/** * Returns an array with all accepted content types. if the root directory was specified. * * @return database */ public String[] produces() { final String[] acc = req.getHeader("Accept").split("\\s*,\\s*"); for (int a = 0; a < acc.length; a++) { if (acc[a].indexOf(';') != -1) acc[a] = acc[a].replaceAll("\\w*;.*", ""); } return acc; }
/** * Constructor. * * @param rq request * @param rs response * @throws IOException I/O exception */ public HTTPContext(final HttpServletRequest rq, final HttpServletResponse rs) throws IOException { req = rq; res = rs; final String m = rq.getMethod(); method = HTTPMethod.get(m); final StringBuilder uri = new StringBuilder(req.getRequestURL()); final String qs = req.getQueryString(); if (qs != null) uri.append('?').append(qs); log(false, m, uri); // set UTF8 as default encoding (can be overwritten) res.setCharacterEncoding(UTF8); segments = toSegments(req.getPathInfo()); path = join(0); user = System.getProperty(DBUSER); pass = System.getProperty(DBPASS); // set session-specific credentials final String auth = req.getHeader(AUTHORIZATION); if (auth != null) { final String[] values = auth.split(" "); if (values[0].equals(BASIC)) { final String[] cred = Base64.decode(values[1]).split(":", 2); if (cred.length != 2) throw new LoginException(NOPASSWD); user = cred[0]; pass = cred[1]; } else { throw new LoginException(WHICHAUTH, values[0]); } } }
@Override public final void service(final HttpServletRequest req, final HttpServletResponse res) throws IOException { final HTTPContext http = new HTTPContext(req, res, this); final boolean restxq = this instanceof RestXqServlet; try { http.authorize(); run(http); http.log(SC_OK, ""); } catch (final HTTPException ex) { http.status(ex.getStatus(), Util.message(ex), restxq); } catch (final LoginException ex) { http.status(SC_UNAUTHORIZED, Util.message(ex), restxq); } catch (final IOException | QueryException ex) { http.status(SC_BAD_REQUEST, Util.message(ex), restxq); } catch (final ProcException ex) { http.status(SC_BAD_REQUEST, Text.INTERRUPTED, restxq); } catch (final Exception ex) { final String msg = Util.bug(ex); Util.errln(msg); http.status(SC_INTERNAL_SERVER_ERROR, Util.info(UNEXPECTED, msg), restxq); } finally { if (Prop.debug) { Util.outln("_ REQUEST _________________________________" + Prop.NL + req); final Enumeration<String> en = req.getHeaderNames(); while (en.hasMoreElements()) { final String key = en.nextElement(); Util.outln(Text.LI + key + Text.COLS + req.getHeader(key)); } Util.out("_ RESPONSE ________________________________" + Prop.NL + res); } } }
/** * Returns a string with the remote user address. * * @return user address */ private String remote() { return new StringBuilder() .append('[') .append(req.getRemoteAddr()) .append(':') .append(req.getRemotePort()) .append(']') .toString(); }
/** * Returns an array with all accepted content types. if the root directory was specified. * * @return database */ public String[] produces() { final String accept = req.getHeader("Accept"); if (accept == null) return new String[0]; final String[] acc = accept.split("\\s*,\\s*"); final int as = acc.length; for (int a = 0; a < as; a++) { if (acc[a].indexOf(';') != -1) acc[a] = acc[a].replaceAll("\\w*;.*", ""); } return acc; }
/** * Returns all query parameters. * * @return parameters */ public Map<String, String[]> params() { final Map<String, String[]> params = new HashMap<String, String[]>(); final Map<?, ?> map = req.getParameterMap(); for (final Entry<?, ?> s : map.entrySet()) { final String key = s.getKey().toString(); final String[] vals = s.getValue() instanceof String[] ? (String[]) s.getValue() : new String[] {s.getValue().toString()}; params.put(key, vals); } return params; }
/** * Constructor. * * @param rq request * @param rs response * @param servlet calling servlet instance * @throws IOException I/O exception */ public HTTPContext( final HttpServletRequest rq, final HttpServletResponse rs, final BaseXServlet servlet) throws IOException { req = rq; res = rs; params = new HTTPParams(this); method = rq.getMethod(); final StringBuilder uri = new StringBuilder(req.getRequestURL()); final String qs = req.getQueryString(); if (qs != null) uri.append('?').append(qs); log('[' + method + "] " + uri, null); // set UTF8 as default encoding (can be overwritten) res.setCharacterEncoding(UTF8); segments = decode(toSegments(req.getPathInfo())); // adopt servlet-specific credentials or use global ones final GlobalOptions mprop = context().globalopts; user = servlet.user != null ? servlet.user : mprop.get(GlobalOptions.USER); pass = servlet.pass != null ? servlet.pass : mprop.get(GlobalOptions.PASSWORD); // overwrite credentials with session-specific data final String auth = req.getHeader(AUTHORIZATION); if (auth != null) { final String[] values = auth.split(" "); if (values[0].equals(BASIC)) { final String[] cred = org.basex.util.Base64.decode(values[1]).split(":", 2); if (cred.length != 2) throw new LoginException(NOPASSWD); user = cred[0]; pass = cred[1]; } else { throw new LoginException(WHICHAUTH, values[0]); } } }
/** * Authenticate the user and returns a new client {@link Context} instance. * * @return client context * @throws LoginException login exception */ public Context authenticate() throws LoginException { final byte[] address = token(req.getRemoteAddr()); try { if (user == null || user.isEmpty() || pass == null || pass.isEmpty()) throw new LoginException(NOPASSWD); final Context ctx = new Context(context(), null); ctx.user = ctx.users.get(user); if (ctx.user == null || !ctx.user.password.equals(md5(pass))) throw new LoginException(); context.blocker.remove(address); return ctx; } catch (final LoginException ex) { // delay users with wrong passwords for (int d = context.blocker.delay(address); d > 0; d--) Performance.sleep(100); throw ex; } }
/** * Returns the content type of a request (without an optional encoding). * * @return content type */ public String contentType() { final String ct = req.getContentType(); return ct != null ? ct.replaceFirst(";.*", "") : null; }
/** * Returns a string with the remote user address. * * @return user address */ private String address() { return req.getRemoteAddr() + ':' + req.getRemotePort(); }