예제 #1
0
  @Override
  public void fetch(HttpServletRequest request, HttpServletResponse response)
      throws IOException, GadgetException {
    if (request.getHeader("If-Modified-Since") != null) {
      response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
      return;
    }

    String host = request.getHeader("Host");
    if (!lockedDomainService.isSafeForOpenProxy(host)) {
      // Force embedded images and the like to their own domain to avoid XSS
      // in gadget domains.
      String msg =
          "Embed request for url "
              + getParameter(request, URL_PARAM, "")
              + " made to wrong domain "
              + host;
      logger.info(msg);
      throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg);
    }

    HttpRequest rcr = buildHttpRequest(request);
    HttpResponse results = fetcher.fetch(rcr);
    if (contentRewriterRegistry != null) {
      results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
    }

    setResponseHeaders(request, response, results);

    for (Map.Entry<String, List<String>> entry : results.getHeaders().entrySet()) {
      String name = entry.getKey();
      if (!DISALLOWED_RESPONSE_HEADERS.contains(name.toLowerCase())) {
        for (String value : entry.getValue()) {
          response.addHeader(name, value);
        }
      }
    }

    if (rcr.getRewriteMimeType() != null) {
      response.setContentType(rcr.getRewriteMimeType());
    }

    if (results.getHttpStatusCode() != HttpResponse.SC_OK) {
      response.sendError(results.getHttpStatusCode());
    }

    IOUtils.copy(results.getResponse(), response.getOutputStream());
  }
예제 #2
0
  /**
   * Attempts to render the requested gadget.
   *
   * @return The results of the rendering attempt.
   *     <p>TODO: Localize error messages.
   */
  public RenderingResults render(GadgetContext context) {
    if (!validateParent(context)) {
      return RenderingResults.error("Unsupported parent parameter. Check your container code.");
    }

    try {
      Gadget gadget = processor.process(context);

      if (gadget.getCurrentView() == null) {
        return RenderingResults.error(
            "Unable to locate an appropriate view in this gadget. "
                + "Requested: '"
                + gadget.getContext().getView()
                + "' Available: "
                + gadget.getSpec().getViews().keySet());
      }

      if (gadget.getCurrentView().getType() == View.ContentType.URL) {
        return RenderingResults.mustRedirect(gadget.getCurrentView().getHref());
      }

      if (!lockedDomainService.gadgetCanRender(context.getHost(), gadget, context.getContainer())) {
        return RenderingResults.error("Invalid domain");
      }

      return RenderingResults.ok(renderer.render(gadget));
    } catch (RenderingException e) {
      return logError(context.getUrl(), e);
    } catch (ProcessingException e) {
      return logError(context.getUrl(), e);
    } catch (RuntimeException e) {
      if (e.getCause() instanceof GadgetException) {
        return logError(context.getUrl(), e.getCause());
      }
      throw e;
    }
  }