From 422daed07f85a4842d07226c57118aa27b0d29de Mon Sep 17 00:00:00 2001 From: "andre.schmid" Date: Fri, 16 Sep 2022 15:45:32 +0100 Subject: [PATCH] Handle absence of Content-Type in Simulator If no Content-Type header was provided, the simulator would throw an exception when trying to parse a null content type. Change-Id: Ife5caa94c166700b309f5a0b4603b45191b08425 Issue-ID: SDC-4181 Signed-off-by: andre.schmid --- utils/webseal-simulator/pom.xml | 5 +++ .../openecomp/sdc/webseal/simulator/SdcProxy.java | 49 ++++++++++++++++++---- 2 files changed, 45 insertions(+), 9 deletions(-) diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 610d4fcd64..265deadb7f 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -45,6 +45,11 @@ ${httpcore.version} + + org.apache.commons + commons-lang3 + + commons-logging commons-logging-api diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index 10a6bb8e74..6112d983ea 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -50,7 +50,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import lombok.AllArgsConstructor; import lombok.Getter; +import org.apache.commons.lang3.StringUtils; import org.apache.http.Header; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpStatus; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; @@ -72,9 +75,13 @@ import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContextBuilder; import org.openecomp.sdc.webseal.simulator.conf.Conf; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class SdcProxy extends HttpServlet { + private static final Logger LOGGER = LoggerFactory.getLogger(SdcProxy.class); + private static final long serialVersionUID = 1L; private static final Set RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet()); @@ -108,13 +115,12 @@ public class SdcProxy extends HttpServlet { } @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { proxy(request, response, MethodEnum.GET); } @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - String userId = request.getParameter("userId"); String password = request.getParameter("password"); @@ -128,38 +134,42 @@ public class SdcProxy extends HttpServlet { if (password != null && getUser(userId, password) == null) { MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request); RequestDispatcher view = request.getRequestDispatcher("login"); - request.setAttribute("message", "ERROR: userid or password incorect"); + request.setAttribute("message", "ERROR: userid or password incorrect"); view.forward(mutableRequest, response); } else { - System.out.println("SdcProxy -> doPost going to doGet"); + if (!verifyContentType(request, response)) { + return; + } request.setAttribute(HTTP_IV_USER, userId); proxy(request, response, MethodEnum.POST); } } @Override - public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + public void doPut(HttpServletRequest request, HttpServletResponse response) throws IOException { + if (!verifyContentType(request, response)) { + return; + } proxy(request, response, MethodEnum.PUT); } @Override - public void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + public void doDelete(HttpServletRequest request, HttpServletResponse response) throws IOException { proxy(request, response, MethodEnum.DELETE); } private void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException { - - Map requestParameters = request.getParameterMap(); String userIdHeader = getUseridFromRequest(request); // new request - forward to login page if (userIdHeader == null) { - System.out.print("Going to login"); + LOGGER.debug("{} not provided. Redirecting to /login", USER_ID); response.sendRedirect("/login"); return; } final User user = getUser(userIdHeader); + Map requestParameters = request.getParameterMap(); String uri = getUri(request, requestParameters); HttpRequestBase httpMethod = createHttpMethod(request, methodEnum, uri); addHeadersToMethod(httpMethod, user, request); @@ -181,6 +191,27 @@ public class SdcProxy extends HttpServlet { } } + private boolean verifyContentType(HttpServletRequest request, HttpServletResponse response) throws IOException { + final String contentTypeHeader = request.getHeader(HttpHeaders.CONTENT_TYPE); + if (StringUtils.isBlank(contentTypeHeader)) { + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write("Missing header " + HttpHeaders.CONTENT_TYPE); + response.getWriter().flush(); + return false; + } + try { + getContentType(request); + } catch (final Exception e) { + final String errorMsg = "Invalid content type"; + LOGGER.debug(errorMsg, e); + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write(errorMsg); + response.getWriter().flush(); + return false; + } + return true; + } + private User getUser(String userId, String password) { User user = getUser(userId); if (user.getPassword().equals(password)) { -- 2.16.6