zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-30 12:07:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/security/JsonTransportServlet.java
mcilwain aa2f283f7c Convert entire project to strict lexicographical import sort ordering 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=127234970
2016-07-13 15:59:53 -04:00

74 lines
2.6 KiB
Java
Raw Blame History

// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.security;
import static com.google.common.base.Preconditions.checkNotNull;
import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
import static javax.servlet.http.HttpServletResponse.SC_OK;
import google.registry.request.HttpException;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Secure servlet that speaks JSON for both input and output.
*
* <p>This servlet accepts only JSON inputs (using the payload) and returns only JSON
* responses, using and various security best practices such as a parser breaker,
* {@code Content-Disposition: attachment}, etc.
*
* @see JsonHttp
*/
public abstract class JsonTransportServlet extends XsrfProtectedServlet {
protected JsonTransportServlet(String xsrfScope, boolean requireAdmin) {
super(xsrfScope, requireAdmin);
}
/**
* Verify that this is a well-formed request and then execute it. A well-formed request will have
* either a JSON string in the "json" param that evaluates to a map, or nothing in "json".
*/
@Override
protected final void doPost(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
Map<String, ?> input = JsonHttp.read(req);
if (input == null) {
rsp.sendError(SC_BAD_REQUEST, "Malformed JSON");
return;
}
Map<String, ?> output;
try {
output = doJsonPost(req, input);
} catch (HttpException e) {
e.send(rsp);
return;
}
checkNotNull(output, "doJsonPost() returned null");
rsp.setStatus(SC_OK);
JsonHttp.write(rsp, output);
}
/**
* Handler for HTTP POST requests.
*
* @param req Servlet request object.
* @param input JSON request object or empty if none was provided.
* @return an arbitrary JSON object. Must not be {@code null}.
* @throws HttpException in order to send a non-200 status code / message to the client.
*/
public abstract Map<String, Object> doJsonPost(HttpServletRequest req, Map<String, ?> input);
}
Reference in a new issue View git blame Copy permalink