use of org.webpieces.router.api.exceptions.BadRequestException in project webpieces by deanhiller.
the class ServiceProxy method parseBodyFromContentType.
private void parseBodyFromContentType(Route route, RequestContext ctx, BodyContentBinder bodyContentBinder) {
RouterRequest req = ctx.getRequest();
if (bodyContentBinder != null)
//A route that defines the content gets to override the content type header so just return
return;
if (req.contentLengthHeaderValue == null)
return;
if (req.contentTypeHeaderValue == null) {
log.info("Incoming content length was specified, but no contentType was(We will not parse the body). req=" + req);
return;
}
BodyParser parser = requestBodyParsers.lookup(req.contentTypeHeaderValue);
if (parser == null) {
log.error("Incoming content length was specified but content type was not 'application/x-www-form-urlencoded'(We will not parse body). req=" + req);
return;
}
DataWrapper body = req.body;
Charset encoding = config.getDefaultFormAcceptEncoding();
parser.parse(body, req, encoding);
if (config.isTokenCheckOn() && route.isCheckSecureToken()) {
String token = ctx.getSession().get(SessionImpl.SECURE_TOKEN_KEY);
List<String> formToken = req.multiPartFields.get(RequestContext.SECURE_TOKEN_FORM_NAME);
if (formToken == null)
throw new BadRequestException("missing form token(or route added without setting checkToken variable to false)" + "...someone posting form without getting it first(hacker or otherwise) OR " + "you are not using the #{form}# tag or the #{secureToken}# tag to secure your forms");
else if (!token.equals(formToken.get(0)))
throw new BadRequestException("bad form token...someone posting form with invalid token(hacker or otherwise)");
}
}
Aggregations