src/main/java/org/apache/sling/scripting/core/impl/SlingBindingsVariablesListJsonServlet.java - sling-org-apache-sling-scripting-core - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sling.scripting.core.impl;

 import java.io.IOException;
 import java.util.Collection;
 import java.util.Map;

 import javax.script.Bindings;
 import javax.script.ScriptEngine;
 import javax.script.ScriptEngineFactory;
 import javax.script.ScriptEngineManager;
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.felix.utils.json.JSONWriter;
 import org.apache.felix.webconsole.WebConsoleSecurityProvider;
 import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.SlingHttpServletResponse;
 import org.apache.sling.api.resource.NonExistingResource;
 import org.apache.sling.api.resource.Resource;
 import org.apache.sling.api.scripting.SlingBindings;
 import org.apache.sling.api.scripting.SlingScriptConstants;
 import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
 import org.apache.sling.scripting.api.BindingsValuesProvider;
 import org.apache.sling.scripting.api.BindingsValuesProvidersByContext;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.Constants;
 import org.osgi.service.component.ComponentContext;
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
 import org.osgi.service.component.annotations.Reference;
 import org.osgi.service.component.annotations.ReferenceCardinality;
 import org.osgi.service.component.annotations.ReferencePolicyOption;

 /**
  * Return all scripting variables for all registered scripting languages for the default context (=request).
  * This can only be achieved when a real Sling request and Sling response is available.
  * Also the context (i.e. the resource on which the request is acting) is important,
  * because the actual binding variables might differ depending on the context
  */
 @Component(
     service = Servlet.class,
     property = {
         Constants.SERVICE_VENDOR + "=The Apache Software Foundation",
         "sling.servlet.resourceTypes=sling/servlet/default",
         "sling.servlet.selectors=SLING_availablebindings",
         "sling.servlet.methods=GET",
         "sling.servlet.extensions=json"
     }
 )
 public class SlingBindingsVariablesListJsonServlet extends SlingSafeMethodsServlet {

     /**
      *
      */
     private static final long serialVersionUID = -6744726829737263875L;

     /**
      * The webconsole security provider
      */
     @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
     private WebConsoleSecurityProvider webconsoleSecurity;

     /**
      * The script engine manager.
      */
     @Reference
     private ScriptEngineManager scriptEngineManager;

     /**
      * The BindingsValuesProviderTracker
      */
     @Reference
     private BindingsValuesProvidersByContext bindingsValuesProviderTracker;

     private BundleContext bundleContext;

     private static final String PARAMETER_EXTENSION = "extension";

     @Activate
     protected void activate(ComponentContext context) {
         bundleContext = context.getBundleContext();
     }

     @Override
     protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response)
             throws ServletException, IOException {
         boolean allowed = true;
         if (webconsoleSecurity == null) {
             log("Access forbidden as the WebConsoleSecurity reference is not set");
             allowed = false;
         } else if (!(webconsoleSecurity instanceof WebConsoleSecurityProvider2)) {
             log("Access forbidden as the WebConsoleSecurity reference does not implement WebConsoleSecurityProvider2");
             allowed = false;
         } else if (!((WebConsoleSecurityProvider2)webconsoleSecurity).authenticate(request, response)) {
             log("Access forbidden as the WebConsoleSecurity component returned false");
             // the request is terminated without any more response sent back to the client.
             //    The WebConsoleSecurityProvider2 implementation may have sent auth challenge to the client
             //    in the case of anonymous access.
             allowed = false;
         }
         if (!allowed) {
             if (!response.isCommitted()) {
                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
             }
             return;
         }

         response.setContentType("application/json");
         JSONWriter jsonWriter = new JSONWriter(response.getWriter());
         jsonWriter.array();
         // get filter by engine selector
         String requestedExtension = request.getParameter(PARAMETER_EXTENSION);
         if (requestedExtension != null && !requestedExtension.isEmpty() ) {
             ScriptEngine selectedScriptEngine = scriptEngineManager.getEngineByExtension(requestedExtension);
             if (selectedScriptEngine == null) {
                 throw new IllegalArgumentException("Invalid extension requested: "+requestedExtension);
             } else {
                 writeBindingsToJsonWriter(jsonWriter, selectedScriptEngine.getFactory(), request, response);
             }
         } else {
             for (ScriptEngineFactory engineFactory : scriptEngineManager.getEngineFactories()) {
                 writeBindingsToJsonWriter(jsonWriter, engineFactory, request, response);
             }
         }
         jsonWriter.endArray();
     }

     private void writeBindingsToJsonWriter(JSONWriter jsonWriter, ScriptEngineFactory engineFactory, SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
         jsonWriter.object();
         jsonWriter.key("engine");
         jsonWriter.value(engineFactory.getEngineName());
         jsonWriter.key("extensions");
         jsonWriter.value(engineFactory.getExtensions());
         Bindings bindings = getBindingsByEngine(engineFactory, request, response);
         jsonWriter.key("bindings");
         jsonWriter.array();
         for (Map.Entry<String, Object> entry : bindings.entrySet()) {
             jsonWriter.object();
             jsonWriter.key("name");
             jsonWriter.value(entry.getKey());
             jsonWriter.key("class");
             jsonWriter.value(entry.getValue() == null ? "&lt;NO VALUE&gt;" : entry.getValue().getClass().getName());
             jsonWriter.endObject();
         }
         jsonWriter.endArray();
         jsonWriter.endObject();
     }

     /**
      * Gets the {@link Bindings} object for the given {@link ScriptEngineFactory}.
      * It only considers the default context "request".
      *
      * @see <a href="https://issues.apache.org/jira/browse/SLING-3038">binding contexts(SLING-3083)</a>
      *
      * @param scriptEngineFactory the factory of the script engine, for which to retrieve the bindings
      * @param request the current request (necessary to create the bindings)
      * @param response the current response (necessary to create the bindings)
      * @return the bindings (list of key/value pairs) as defined by {@link Bindings} for the given script engine.
      * @throws IOException
      */
     private Bindings getBindingsByEngine(ScriptEngineFactory scriptEngineFactory, SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
         String context = SlingScriptAdapterFactory.BINDINGS_CONTEXT; // use default context only
         final Collection<BindingsValuesProvider> bindingsValuesProviders =
                 bindingsValuesProviderTracker.getBindingsValuesProviders(scriptEngineFactory, context);

         Resource invalidScriptResource = new NonExistingResource(request.getResourceResolver(), "some/invalid/scriptpath");
         DefaultSlingScript defaultSlingScript = new DefaultSlingScript(bundleContext, invalidScriptResource, scriptEngineFactory.getScriptEngine(), bindingsValuesProviders, null, null);

         // prepare the bindings (similar as in DefaultSlingScript#service)
         final SlingBindings initalBindings = new SlingBindings();
         initalBindings.setRequest(request);
         initalBindings.setResponse(response);
         final Bindings bindings = defaultSlingScript.verifySlingBindings(initalBindings);

         // only thing being added in {DefaultSlingScript#call(...)} is resource resolver
         bindings.put(SlingScriptConstants.ATTR_SCRIPT_RESOURCE_RESOLVER, request.getResourceResolver());

         return bindings;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sling.scripting.core.impl;

	import java.io.IOException;
	import java.util.Collection;
	import java.util.Map;

	import javax.script.Bindings;
	import javax.script.ScriptEngine;
	import javax.script.ScriptEngineFactory;
	import javax.script.ScriptEngineManager;
	import javax.servlet.Servlet;
	import javax.servlet.ServletException;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.felix.utils.json.JSONWriter;
	import org.apache.felix.webconsole.WebConsoleSecurityProvider;
	import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
	import org.apache.sling.api.SlingHttpServletRequest;
	import org.apache.sling.api.SlingHttpServletResponse;
	import org.apache.sling.api.resource.NonExistingResource;
	import org.apache.sling.api.resource.Resource;
	import org.apache.sling.api.scripting.SlingBindings;
	import org.apache.sling.api.scripting.SlingScriptConstants;
	import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
	import org.apache.sling.scripting.api.BindingsValuesProvider;
	import org.apache.sling.scripting.api.BindingsValuesProvidersByContext;
	import org.osgi.framework.BundleContext;
	import org.osgi.framework.Constants;
	import org.osgi.service.component.ComponentContext;
	import org.osgi.service.component.annotations.Activate;
	import org.osgi.service.component.annotations.Component;
	import org.osgi.service.component.annotations.Reference;
	import org.osgi.service.component.annotations.ReferenceCardinality;
	import org.osgi.service.component.annotations.ReferencePolicyOption;

	/**
	* Return all scripting variables for all registered scripting languages for the default context (=request).
	* This can only be achieved when a real Sling request and Sling response is available.
	* Also the context (i.e. the resource on which the request is acting) is important,
	* because the actual binding variables might differ depending on the context
	*/
	@Component(
	service = Servlet.class,
	property = {
	Constants.SERVICE_VENDOR + "=The Apache Software Foundation",
	"sling.servlet.resourceTypes=sling/servlet/default",
	"sling.servlet.selectors=SLING_availablebindings",
	"sling.servlet.methods=GET",
	"sling.servlet.extensions=json"
	}
	)
	public class SlingBindingsVariablesListJsonServlet extends SlingSafeMethodsServlet {

	/**
	*
	*/
	private static final long serialVersionUID = -6744726829737263875L;

	/**
	* The webconsole security provider
	*/
	@Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY)
	private WebConsoleSecurityProvider webconsoleSecurity;

	/**
	* The script engine manager.
	*/
	@Reference
	private ScriptEngineManager scriptEngineManager;

	/**
	* The BindingsValuesProviderTracker
	*/
	@Reference
	private BindingsValuesProvidersByContext bindingsValuesProviderTracker;

	private BundleContext bundleContext;

	private static final String PARAMETER_EXTENSION = "extension";

	@Activate
	protected void activate(ComponentContext context) {
	bundleContext = context.getBundleContext();
	}

	@Override
	protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response)
	throws ServletException, IOException {
	boolean allowed = true;
	if (webconsoleSecurity == null) {
	log("Access forbidden as the WebConsoleSecurity reference is not set");
	allowed = false;
	} else if (!(webconsoleSecurity instanceof WebConsoleSecurityProvider2)) {
	log("Access forbidden as the WebConsoleSecurity reference does not implement WebConsoleSecurityProvider2");
	allowed = false;
	} else if (!((WebConsoleSecurityProvider2)webconsoleSecurity).authenticate(request, response)) {
	log("Access forbidden as the WebConsoleSecurity component returned false");
	// the request is terminated without any more response sent back to the client.
	// The WebConsoleSecurityProvider2 implementation may have sent auth challenge to the client
	// in the case of anonymous access.
	allowed = false;
	}
	if (!allowed) {
	if (!response.isCommitted()) {
	response.sendError(HttpServletResponse.SC_FORBIDDEN);
	}
	return;
	}

	response.setContentType("application/json");
	JSONWriter jsonWriter = new JSONWriter(response.getWriter());
	jsonWriter.array();
	// get filter by engine selector
	String requestedExtension = request.getParameter(PARAMETER_EXTENSION);
	if (requestedExtension != null && !requestedExtension.isEmpty() ) {
	ScriptEngine selectedScriptEngine = scriptEngineManager.getEngineByExtension(requestedExtension);
	if (selectedScriptEngine == null) {
	throw new IllegalArgumentException("Invalid extension requested: "+requestedExtension);
	} else {
	writeBindingsToJsonWriter(jsonWriter, selectedScriptEngine.getFactory(), request, response);
	}
	} else {
	for (ScriptEngineFactory engineFactory : scriptEngineManager.getEngineFactories()) {
	writeBindingsToJsonWriter(jsonWriter, engineFactory, request, response);
	}
	}
	jsonWriter.endArray();
	}

	private void writeBindingsToJsonWriter(JSONWriter jsonWriter, ScriptEngineFactory engineFactory, SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
	jsonWriter.object();
	jsonWriter.key("engine");
	jsonWriter.value(engineFactory.getEngineName());
	jsonWriter.key("extensions");
	jsonWriter.value(engineFactory.getExtensions());
	Bindings bindings = getBindingsByEngine(engineFactory, request, response);
	jsonWriter.key("bindings");
	jsonWriter.array();
	for (Map.Entry<String, Object> entry : bindings.entrySet()) {
	jsonWriter.object();
	jsonWriter.key("name");
	jsonWriter.value(entry.getKey());
	jsonWriter.key("class");
	jsonWriter.value(entry.getValue() == null ? "<NO VALUE>" : entry.getValue().getClass().getName());
	jsonWriter.endObject();
	}
	jsonWriter.endArray();
	jsonWriter.endObject();
	}

	/**
	* Gets the {@link Bindings} object for the given {@link ScriptEngineFactory}.
	* It only considers the default context "request".
	*
	* @see <a href="https://issues.apache.org/jira/browse/SLING-3038">binding contexts(SLING-3083)</a>
	*
	* @param scriptEngineFactory the factory of the script engine, for which to retrieve the bindings
	* @param request the current request (necessary to create the bindings)
	* @param response the current response (necessary to create the bindings)
	* @return the bindings (list of key/value pairs) as defined by {@link Bindings} for the given script engine.
	* @throws IOException
	*/
	private Bindings getBindingsByEngine(ScriptEngineFactory scriptEngineFactory, SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
	String context = SlingScriptAdapterFactory.BINDINGS_CONTEXT; // use default context only
	final Collection<BindingsValuesProvider> bindingsValuesProviders =
	bindingsValuesProviderTracker.getBindingsValuesProviders(scriptEngineFactory, context);

	Resource invalidScriptResource = new NonExistingResource(request.getResourceResolver(), "some/invalid/scriptpath");
	DefaultSlingScript defaultSlingScript = new DefaultSlingScript(bundleContext, invalidScriptResource, scriptEngineFactory.getScriptEngine(), bindingsValuesProviders, null, null);

	// prepare the bindings (similar as in DefaultSlingScript#service)
	final SlingBindings initalBindings = new SlingBindings();
	initalBindings.setRequest(request);
	initalBindings.setResponse(response);
	final Bindings bindings = defaultSlingScript.verifySlingBindings(initalBindings);

	// only thing being added in {DefaultSlingScript#call(...)} is resource resolver
	bindings.put(SlingScriptConstants.ATTR_SCRIPT_RESOURCE_RESOLVER, request.getResourceResolver());

	return bindings;
	}
	}