistry.class);
            bind(metricRegistry).to(MetricRegistry.class);
          }
        };

    ResourceConfig config = new ResourceConfig(ModelResource.class);
    config.register(binder);
    config.register(JacksonFeature.class);
    config.register(MultiPartFeature.class);
    config.register(ObjectMapperProvider.class);
    config.register(RolesAllowedDynamicFeature.class);

    // Naive implementation that grants the "admin" role to all local network users
    config.register(NetworkSecurityContextFilter.class);

    ServletContextHandler servletHandler = new ServletContextHandler();
    servletHandler.setContextPath(this.contextPath);

    ServletContainer jerseyServlet = new ServletContainer(config);

    servletHandler.addServlet(new ServletHolder(jerseyServlet), "/*");

    InstrumentedHandler instrumentedHandler = new InstrumentedHandler(metricRegistry);
    instrumentedHandler.setHandler(servletHandler);

    handlerCollection.addHandler(instrumentedHandler);

    if (this.consoleWar != null) {
      WebAppContext consoleHandler = new WebAppContext();
      consoleHandler.setContextPath(this.contextPath + "/console"); // XXX
      consoleHandler.setWar(this.consoleWar.getAbsolutePath());

      handlerCollection.addHandler(consoleHandler);
    }

    server.setHandler(handlerCollection);

    DirectoryDeployer deployer = null;

    if (this.modelDir != null) {

      if (!this.modelDir.isDirectory()) {
        throw new IOException(this.modelDir.getAbsolutePath() + " is not a directory");
      }

      deployer = new DirectoryDeployer(modelRegistry, this.modelDir.toPath());
    }

    server.start();

    if (deployer != null) {
      deployer.start();
    }

    server.join();

    if (deployer != null) {
      deployer.interrupt();

      deployer.join();
    }
  }
  @Override
  public void doHandle(
      String target,
      Request request,
      HttpServletRequest httpServletRequest,
      HttpServletResponse httpServletResponse)
      throws IOException, ServletException {

    LOG.info("handling " + target);

    // !!! doHandle() is called twice for a request when using redirectiion, first time with
    // request.getPathInfo()
    // set to the URI and target set to the path, then with request.getPathInfo() set to null and
    // target set to the .jsp
    try {
      // request.setHandled(true);
      boolean secured;
      if (request.getScheme().equals("https")) {
        secured = true;
      } else if (request.getScheme().equals("http")) {
        secured = false;
      } else {
        httpServletResponse
            .getWriter()
            .println(
                String.format(
                    "<h1>Unknown scheme %s at %s</h1>",
                    request.getScheme(), request.getUri().getDecodedPath()));
        return;
      }

      if (request.getMethod().equals("GET")) {
        if (isInJar || target.endsWith(".jsp")) {
          // !!! when not in jar there's no need to do anything about params if it's not a .jsp,
          // as this will get called again for the corresponding .jsp
          if (prepareForJspGet(target, request, httpServletResponse, secured)) {
            return;
          }
        }
        if (target.startsWith(PATH_OPEN_ARTICLE)) {
          handleOpenArticle(request, httpServletResponse, target);
          return;
        }
        super.doHandle(target, request, httpServletRequest, httpServletResponse);
        LOG.info("handling of " + target + " went to super");

        // httpServletResponse.setDateHeader("Date", System.currentTimeMillis());     //ttt2 review
        // these, probably not use
        // httpServletResponse.setDateHeader("Expires", System.currentTimeMillis() + 60000);

        return;
      }

      if (request.getMethod().equals("POST")) {
        if (request.getUri().getDecodedPath().equals(PATH_LOGIN)) {
          handleLoginPost(request, httpServletResponse, secured);
        } else if (request.getUri().getDecodedPath().equals(PATH_SIGNUP)) {
          handleSignupPost(request, httpServletResponse);
        } else if (request.getUri().getDecodedPath().equals(PATH_CHANGE_PASSWORD)) {
          handleChangePasswordPost(request, httpServletResponse);
        } else if (request.getUri().getDecodedPath().equals(PATH_UPDATE_FEED_LIST)) {
          handleUpdateFeedListPost(request, httpServletResponse);
        } else if (request.getUri().getDecodedPath().equals(PATH_ADD_FEED)) {
          handleAddFeedPost(request, httpServletResponse);
        } else if (request.getUri().getDecodedPath().equals(PATH_REMOVE_FEED)) {
          handleRemoveFeedPost(request, httpServletResponse);
        } else if (request.getUri().getDecodedPath().equals(PATH_CHANGE_SETTINGS)) {
          handleChangeSettingsPost(request, httpServletResponse);
        }
      }

      /*{ // for tests only;
          httpServletResponse.getWriter().println(String.format("<h1>Unable to process request %s</h1>",
                  request.getUri().getDecodedPath()));
          request.setHandled(true);
      }*/
    } catch (Exception e) {
      LOG.error("Error processing request", e);
      try {
        // redirectToError(e.toString(), request, httpServletResponse); //!!! redirectToError leads
        // to infinite loop, probably related to
        // the fact that we get 2 calls for a regular request when redirecting
        httpServletResponse
            .getWriter()
            .println(
                String.format(
                    "<h1>Unable to process request %s</h1>", // ttt1 generate some HTML
                    request.getUri().getDecodedPath()));
        request.setHandled(true);
      } catch (Exception e1) {
        LOG.error("Error redirecting", e1);
      }
    }
  }
Example #5
0
  private static ScriptableObject executeScript(
      JaggeryContext jaggeryContext,
      ScriptableObject scope,
      String fileURL,
      final boolean isJSON,
      boolean isBuilt,
      boolean isIncludeOnce)
      throws ScriptException {
    WebAppContext webAppContext = (WebAppContext) jaggeryContext;
    Stack<String> includesCallstack = jaggeryContext.getIncludesCallstack();
    Map<String, Boolean> includedScripts = jaggeryContext.getIncludedScripts();
    ServletContext context = webAppContext.getServletConext();
    String parent = includesCallstack.lastElement();

    String keys[] = WebAppManager.getKeys(context.getContextPath(), parent, fileURL);
    fileURL = getNormalizedScriptPath(keys);
    if (includesCallstack.search(fileURL) != -1) {
      return scope;
    }
    if (isIncludeOnce && includedScripts.get(fileURL) != null) {
      return scope;
    }

    ScriptReader source;
    RhinoEngine engine = jaggeryContext.getEngine();
    if (isBuilt) {
      source =
          new ScriptReader(context.getResourceAsStream(fileURL)) {
            @Override
            protected void build() throws IOException {
              try {
                if (isJSON) {
                  sourceReader =
                      new StringReader("(" + HostObjectUtil.streamToString(sourceIn) + ")");
                } else {
                  sourceReader = new StringReader(HostObjectUtil.streamToString(sourceIn));
                }
              } catch (ScriptException e) {
                throw new IOException(e);
              }
            }
          };
    } else {
      source = new ScriptReader(context.getResourceAsStream(fileURL));
    }

    ScriptCachingContext sctx =
        new ScriptCachingContext(webAppContext.getTenantId(), keys[0], keys[1], keys[2]);
    sctx.setSecurityDomain(new JaggerySecurityDomain(fileURL, context));
    long lastModified = WebAppManager.getScriptLastModified(context, fileURL);
    sctx.setSourceModifiedTime(lastModified);

    includedScripts.put(fileURL, true);
    includesCallstack.push(fileURL);
    if (isJSON) {
      scope = (ScriptableObject) engine.eval(source, scope, sctx);
    } else {
      engine.exec(source, scope, sctx);
    }
    includesCallstack.pop();
    return scope;
  }