trunk/chemistry-opencmis-server/chemistry-opencmis-server-bindings/src/main/java/org/apache/chemistry/opencmis/server/shared/HttpUtils.java - chemistry-opencmis - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.chemistry.opencmis.server.shared;

 import java.util.Map;

 import javax.servlet.http.HttpServletRequest;

 import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
 import org.apache.chemistry.opencmis.commons.impl.IOUtils;

 public final class HttpUtils {

     private HttpUtils() {
     }

     /**
      * Extracts a string parameter.
      */
     public static String getStringParameter(final HttpServletRequest request, final String name) {
         assert request != null;

         if (name == null) {
             return null;
         }

         @SuppressWarnings("unchecked")
         Map<String, String[]> parameters = request.getParameterMap();

         if (parameters != null) {
             for (Map.Entry<String, String[]> parameter : parameters.entrySet()) {
                 if (name.equalsIgnoreCase(parameter.getKey())) {
                     if (parameter.getValue() == null) {
                         return null;
                     }
                     return parameter.getValue()[0];
                 }
             }
         }

         return null;
     }

     /**
      * Splits the path into its fragments.
      */
     public static String[] splitPath(final HttpServletRequest request) {
         assert request != null;

         int prefixLength = request.getContextPath().length() + request.getServletPath().length();
         String p = request.getRequestURI().substring(prefixLength);

         if (p.length() == 0) {
             return new String[0];
         }

         String[] result = p.substring(1).split("/");
         for (int i = 0; i < result.length; i++) {
             result[i] = IOUtils.decodeURL(result[i]);

             // check for malicious characters
             for (int j = 0; j < result[i].length(); j++) {
                 char c = result[i].charAt(j);
                 if (c == '\n' || c == '\r' || c == '\b' || c == 0) {
                     throw new CmisInvalidArgumentException("Invalid path!");
                 }
             }
         }

         return result;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.chemistry.opencmis.server.shared;

	import java.util.Map;

	import javax.servlet.http.HttpServletRequest;

	import org.apache.chemistry.opencmis.commons.exceptions.CmisInvalidArgumentException;
	import org.apache.chemistry.opencmis.commons.impl.IOUtils;

	public final class HttpUtils {

	private HttpUtils() {
	}

	/**
	* Extracts a string parameter.
	*/
	public static String getStringParameter(final HttpServletRequest request, final String name) {
	assert request != null;

	if (name == null) {
	return null;
	}

	@SuppressWarnings("unchecked")
	Map<String, String[]> parameters = request.getParameterMap();

	if (parameters != null) {
	for (Map.Entry<String, String[]> parameter : parameters.entrySet()) {
	if (name.equalsIgnoreCase(parameter.getKey())) {
	if (parameter.getValue() == null) {
	return null;
	}
	return parameter.getValue()[0];
	}
	}
	}

	return null;
	}

	/**
	* Splits the path into its fragments.
	*/
	public static String[] splitPath(final HttpServletRequest request) {
	assert request != null;

	int prefixLength = request.getContextPath().length() + request.getServletPath().length();
	String p = request.getRequestURI().substring(prefixLength);

	if (p.length() == 0) {
	return new String[0];
	}

	String[] result = p.substring(1).split("/");
	for (int i = 0; i < result.length; i++) {
	result[i] = IOUtils.decodeURL(result[i]);

	// check for malicious characters
	for (int j = 0; j < result[i].length(); j++) {
	char c = result[i].charAt(j);
	if (c == '\n' \|\| c == '\r' \|\| c == '\b' \|\| c == 0) {
	throw new CmisInvalidArgumentException("Invalid path!");
	}
	}
	}

	return result;
	}
	}