Example 1 with BadRequestException
use of org.webpieces.http.exception.BadRequestException in project webpieces by deanhiller.
the class SvcProxyForHtml method tokenCheck.
/**
* This has to be above LoginFilter so LoginFilter can flash the multiPartParams so edits exist through
* a login!!
*/
private void tokenCheck(RouteInfoForHtml info, RequestContext ctx) {
RouterRequest req = ctx.getRequest();
if (req.multiPartFields.size() == 0)
return;
if (config.isTokenCheckOn() && info.isCheckSecureToken()) {
String token = ctx.getSession().get(SessionImpl.SECURE_TOKEN_KEY);
List<String> formToken = req.multiPartFields.get(RequestContext.SECURE_TOKEN_FORM_NAME);
if (formToken == null)
throw new BadRequestException("missing form token(or route added without setting checkToken variable to false)" + "...someone posting form without getting it first(hacker or otherwise) OR " + "you are not using the #{form}# tag or the #{secureToken}# tag to secure your forms");
else if (formToken.size() == 0) {
throw new BadRequestException("missing form token(or route added without setting checkToken variable to false)" + "...someone posting form without getting it first(hacker or otherwise) OR " + "you are not using the #{form}# tag or the #{secureToken}# tag to secure your forms");
} else if (formToken.size() > 1) {
throw new BadRequestException("Somehow, there are two values for key=" + RequestContext.SECURE_TOKEN_FORM_NAME + ". This name is reserved. perhaps your app is using it?");
}
String formPostedToken = formToken.get(0);
if (token == null) {
throw new BadRequestException("Somehow, the cookie is missing the secure token. key=" + SessionImpl.SECURE_TOKEN_KEY + "." + " This token is set in the session when rendering form tags in FormTag.java when calling Current.session().getOrCreateSecureToken();. form token=" + formPostedToken);
} else if (!token.equals(formPostedToken))
throw new BadRequestException("bad form token...someone posting form with invalid token(hacker or otherwise)");
}
}
Also used :
BadRequestException(org.webpieces.http.exception.BadRequestException)
RouterRequest(org.webpieces.ctx.api.RouterRequest)
Example 2 with BadRequestException
use of org.webpieces.http.exception.BadRequestException in project webpieces by deanhiller.
the class JacksonCatchAllFilter method translateHttpException.
protected byte[] translateHttpException(MethodMeta meta, HttpException t) {
JsonError error = new JsonError();
StatusCode statusCode = t.getStatusCode();
if (statusCode != null) {
String message = t.getStatusCode().getReason() + " : " + t.getMessage();
if (t instanceof BadRequestException) {
message = translateViolations((BadRequestException) t, message);
}
error.setError(message);
error.setCode(t.getStatusCode().getCode());
} else {
error.setCode(t.getHttpCode());
}
if (log.isDebugEnabled()) {
byte[] obj = meta.getCtx().getRequest().body.createByteArray();
String json = new String(obj);
log.debug("Request json failed=" + json + "\n" + error.getError());
}
return translateJson(mapper, error);
}
Also used :
BadRequestException(org.webpieces.http.exception.BadRequestException)
StatusCode(org.webpieces.http.StatusCode)
KnownStatusCode(org.webpieces.httpparser.api.dto.KnownStatusCode)
Aggregations
BadRequestException (org.webpieces.http.exception.BadRequestException)2
RouterRequest (org.webpieces.ctx.api.RouterRequest)1
StatusCode (org.webpieces.http.StatusCode)1
KnownStatusCode (org.webpieces.httpparser.api.dto.KnownStatusCode)1
