Search in sources :

Example 1 with BadRequestException

use of org.exist.http.BadRequestException in project exist by eXist-db.

the class EXistServlet method doPatch.

protected void doPatch(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    // first, adjust the path
    String path = adjustPath(request);
    // second, perform descriptor actions
    final Descriptor descriptor = Descriptor.getDescriptorSingleton();
    if (descriptor != null) {
        // TODO: figure out a way to log PATCH requests with
        // HttpServletRequestWrapper and
        // Descriptor.doLogRequestInReplayLog()
        // map's the path if a mapping is specified in the descriptor
        path = descriptor.mapPath(path);
    }
    // third, authenticate the user
    final Subject user = authenticate(request, response);
    if (user == null) {
        // You now get a HTTP Authentication challenge if there is no user
        return;
    }
    // fourth, process the request
    try (final DBBroker broker = getPool().get(Optional.of(user));
        final Txn transaction = getPool().getTransactionManager().beginTransaction()) {
        final XmldbURI dbpath = XmldbURI.createInternal(path);
        try (final Collection collection = broker.getCollection(dbpath)) {
            if (collection != null) {
                transaction.abort();
                response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "A PATCH request is not allowed against a plain collection path.");
                return;
            }
        }
        try {
            srvREST.doPatch(broker, transaction, dbpath, request, response);
            transaction.commit();
        } catch (final Throwable t) {
            transaction.abort();
            throw t;
        }
    } catch (final MethodNotAllowedException e) {
        response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, e.getMessage());
    } catch (final BadRequestException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
    } catch (final PermissionDeniedException e) {
        // Else return a FORBIDDEN Error
        if (user.equals(getDefaultUser())) {
            getAuthenticator().sendChallenge(request, response);
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
        }
    } catch (final EXistException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
    } catch (final Throwable e) {
        LOG.error(e);
        throw new ServletException("An unknown error occurred: " + e.getMessage(), e);
    }
}
Also used : MethodNotAllowedException(org.exist.http.MethodNotAllowedException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject) ServletException(javax.servlet.ServletException) DBBroker(org.exist.storage.DBBroker) Descriptor(org.exist.http.Descriptor) Collection(org.exist.collections.Collection) BadRequestException(org.exist.http.BadRequestException) PermissionDeniedException(org.exist.security.PermissionDeniedException) XmldbURI(org.exist.xmldb.XmldbURI)

Example 2 with BadRequestException

use of org.exist.http.BadRequestException in project exist by eXist-db.

the class EXistServlet method doPost.

@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse response) throws ServletException, IOException {
    HttpServletRequest request = null;
    try {
        // For POST request, If we are logging the requests we must wrap
        // HttpServletRequest in HttpServletRequestWrapper
        // otherwise we cannot access the POST parameters from the content body
        // of the request!!! - deliriumsky
        final Descriptor descriptor = Descriptor.getDescriptorSingleton();
        if (descriptor != null) {
            if (descriptor.allowRequestLogging()) {
                request = new HttpServletRequestWrapper(() -> (String) getPool().getConfiguration().getProperty(Configuration.BINARY_CACHE_CLASS_PROPERTY), req, getFormEncoding());
            } else {
                request = req;
            }
        } else {
            request = req;
        }
        // first, adjust the path
        String path = request.getPathInfo();
        if (path == null) {
            path = "";
        } else {
            path = adjustPath(request);
        }
        // second, perform descriptor actions
        if (descriptor != null && !descriptor.requestsFiltered()) {
            // logs the request if specified in the descriptor
            descriptor.doLogRequestInReplayLog(request);
            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }
        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a HTTP Authentication challenge if there is no user
            return;
        }
        // fourth, process the request
        try (final DBBroker broker = getPool().get(Optional.of(user));
            final Txn transaction = getPool().getTransactionManager().beginTransaction()) {
            try {
                srvREST.doPost(broker, transaction, request, response, path);
                transaction.commit();
            } catch (final Throwable t) {
                transaction.abort();
                throw t;
            }
        } catch (final PermissionDeniedException e) {
            // Else return a FORBIDDEN Error
            if (user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final EXistException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage(), e);
            }
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
        } catch (final BadRequestException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage(), e);
            }
            response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
        } catch (final NotFoundException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage(), e);
            }
            response.sendError(HttpServletResponse.SC_NOT_FOUND, e.getMessage());
        } catch (final Throwable e) {
            getLog().error(e);
            throw new ServletException("An unknown error occurred: " + e.getMessage(), e);
        }
    } finally {
        if (request instanceof HttpServletRequestWrapper) {
            ((HttpServletRequestWrapper) request).close();
        }
    }
}
Also used : NotFoundException(org.exist.http.NotFoundException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) DBBroker(org.exist.storage.DBBroker) Descriptor(org.exist.http.Descriptor) BadRequestException(org.exist.http.BadRequestException) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 3 with BadRequestException

use of org.exist.http.BadRequestException in project exist by eXist-db.

the class EXistServlet method doGet.

@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    // first, adjust the path
    String path = adjustPath(request);
    // second, perform descriptor actions
    final Descriptor descriptor = Descriptor.getDescriptorSingleton();
    if (descriptor != null && !descriptor.requestsFiltered()) {
        // logs the request if specified in the descriptor
        descriptor.doLogRequestInReplayLog(request);
        // map's the path if a mapping is specified in the descriptor
        path = descriptor.mapPath(path);
    }
    // third, authenticate the user
    final Subject user = authenticate(request, response);
    if (user == null) {
        // You now get a HTTP Authentication challenge if there is no user
        return;
    }
    // fourth, process the request
    try (final DBBroker broker = getPool().get(Optional.of(user));
        final Txn transaction = getPool().getTransactionManager().beginTransaction()) {
        try {
            srvREST.doGet(broker, transaction, request, response, path);
            transaction.commit();
        } catch (final Throwable t) {
            transaction.abort();
            throw t;
        }
    } catch (final BadRequestException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage());
        }
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
    } catch (final PermissionDeniedException e) {
        // Else return a FORBIDDEN Error
        if (user.equals(getDefaultUser())) {
            getAuthenticator().sendChallenge(request, response);
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
        }
    } catch (final NotFoundException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage());
        }
        response.sendError(HttpServletResponse.SC_NOT_FOUND, e.getMessage());
    } catch (final EXistException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
    } catch (final EOFException ee) {
        getLog().error("GET Connection has been interrupted", ee);
        throw new ServletException("GET Connection has been interrupted", ee);
    } catch (final Throwable e) {
        getLog().error(e.getMessage(), e);
        throw new ServletException("An error occurred: " + e.getMessage(), e);
    }
}
Also used : ServletException(javax.servlet.ServletException) DBBroker(org.exist.storage.DBBroker) EOFException(java.io.EOFException) Descriptor(org.exist.http.Descriptor) BadRequestException(org.exist.http.BadRequestException) NotFoundException(org.exist.http.NotFoundException) PermissionDeniedException(org.exist.security.PermissionDeniedException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject)

Example 4 with BadRequestException

use of org.exist.http.BadRequestException in project exist by eXist-db.

the class EXistServlet method doPut.

@Override
protected void doPut(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    // first, adjust the path
    String path = adjustPath(request);
    // second, perform descriptor actions
    final Descriptor descriptor = Descriptor.getDescriptorSingleton();
    if (descriptor != null) {
        // TODO: figure out a way to log PUT requests with
        // HttpServletRequestWrapper and
        // Descriptor.doLogRequestInReplayLog()
        // map's the path if a mapping is specified in the descriptor
        path = descriptor.mapPath(path);
    }
    // third, authenticate the user
    final Subject user = authenticate(request, response);
    if (user == null) {
        // You now get a HTTP Authentication challenge if there is no user
        return;
    }
    // fourth, process the request
    try (final DBBroker broker = getPool().get(Optional.of(user));
        final Txn transaction = getPool().getTransactionManager().beginTransaction()) {
        final XmldbURI dbpath = XmldbURI.createInternal(path);
        try (final Collection collection = broker.getCollection(dbpath)) {
            if (collection != null) {
                transaction.abort();
                response.sendError(HttpServletResponse.SC_BAD_REQUEST, "A PUT request is not allowed against a plain collection path.");
                return;
            }
        }
        try {
            srvREST.doPut(broker, transaction, dbpath, request, response);
            transaction.commit();
        } catch (final Throwable t) {
            transaction.abort();
            throw t;
        }
    } catch (final BadRequestException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
    } catch (final PermissionDeniedException e) {
        // Else return a FORBIDDEN Error
        if (user.equals(getDefaultUser())) {
            getAuthenticator().sendChallenge(request, response);
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
        }
    } catch (final EXistException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
    } catch (final Throwable e) {
        LOG.error(e);
        throw new ServletException("An unknown error occurred: " + e.getMessage(), e);
    }
}
Also used : ServletException(javax.servlet.ServletException) DBBroker(org.exist.storage.DBBroker) Descriptor(org.exist.http.Descriptor) Collection(org.exist.collections.Collection) BadRequestException(org.exist.http.BadRequestException) PermissionDeniedException(org.exist.security.PermissionDeniedException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject) XmldbURI(org.exist.xmldb.XmldbURI)

Example 5 with BadRequestException

use of org.exist.http.BadRequestException in project exist by eXist-db.

the class EXistServlet method doHead.

@Override
protected void doHead(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    // first, adjust the path
    String path = adjustPath(request);
    // second, perform descriptor actions
    final Descriptor descriptor = Descriptor.getDescriptorSingleton();
    if (descriptor != null && !descriptor.requestsFiltered()) {
        // logs the request if specified in the descriptor
        descriptor.doLogRequestInReplayLog(request);
        // map's the path if a mapping is specified in the descriptor
        path = descriptor.mapPath(path);
    }
    // third, authenticate the user
    final Subject user = authenticate(request, response);
    if (user == null) {
        // You now get a HTTP Authentication challenge if there is no user
        return;
    }
    // fourth, process the request
    try (final DBBroker broker = getPool().get(Optional.of(user));
        final Txn transaction = getPool().getTransactionManager().beginTransaction()) {
        try {
            srvREST.doHead(broker, transaction, request, response, path);
            transaction.commit();
        } catch (final Throwable t) {
            transaction.abort();
            throw t;
        }
    } catch (final BadRequestException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
    } catch (final PermissionDeniedException e) {
        // Else return a FORBIDDEN Error
        if (user.equals(getDefaultUser())) {
            getAuthenticator().sendChallenge(request, response);
        } else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
        }
    } catch (final NotFoundException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_NOT_FOUND, e.getMessage());
    } catch (final EXistException e) {
        if (response.isCommitted()) {
            throw new ServletException(e.getMessage(), e);
        }
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
    } catch (final Throwable e) {
        getLog().error(e);
        throw new ServletException("An unknown error occurred: " + e.getMessage(), e);
    }
}
Also used : ServletException(javax.servlet.ServletException) DBBroker(org.exist.storage.DBBroker) Descriptor(org.exist.http.Descriptor) BadRequestException(org.exist.http.BadRequestException) NotFoundException(org.exist.http.NotFoundException) PermissionDeniedException(org.exist.security.PermissionDeniedException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject)

Aggregations

ServletException (javax.servlet.ServletException)5 EXistException (org.exist.EXistException)5 BadRequestException (org.exist.http.BadRequestException)5 Descriptor (org.exist.http.Descriptor)5 PermissionDeniedException (org.exist.security.PermissionDeniedException)5 Subject (org.exist.security.Subject)5 DBBroker (org.exist.storage.DBBroker)5 Txn (org.exist.storage.txn.Txn)5 NotFoundException (org.exist.http.NotFoundException)3 Collection (org.exist.collections.Collection)2 XmldbURI (org.exist.xmldb.XmldbURI)2 EOFException (java.io.EOFException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 MethodNotAllowedException (org.exist.http.MethodNotAllowedException)1