@Override
 public String getBootstrapFallbackUrl(AuraContext context, Map<String, Object> attributes) {
   String contextPath = context.getContextPath();
   String nonce = context.getFrameworkUID();
   return String.format(
       "%s/auraFW/resources/%s/aura/fallback/fallback.bootstrap.js", contextPath, nonce);
 }
 @Override
 public String getAppCssUrl(AuraContext context) {
   String contextPath = context.getContextPath();
   StringBuilder defs = new StringBuilder(contextPath).append("/l/");
   defs.append(context.getEncodedURL(AuraContext.EncodingStyle.Css));
   defs.append("/app.css");
   return defs.toString();
 }
  /**
   * check the top level component/app and get dependencies.
   *
   * <p>This routine checks to see that we have a valid top level component. If our top level
   * component is out of sync, we have to ignore it here, but we _must_ force the client to not
   * cache the response.
   *
   * <p>If there is a QFE, we substitute the QFE descriptor for the one given us, and continue.
   * Again, we cannot allow caching.
   *
   * <p>Finally, if there is no descriptor given, we simply ignore the request and give them an
   * empty response. Which is done here by returning null.
   *
   * <p>Also note that this handles the 'if-modified-since' header, as we want to tell the browser
   * that nothing changed in that case.
   *
   * @param request the request (for exception handling)
   * @param response the response (for exception handling)
   * @param context the context to get the definition.
   * @return the set of descriptors we are sending back, or null in the case that we handled the
   *     response.
   * @throws IOException if there was an IO exception handling a client out of sync exception
   * @throws ServletException if there was a problem handling the out of sync
   */
  @Override
  public Set<DefDescriptor<?>> verifyTopLevel(
      HttpServletRequest request, HttpServletResponse response, AuraContext context)
      throws IOException {
    DefDescriptor<? extends BaseComponentDef> appDesc = context.getApplicationDescriptor();

    context.setPreloading(true);
    if (appDesc == null) {
      //
      // This means we have nothing to say to the client, so the response is
      // left completely empty.
      //
      return null;
    }
    long ifModifiedSince = request.getDateHeader(HttpHeaders.IF_MODIFIED_SINCE);
    String uid = context.getUid(appDesc);
    try {
      try {
        definitionService.updateLoaded(appDesc);
        if (uid != null && ifModifiedSince != -1) {
          //
          // In this case, we have an unmodified descriptor, so just tell
          // the client that.
          //
          response.sendError(HttpServletResponse.SC_NOT_MODIFIED);
          return null;
        }
      } catch (ClientOutOfSyncException coose) {
        //
        // We can't actually handle an out of sync here, since we are doing a
        // resource load. We have to ignore it, and continue as if nothing happened.
        // But in the process, we make sure to set 'no-cache' so that the result
        // is thrown away. This may actually not give the right result in bizarre
        // corner cases... beware cache inconsistencies on revert after a QFE.
        //
        // We actually probably should do something different, like send a minimalist
        // set of stuff to make the client re-try.
        //
        this.setNoCache(response);
        String oosUid = definitionService.getUid(null, appDesc);
        return definitionService.getDependencies(oosUid);
      }
    } catch (QuickFixException qfe) {
      //
      // A quickfix exception means that we couldn't compile something.
      // In this case, we still want to preload things, but we want to preload
      // quick fix values, note that we force NoCache here.
      //
      this.setNoCache(response);
      this.handleServletException(qfe, true, context, request, response, true);
      return null;
    }
    this.setLongCache(response);
    if (uid == null) {
      uid = context.getUid(appDesc);
    }
    return definitionService.getDependencies(uid);
  }
 private String commonJsUrl(String filepath, AuraContext context, Map<String, Object> attributes) {
   StringBuilder url = new StringBuilder(context.getContextPath()).append("/l/");
   url.append(context.getEncodedURL(AuraContext.EncodingStyle.Normal));
   url.append(filepath);
   if (attributes != null) {
     addAttributes(url, attributes);
   }
   return url.toString();
 }
Example #5
0
 /** Start a context and set up default values. */
 protected AuraContext setupContext(
     Mode mode, Format format, DefDescriptor<? extends BaseComponentDef> desc)
     throws QuickFixException {
   ContextService contextService = Aura.getContextService();
   AuraContext ctxt =
       contextService.startContext(mode, format, Authentication.AUTHENTICATED, desc);
   ctxt.setFrameworkUID(Aura.getConfigAdapter().getAuraFrameworkNonce());
   String uid = ctxt.getDefRegistry().getUid(null, desc);
   ctxt.addLoaded(desc, uid);
   return ctxt;
 }
  /**
   * get the manifest URL.
   *
   * <p>This routine will simply return the string, it does not check to see if the manifest is
   * enabled first.
   *
   * @return a string for the manifest URL.
   */
  @Override
  public String getManifestUrl(AuraContext context, Map<String, Object> attributes) {
    String contextPath = context.getContextPath();
    String ret = "";

    StringBuilder defs = new StringBuilder(contextPath).append("/l/");
    defs.append(context.getEncodedURL(AuraContext.EncodingStyle.Bare));
    defs.append("/app.manifest");
    addAttributes(defs, attributes);
    ret = defs.toString();
    return ret;
  }
  /**
   * Handle an exception in the servlet.
   *
   * <p>This routine should be called whenever an exception has surfaced to the top level of the
   * servlet. It should not be overridden unless Aura is entirely subsumed. Most special cases can
   * be handled by the Aura user by implementing {@link ExceptionAdapter ExceptionAdapter}.
   *
   * @param t the throwable to write out.
   * @param quickfix is this exception a valid quick-fix
   * @param context the aura context.
   * @param request the request.
   * @param response the response.
   * @param written true if we have started writing to the output stream.
   * @throws IOException if the output stream does.
   * @throws ServletException if send404 does (should not generally happen).
   */
  @Override
  public void handleServletException(
      Throwable t,
      boolean quickfix,
      AuraContext context,
      HttpServletRequest request,
      HttpServletResponse response,
      boolean written)
      throws IOException {
    try {
      Throwable mappedEx = t;
      boolean map = !quickfix;
      Format format = context.getFormat();

      //
      // This seems to fail, though the documentation implies that you can do
      // it.
      //
      // if (written && !response.isCommitted()) {
      // response.resetBuffer();
      // written = false;
      // }
      if (!written) {
        // Should we only delete for JSON?
        setNoCache(response);
      }
      if (mappedEx instanceof IOException) {
        //
        // Just re-throw IOExceptions.
        //
        throw (IOException) mappedEx;
      } else if (mappedEx instanceof NoAccessException) {
        Throwable cause = mappedEx.getCause();
        String denyMessage = mappedEx.getMessage();

        map = false;
        if (cause != null) {
          //
          // Note that the exception handler can remap the cause here.
          //
          cause = exceptionAdapter.handleException(cause);
          denyMessage += ": cause = " + cause.getMessage();
        }
        //
        // Is this correct?!?!?!
        //
        if (format != Format.JSON) {
          this.send404(request.getServletContext(), request, response);
          if (!isProductionMode(context.getMode())) {
            // Preserve new lines and tabs in the stacktrace since this is directly being written on
            // to the
            // page
            denyMessage = "<pre>" + AuraTextUtil.escapeForHTML(denyMessage) + "</pre>";
            response.getWriter().println(denyMessage);
          }
          return;
        }
      } else if (mappedEx instanceof QuickFixException) {
        if (isProductionMode(context.getMode())) {
          //
          // In production environments, we want wrap the quick-fix. But be a little careful here.
          // We should never mark the top level as a quick-fix, because that means that we gack
          // on every mis-spelled app. In this case we simply send a 404 and bolt.
          //
          if (mappedEx instanceof DefinitionNotFoundException) {
            DefinitionNotFoundException dnfe = (DefinitionNotFoundException) mappedEx;

            if (dnfe.getDescriptor() != null
                && dnfe.getDescriptor().equals(context.getApplicationDescriptor())) {
              // We're in production and tried to hit an aura app that doesn't exist.
              // just show the standard 404 page.
              this.send404(request.getServletContext(), request, response);
              return;
            }
          }
          map = true;
          mappedEx = new AuraUnhandledException("404 Not Found (Application Error)", mappedEx);
        }
      }
      if (map) {
        mappedEx = exceptionAdapter.handleException(mappedEx);
      }

      PrintWriter out = response.getWriter();

      //
      // If we have written out data, We are kinda toast in this case.
      // We really want to roll it all back, but we can't, so we opt
      // for the best we can do. For HTML we can do nothing at all.
      //
      if (format == Format.JSON) {
        if (!written) {
          out.write(CSRF_PROTECT);
        }
        //
        // If an exception happened while we were emitting JSON, we want the
        // client to ignore the now-corrupt data structure. 404s and 500s
        // cause the client to prepend /*, so we can effectively erase the
        // bad data by appending a */ here and then serializing the exception
        // info.
        //
        out.write("*/");
        //
        // Unfortunately we can't do the following now. It might be possible
        // in some cases, but we don't want to go there unless we have to.
        //
      }
      if (format == Format.JS || format == Format.CSS) {
        // Make sure js and css doesn't get cached in browser, appcache, etc
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
      }
      if (format == Format.JSON
          || format == Format.HTML
          || format == Format.JS
          || format == Format.CSS) {
        //
        // We only write out exceptions for HTML or JSON.
        // Seems bogus, but here it is.
        //
        // Start out by cleaning out some settings to ensure we don't
        // check too many things, leading to a circular failure. Note
        // that this is still a bit dangerous, as we seem to have a lot
        // of magic in the serializer.
        //
        // Clear the InstanceStack before trying to serialize the exception since the Throwable has
        // likely
        // rendered the stack inaccurate, and may falsely trigger NoAccessExceptions.
        InstanceStack stack = this.contextService.getCurrentContext().getInstanceStack();
        List<String> list = stack.getStackInfo();
        for (int count = list.size(); count > 0; count--) {
          stack.popInstance(stack.peek());
        }

        serializationService.write(mappedEx, null, out);
        if (format == Format.JSON) {
          out.write("/*ERROR*/");
        }
      }
    } catch (IOException ioe) {
      throw ioe;
    } catch (Throwable death) {
      //
      // Catch any other exception and log it. This is actually kinda bad, because something has
      // gone horribly wrong. We should write out some sort of generic page other than a 404,
      // but at this point, it is unclear what we can do, as stuff is breaking right and left.
      //
      try {
        response.setStatus(HttpStatus.SC_INTERNAL_SERVER_ERROR);
        exceptionAdapter.handleException(death);
        if (!isProductionMode(context.getMode())) {
          response.getWriter().println(death.getMessage());
        }
      } catch (IOException ioe) {
        throw ioe;
      } catch (Throwable doubleDeath) {
        // we are totally hosed.
        if (!isProductionMode(context.getMode())) {
          response.getWriter().println(doubleDeath.getMessage());
        }
      }
    } finally {
      this.contextService.endContext();
    }
  }
Example #8
0
  public ComponentDefModel() throws QuickFixException {
    AuraContext context = Aura.getContextService().getCurrentContext();
    BaseComponent<?, ?> component = context.getCurrentComponent();

    String desc = (String) component.getAttributes().getValue("descriptor");

    DefType defType =
        DefType.valueOf(((String) component.getAttributes().getValue("defType")).toUpperCase());
    DefinitionService definitionService = Aura.getDefinitionService();
    descriptor = definitionService.getDefDescriptor(desc, defType.getPrimaryInterface());
    definition = descriptor.getDef();

    ReferenceTreeModel.assertAccess(definition);

    String type = null;
    if (definition instanceof RootDefinition) {
      RootDefinition rootDef = (RootDefinition) definition;
      for (AttributeDef attribute : rootDef.getAttributeDefs().values()) {
        if (ReferenceTreeModel.hasAccess(attribute)) {
          attributes.add(new AttributeModel(attribute));
        }
      }

      DocumentationDef docDef = rootDef.getDocumentationDef();
      doc = docDef != null ? new DocumentationDefModel(docDef) : null;

      if (definition instanceof BaseComponentDef) {
        BaseComponentDef cmpDef = (BaseComponentDef) definition;
        for (RegisterEventDef reg : cmpDef.getRegisterEventDefs().values()) {
          if (ReferenceTreeModel.hasAccess(reg)) {
            events.add(new AttributeModel(reg));
          }
        }

        for (EventHandlerDef handler : cmpDef.getHandlerDefs()) {
          handledEvents.add(new AttributeModel(handler));
        }

        for (DefDescriptor<InterfaceDef> intf : cmpDef.getInterfaces()) {
          if (ReferenceTreeModel.hasAccess(intf.getDef())) {
            interfaces.add(intf.getNamespace() + ":" + intf.getName());
          }
        }

        DefDescriptor<?> superDesc = cmpDef.getExtendsDescriptor();
        if (superDesc != null) {
          theSuper = superDesc.getNamespace() + ":" + superDesc.getName();
        } else {
          theSuper = null;
        }

        isAbstract = cmpDef.isAbstract();
        isExtensible = cmpDef.isExtensible();

      } else if (definition instanceof EventDef) {
        EventDef eventDef = (EventDef) definition;
        DefDescriptor<?> superDesc = eventDef.getExtendsDescriptor();
        if (superDesc != null) {
          theSuper = superDesc.getNamespace() + ":" + superDesc.getName();
        } else {
          theSuper = null;
        }

        type = eventDef.getEventType().name();
        isExtensible = true;
        isAbstract = false;
      } else {
        theSuper = null;
        isExtensible = true;
        isAbstract = false;
      }

      support = rootDef.getSupport().name();

      if (definition instanceof RootDefinition) {
        List<DefDescriptor<?>> deps = ((RootDefinition) definition).getBundle();

        for (DefDescriptor<?> dep : deps) {
          // we already surface the documentation--users don't need to see the source for it.
          if (dep.getDefType() != DefType.DOCUMENTATION) {
            Definition def = dep.getDef();
            if (ReferenceTreeModel.hasAccess(def)) {
              defs.add(new DefModel(dep));
            }
          }
        }
      }
    } else {
      support = null;
      theSuper = null;
      isExtensible = false;
      isAbstract = false;
      doc = null;
    }
    this.type = type;
  }