Find Usages Raw Source Download 
1
  /*
2
   * Licensed to the Apache Software Foundation (ASF) under one or more
3
   * contributor license agreements.  See the NOTICE file distributed with
4
   * this work for additional information regarding copyright ownership.
5
   * The ASF licenses this file to You under the Apache License, Version 2.0
6
   * (the "License"); you may not use this file except in compliance with
7
   * the License.  You may obtain a copy of the License at
8
   *
9
   *      http://www.apache.org/licenses/LICENSE-2.0
10
  *
11
  * Unless required by applicable law or agreed to in writing, software
12
  * distributed under the License is distributed on an "AS IS" BASIS,
13
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
  * See the License for the specific language governing permissions and
15
  * limitations under the License.
16
  */
17
 package org.apache.sling.api.servlets;
18
 
27
 import java.util.Map;
28
 
35
 
Helper base class for read-only Servlets used in Sling. This base class is actually just a better implementation of the Servlet API HttpServlet class which accounts for extensibility. So extensions of this class have great control over what methods to overwrite.

If any of the default HTTP methods is to be implemented just overwrite the respective doXXX method. If additional methods should be supported implement appropriate doXXX methods and overwrite the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method to dispatch to the doXXX methods as appropriate and overwrite the getAllowedRequestMethods(java.util.Map) to add the new method names.

Please note, that this base class is intended for applications where data is only read. As such, this servlet by itself does not support the POST, PUT and DELETE methods. Extensions of this class should either overwrite any of the doXXX methods of this class or add support for other read-only methods only. Applications wishing to support data modification should rather use or extend the SlingAllMethodsServlet which also contains support for the POST, PUT and DELETE methods. This latter class should also be overwritten to add support for HTTP methods modifying data.

Implementors note: The methods in this class are all declared to throw the exceptions according to the intentions of the Servlet API rather than throwing their Sling RuntimeException counter parts. This is done to easy the integration with traditional servlets.

See also:
SlingAllMethodsServlet
69
 
70
 public class SlingSafeMethodsServlet extends GenericServlet {

    
Handles the HEAD method.

This base implementation just calls the doGet(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method dropping the output. Implementations of this class may overwrite this method if they have a more performing implementation. Otherwise, they may just keep this base implementation.

Parameters:
request The HTTP request
response The HTTP response which only gets the headers set
Throws:
javax.servlet.ServletException Forwarded from the doGet(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method called by this implementation.
java.io.IOException Forwarded from the doGet(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method called by this implementation.
89
 
90
     protected void doHead(SlingHttpServletRequest request,
91
             SlingHttpServletResponse responsethrows ServletException,
92
             IOException {
93
 
94
         // the null-output wrapper
95
         NoBodyResponse wrappedResponse = new NoBodyResponse(response);
96
 
97
         // do a normal get request, dropping the output
98
         doGet(requestwrappedResponse);
99
 
100
        // ensure the content length is set as gathered by the null-output
101
        wrappedResponse.setContentLength();
102
    }

    
Called by the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method to handle an HTTP GET request.

This default implementation reports back to the client that the method is not supported.

Implementations of this class should overwrite this method with their implementation for the HTTP GET method support.

Parameters:
request The HTTP request
response The HTTP response
Throws:
javax.servlet.ServletException Not thrown by this implementation.
java.io.IOException If the error status cannot be reported back to the client.
121
    protected void doGet(SlingHttpServletRequest request,
122
            SlingHttpServletResponse responsethrows ServletException,
123
            IOException {
124
        handleMethodNotImplemented(requestresponse);
125
    }

    
Handles the OPTIONS method by setting the HTTP Allow header on the response depending on the methods declared in this class.

Extensions of this class should generally not overwrite this method but rather the getAllowedRequestMethods(java.util.Map) method. This method gathers all declared public and protected methods for the concrete class (upto but not including this class) and calls the getAllowedRequestMethods(java.util.Map) method with the methods gathered. The returned value is then used as the value of the Allow header set.

Parameters:
request The HTTP request object. Not used.
response The HTTP response object on which the header is set.
Throws:
javax.servlet.ServletException Not thrown by this implementation.
java.io.IOException Not thrown by this implementation.
145
    protected void doOptions(SlingHttpServletRequest request,
146
            SlingHttpServletResponse responsethrows ServletException,
147
            IOException {
148
        Map<StringMethodmethods = getAllDeclaredMethods(getClass());
149
        StringBuffer allowBuf = getAllowedRequestMethods(methods);
150
        response.setHeader("Allow"allowBuf.toString());
151
    }

    
Handles the TRACE method by just returning the list of all header values in the response body.

Extensions of this class do not generally need to overwrite this method as it contains all there is to be done to the TRACE method.

Parameters:
request The HTTP request whose headers are returned.
response The HTTP response into which the request headers are written.
Throws:
javax.servlet.ServletException Not thrown by this implementation.
java.io.IOException May be thrown if there is an problem sending back the request headers in the response stream.
167
    protected void doTrace(SlingHttpServletRequest request,
168
            SlingHttpServletResponse responsethrows ServletException,
169
            IOException {
171
        String CRLF = "\r\n";
173
        StringBuffer responseString = new StringBuffer();
174
        responseString.append("TRACE ").append(request.getRequestURI());
175
        responseString.append(' ').append(request.getProtocol());
177
        Enumeration<?> reqHeaderEnum = request.getHeaderNames();
178
        while (reqHeaderEnum.hasMoreElements()) {
179
            String headerName = (String) reqHeaderEnum.nextElement();
181
            Enumeration<?> reqHeaderValEnum = request.getHeaders(headerName);
182
            while (reqHeaderValEnum.hasMoreElements()) {
183
                responseString.append(CRLF);
184
                responseString.append(headerName).append(": ");
185
                responseString.append(reqHeaderValEnum.nextElement());
186
            }
187
        }
189
        responseString.append(CRLF);
191
        String charset = "UTF-8";
192
        byte[] rawResponse = responseString.toString().getBytes(charset);
193
        int responseLength = rawResponse.length;
195
        response.setContentType("message/http");
196
        response.setCharacterEncoding(charset);
197
        response.setContentLength(responseLength);
199
        ServletOutputStream out = response.getOutputStream();
200
        out.write(rawResponse);
201
    }

    
Called by the service(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method to handle a request for an HTTP method, which is not known and handled by this class or its extension.

This default implementation reports back to the client that the method is not supported.

This method should be overwritten with great care. It is better to overwrite the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method and add support for any extension HTTP methods through an additional doXXX method.

Parameters:
request The HTTP request
response The HTTP response
Throws:
javax.servlet.ServletException Not thrown by this implementation.
java.io.IOException If the error status cannot be reported back to the client.
223
    protected void doGeneric(SlingHttpServletRequest request,
224
            SlingHttpServletResponse responsethrows ServletException,
225
            IOException {
226
        handleMethodNotImplemented(requestresponse);
227
    }

    
Tries to handle the request by calling a Java method implemented for the respective HTTP request method.

This base class implentation dispatches the HEAD, GET, OPTIONS and TRACE to the respective doXXX methods and returns true if any of these methods is requested. Otherwise false is just returned.

Implementations of this class may overwrite this method but should first call this base implementation and in case false is returned add handling for any other method and of course return whether the requested method was known or not.

Parameters:
request The HTTP request
response The HTTP response
Returns:
true if the requested method (request.getMethod()) is known. Otherwise false is returned.
Throws:
javax.servlet.ServletException Forwarded from any of the dispatched methods
java.io.IOException Forwarded from any of the dispatched methods
251
    protected boolean mayService(SlingHttpServletRequest request,
252
            SlingHttpServletResponse responsethrows ServletException,
253
            IOException {
255
        // assume the method is known for now
256
        boolean methodKnown = true;
258
        String method = request.getMethod();
259
        if (HttpConstants.METHOD_HEAD.equals(method)) {
260
            doHead(requestresponse);
261
        } else if (HttpConstants.METHOD_GET.equals(method)) {
262
            doGet(requestresponse);
263
        } else if (HttpConstants.METHOD_OPTIONS.equals(method)) {
264
            doOptions(requestresponse);
265
        } else if (HttpConstants.METHOD_TRACE.equals(method)) {
266
            doTrace(requestresponse);
267
        } else {
268
            // actually we do not know the method
269
            methodKnown = false;
270
        }
272
        // return whether we actually knew the request method or not
273
        return methodKnown;
274
    }

    
Helper method which causes an appropriate HTTP response to be sent for an unhandled HTTP request method. In case of HTTP/1.1 a 405 status code (Method Not Allowed) is returned, otherwise a 400 status (Bad Request) is returned.

Parameters:
request The HTTP request from which the method and protocol values are extracted to build the appropriate message.
response The HTTP response to which the error status is sent.
Throws:
java.io.IOException Thrown if the status cannot be sent to the client.
287
    protected void handleMethodNotImplemented(SlingHttpServletRequest request,
288
            SlingHttpServletResponse responsethrows IOException {
289
        String protocol = request.getProtocol();
290
        String msg = "Method " + request.getMethod() + " not supported";
292
        if (protocol.endsWith("1.1")) {
294
            // for HTTP/1.1 use 405 Method Not Allowed
295
            response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWEDmsg);
297
        } else {
299
            // otherwise use 400 Bad Request
300
            response.sendError(HttpServletResponse.SC_BAD_REQUESTmsg);
302
        }
303
    }

    
Called by the service(javax.servlet.ServletRequest,javax.servlet.ServletResponse) method to handle the HTTP request. This implementation calls the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method and depedending on its return value call the doGeneric(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method. If the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method can handle the request, the doGeneric(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method is not called otherwise it is called.

Implementations of this class should not generally overwrite this method. Rather the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method should be overwritten to add support for more HTTP methods.

Parameters:
request The HTTP request
response The HTTP response
Throws:
javax.servlet.ServletException Forwarded from the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) or doGeneric(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) methods.
java.io.IOException Forwarded from the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) or doGeneric(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) methods.
333
    protected void service(SlingHttpServletRequest request,
334
            SlingHttpServletResponse responsethrows ServletException,
335
            IOException {
337
        // first try to handle the request by the known methods
338
        boolean methodKnown = mayService(requestresponse);
340
        // otherwise try to handle it through generic means
341
        if (!methodKnown) {
342
            doGeneric(requestresponse);
343
        }
344
    }

    
Forwards the request to the service(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method if the request is a HTTP request.

Implementations of this class will not generally overwrite this method.

Parameters:
req The Servlet request
res The Servlet response
Throws:
javax.servlet.ServletException If the request is not a HTTP request or forwarded from the service(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) called.
java.io.IOException Forwarded from the service(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) called.
363
    public void service(ServletRequest reqServletResponse res)
364
            throws ServletExceptionIOException {
366
        if ((req instanceof SlingHttpServletRequest)
367
            && (res instanceof SlingHttpServletResponse)) {
369
            service((SlingHttpServletRequest) req,
370
                (SlingHttpServletResponse) res);
372
        } else {
374
            throw new ServletException("Not a Sling HTTP request/response");
376
        }
377
    }

    
Returns the simple class name of this servlet class. Extensions of this class may overwrite to return more specific information. 
383
    public String getServletInfo() {
384
        return getClass().getSimpleName();
385
    }

    
Helper method called by doOptions(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) to calculate the value of the Allow header sent as the response to the HTTP OPTIONS request.

This base class implementation checks whether any doXXX methods exist for GET and HEAD and returns the list of methods supported found. The list returned always includes the HTTP OPTIONS and TRACE methods.

Implementations of this class may overwrite this method check for more methods supported by the extension (generally the same list as used in the mayService(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method). This base class implementation should always be called to make sure the default HTTP methods are included in the list.

Parameters:
declaredMethods The public and protected methods declared in the extension of this class.
Returns:
A StringBuffer containing the list of HTTP methods supported.
410
            Map<StringMethoddeclaredMethods) {
411
        StringBuffer allowBuf = new StringBuffer();
413
        // OPTIONS and TRACE are always supported by this servlet
414
        allowBuf.append(HttpConstants.METHOD_OPTIONS);
415
        allowBuf.append(", ").append(HttpConstants.METHOD_TRACE);
417
        // add more method names depending on the methods found
418
        if (declaredMethods.containsKey("doHead")
419
            && !declaredMethods.containsKey("doGet")) {
420
            allowBuf.append(", ").append(HttpConstants.METHOD_HEAD);
422
        } else if (declaredMethods.containsKey("doGet")) {
423
            allowBuf.append(", ").append(HttpConstants.METHOD_GET);
424
            allowBuf.append(", ").append(HttpConstants.METHOD_HEAD);
426
        }
428
        return allowBuf;
429
    }

    
Returns a map of methods declared by the class indexed by method name. This method is called by the doOptions(org.apache.sling.api.SlingHttpServletRequest,org.apache.sling.api.SlingHttpServletResponse) method to find the methods to be checked by the getAllowedRequestMethods(java.util.Map) method. Note, that only extension classes of this class are considered to be sure to not account for the default implementations of the doXXX methods in this class.

Parameters:
c The Class to get the declared methods from
Returns:
The Map of methods considered for support checking.
443
    private Map<StringMethodgetAllDeclaredMethods(Class<?> c) {
444
        // stop (and do not include) the AbstractSlingServletClass
445
        if (c == null
446
            || c.getName().equals(SlingSafeMethodsServlet.class.getName())) {
447
            return new HashMap<StringMethod>();
448
        }
450
        // get the declared methods from the base class
451
        Map<StringMethodmethodSet = getAllDeclaredMethods(c.getSuperclass());
453
        // add declared methods of c (maybe overwrite base class methods)
454
        Method[] declaredMethods = c.getDeclaredMethods();
455
        for (Method method : declaredMethods) {
456
            // only consider public and protected methods
457
            if (Modifier.isProtected(method.getModifiers())
458
                || Modifier.isPublic(method.getModifiers())) {
459
                methodSet.put(method.getName(), method);
460
            }
461
        }
463
        return methodSet;
464
    }

    
A response that includes no body, for use in (dumb) "HEAD" support. This just swallows that body, counting the bytes in order to set the content length appropriately. 
471
    private class NoBodyResponse extends SlingHttpServletResponseWrapper {

        
The byte sink and counter
474
        private NoBodyOutputStream noBody;

        
Optional writer around the byte sink
477
        private PrintWriter writer;

        
Whether the request processor set the content length itself or not.
480
        private boolean didSetContentLength;
482
        NoBodyResponse(SlingHttpServletResponse wrappedResponse) {
483
            super(wrappedResponse);
484
            noBody = new NoBodyOutputStream();
485
        }

        
Called at the end of request processing to ensure the content length is set. If the processor already set the length, this method does not do anything. Otherwise the number of bytes written through the null-output is set on the response. 
493
        void setContentLength() {
494
            if (!didSetContentLength) {
495
                setContentLength(noBody.getContentLength());
496
            }
497
        }

        
Overwrite this to prevent setting the content length at the end of the request through setContentLength() 
503
        public void setContentLength(int len) {
504
            super.setContentLength(len);
505
            didSetContentLength = true;
506
        }

        
Just return the null output stream and don't check whether a writer has already been acquired. 
512
        public ServletOutputStream getOutputStream() {
513
            return noBody;
514
        }

        
Just return the writer to the null output stream and don't check whether an output stram has already been acquired. 
520
        public PrintWriter getWriter() throws UnsupportedEncodingException {
521
            if (writer == null) {
522
                OutputStreamWriter w;
524
                w = new OutputStreamWriter(noBodygetCharacterEncoding());
525
                writer = new PrintWriter(w);
526
            }
527
            return writer;
528
        }
529
    }

    
Simple ServletOutputStream which just does not write but counts the bytes written through it. This class is used by the NoBodyResponse. 
535
    private class NoBodyOutputStream extends ServletOutputStream {
537
        private int contentLength = 0;

        

Returns:
the number of bytes "written" through this stream
542
        int getContentLength() {
543
            return contentLength;
544
        }
546
        public void write(int b) {
547
            contentLength++;
548
        }
550
        public void write(byte buf[], int offsetint len) {
551
            if (len >= 0) {
552
                contentLength += len;
553
            } else {
554
                throw new IndexOutOfBoundsException();
555
            }
556
        }
557
    }
New to GrepCode? Check out our FAQ X