* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.encoder.Encode;
+
/**
* API Apis
* @author Jonathan
// Hide Public Constructor
private API_Hello() {}
-
+
/**
* Normal Init level APIs
- *
+ *
* @param oauthHello
* @param facade
* @throws Exception
////////
// Simple "GET" API
///////
-
+
oauthHello.route(HttpMethods.GET,"/hello/:perm*",API.TOKEN,new HttpCode<AuthzTrans, AAF_Hello>(oauthHello,"Hello OAuth"){
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
String perm = pathParam(req, "perm");
if (perm!=null && perm.length()>0) {
os.print('(');
- os.print(req.getUserPrincipal().getName());
+ os.print(Encode.forJava(req.getUserPrincipal().getName()));
TimeTaken tt = trans.start("Authorize perm", Env.REMOTE);
try {
if (req.isUserInRole(perm)) {
tt.done();
}
os.print("Permission: ");
- os.print(perm);
+ os.print(Encode.forJava(perm));
os.print(')');
}
os.println();
-
+
trans.info().printf("Said 'Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName());
}
- });
+ });
////////////////
// REST APIs
resp.setStatus(406);
}
}
- },APPLICATION_JSON);
+ },APPLICATION_JSON);
////////////////
}
sb.append("}");
ServletOutputStream os = resp.getOutputStream();
- os.println(sb.toString());
+ os.println(Encode.forJava(sb.toString()));
trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName());
}
- },APPLICATION_JSON);
-
+ },APPLICATION_JSON);
+
////////////////
// UPDATE/PUT
////////////////
trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content);
if (content.startsWith("{") && content.endsWith("}")) {
resp.setStatus(200 /* OK */);
- resp.getOutputStream().print(content);
+ resp.getOutputStream().print(Encode.forJava(content));
} else {
resp.getOutputStream().write(NOT_JSON);
resp.setStatus(406);
}
}
- },APPLICATION_JSON);
+ },APPLICATION_JSON);
////////////////
trans.info().printf("Delete requested on %s\n", pathParam(req, ":id"));
resp.setStatus(200 /* OK */);
}
- },APPLICATION_JSON);
+ },APPLICATION_JSON);
}
}
Code Review / aaf / authz.git / blobdiff