mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-11 00:10:36 +00:00
Code Issues Releases Wiki Activity
Files
5012893c1d761d60591f165a1c5640624b28df9d
nomulus/java/google/registry/security/JsonTransportServlet.java
Justine Tunney 5012893c1d mv com/google/domain/registry google/registry 
This change renames directories in preparation for the great package
rename. The repository is now in a broken state because the code
itself hasn't been updated. However this should ensure that git
correctly preserves history for each file.
2016-05-13 18:55:08 -04:00

77 lines
2.7 KiB
Java
Raw Blame History

// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.domain.registry.security;
import static com.google.common.base.Preconditions.checkNotNull;
import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
import static javax.servlet.http.HttpServletResponse.SC_OK;
import com.google.domain.registry.request.HttpException;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Secure servlet that speaks JSON for both input and output.
*
* <p>This servlet accepts only JSON inputs (using the payload) and returns only JSON
* responses, using and various security best practices such as a parser breaker,
* {@code Content-Disposition: attachment}, etc.
*
* @see JsonHttp
*/
public abstract class JsonTransportServlet extends XsrfProtectedServlet {
protected JsonTransportServlet(String xsrfScope, boolean requireAdmin) {
super(xsrfScope, requireAdmin);
}
/**
* Verify that this is a well-formed request and then execute it. A well-formed request will have
* either a JSON string in the "json" param that evaluates to a map, or nothing in "json".
*/
@Override
protected final void doPost(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
Map<String, ?> input = JsonHttp.read(req);
if (input == null) {
rsp.sendError(SC_BAD_REQUEST, "Malformed JSON");
return;
}
Map<String, ?> output;
try {
output = doJsonPost(req, input);
} catch (HttpException e) {
e.send(rsp);
return;
}
checkNotNull(output, "doJsonPost() returned null");
rsp.setStatus(SC_OK);
JsonHttp.write(rsp, output);
}
/**
* Handler for HTTP POST requests.
*
* @param req Servlet request object.
* @param input JSON request object or empty if none was provided.
* @return an arbitrary JSON object. Must not be {@code null}.
* @throws HttpException in order to send a non-200 status code / message to the client.
*/
public abstract Map<String, Object> doJsonPost(HttpServletRequest req, Map<String, ?> input);
}
Reference in New Issue View Git Blame Copy Permalink