dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #27651
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13764: csd: improved csd request validation
------------------------------------------------------------
revno: 13764
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-01-17 14:31:46 +0700
message:
csd: improved csd request validation
removed:
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java
added:
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java
modified:
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java
dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java 2014-01-17 06:14:44 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/common/exception/SoapException.java 2014-01-17 07:31:46 +0000
@@ -31,7 +31,7 @@
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
*/
-public abstract class SoapException extends RuntimeException
+public class SoapException extends RuntimeException
{
private String faultCode = "env:Sender";
=== added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetDirectoryModificationsRequestException.java 2014-01-17 07:31:46 +0000
@@ -0,0 +1,42 @@
+package org.hisp.dhis.web.ohie.csd.exception;
+
+/*
+ * Copyright (c) 2004-2013, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.web.ohie.common.exception.SoapException;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class MissingGetDirectoryModificationsRequestException extends SoapException
+{
+ public MissingGetDirectoryModificationsRequestException()
+ {
+ super("Missing or invalid urn:ihe:iti:csd:2013:GetDirectoryModificationsRequest action.");
+ }
+}
=== removed file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java 2014-01-17 06:14:44 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestElement.java 1970-01-01 00:00:00 +0000
@@ -1,42 +0,0 @@
-package org.hisp.dhis.web.ohie.csd.exception;
-
-/*
- * Copyright (c) 2004-2013, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.web.ohie.common.exception.SoapException;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class MissingGetModificationsRequestElement extends SoapException
-{
- public MissingGetModificationsRequestElement()
- {
- super( "Missing urn:ihe:iti:csd:2013:GetModificationsRequest element." );
- }
-}
=== added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingGetModificationsRequestException.java 2014-01-17 07:31:46 +0000
@@ -0,0 +1,42 @@
+package org.hisp.dhis.web.ohie.csd.exception;
+
+/*
+ * Copyright (c) 2004-2013, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.web.ohie.common.exception.SoapException;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class MissingGetModificationsRequestException extends SoapException
+{
+ public MissingGetModificationsRequestException()
+ {
+ super( "Missing urn:ihe:iti:csd:2013:GetModificationsRequest element." );
+ }
+}
=== added file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/exception/MissingLastModifiedException.java 2014-01-17 07:31:46 +0000
@@ -0,0 +1,42 @@
+package org.hisp.dhis.web.ohie.csd.exception;
+
+/*
+ * Copyright (c) 2004-2013, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.web.ohie.common.exception.SoapException;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class MissingLastModifiedException extends SoapException
+{
+ public MissingLastModifiedException()
+ {
+ super("Missing urn:ihe:iti:csd:2013:lastModified element.");
+ }
+}
=== modified file 'dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java'
--- dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java 2014-01-17 06:14:44 +0000
+++ dhis-2/dhis-web/dhis-web-ohie/src/main/java/org/hisp/dhis/web/ohie/csd/webapi/CsdController.java 2014-01-17 07:31:46 +0000
@@ -49,7 +49,9 @@
import org.hisp.dhis.web.ohie.csd.domain.Person;
import org.hisp.dhis.web.ohie.csd.domain.Record;
import org.hisp.dhis.web.ohie.csd.domain.Service;
-import org.hisp.dhis.web.ohie.csd.exception.MissingGetModificationsRequestElement;
+import org.hisp.dhis.web.ohie.csd.exception.MissingGetDirectoryModificationsRequestException;
+import org.hisp.dhis.web.ohie.csd.exception.MissingGetModificationsRequestException;
+import org.hisp.dhis.web.ohie.csd.exception.MissingLastModifiedException;
import org.hisp.dhis.web.ohie.fred.webapi.v1.utils.GeoUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
@@ -76,6 +78,8 @@
@RequestMapping( value = "/csd" )
public class CsdController
{
+ private static String SOAP_CONTENT_TYPE = "application/soap+xml";
+
// -------------------------------------------------------------------------
// Dependencies
// -------------------------------------------------------------------------
@@ -117,12 +121,14 @@
Object o = unmarshaller.unmarshal( request.getInputStream() );
Envelope env = (Envelope) o;
+ validateRequest( env );
+
List<OrganisationUnit> organisationUnits = getOrganisationUnits( env );
Csd csd = createCsd( organisationUnits );
Envelope envelope = createResponse( csd, env.getHeader().getMessageID().getValue() );
- response.setContentType( "application/soap+xml" );
+ response.setContentType( SOAP_CONTENT_TYPE );
marshaller.marshal( envelope, response.getOutputStream() );
}
@@ -135,7 +141,7 @@
envelope.getBody().getFault().getCode().getValue().setValue( ex.getFaultCode() );
envelope.getBody().getFault().getReason().getText().setValue( ex.getMessage() );
- response.setContentType( "application/soap+xml" );
+ response.setContentType( SOAP_CONTENT_TYPE );
marshaller.marshal( envelope, response.getOutputStream() );
}
@@ -144,18 +150,42 @@
// Helpers
// -------------------------------------------------------------------------
- private List<OrganisationUnit> getOrganisationUnits( Envelope envelope ) throws MissingGetModificationsRequestElement
- {
- Date lastModified;
-
- try
- {
- lastModified = envelope.getBody().getGetModificationsRequest().getLastModified();
- }
- catch ( NullPointerException ex )
- {
- throw new MissingGetModificationsRequestElement();
- }
+ private void validateRequest( Envelope env )
+ {
+ if ( !"urn:ihe:iti:csd:2013:GetDirectoryModificationsRequest".equals(
+ env.getHeader().getAction().getValue() ) )
+ {
+ throw new MissingGetDirectoryModificationsRequestException();
+ }
+
+ try
+ {
+ if ( env.getBody().getGetModificationsRequest() == null )
+ {
+ throw new MissingGetModificationsRequestException();
+ }
+ }
+ catch ( NullPointerException ex )
+ {
+ throw new SoapException();
+ }
+
+ try
+ {
+ if ( env.getBody().getGetModificationsRequest().getLastModified() == null )
+ {
+ throw new MissingLastModifiedException();
+ }
+ }
+ catch ( NullPointerException ex )
+ {
+ throw new SoapException();
+ }
+ }
+
+ private List<OrganisationUnit> getOrganisationUnits( Envelope envelope ) throws MissingGetModificationsRequestException
+ {
+ Date lastModified = envelope.getBody().getGetModificationsRequest().getLastModified();
return new ArrayList<OrganisationUnit>(
organisationUnitService.getAllOrganisationUnitsByLastUpdated( lastModified ) );
