Marc Johnson
2014-09-25 23:26:47 UTC
Hello list and especially keepers and curators of the opencms source code, this question is mostly for you but it could be for anyone whose worked extensively with OpenCmsServlet.
I inherited an OpenCms project a while back where the previous developer had riddled the Opencms source code with a bunch of mostly unnecessary customization that made it impossible to upgrade to newer versions. It was stuck at 7.0.1
As I've been settling a ton of technical debt, I've removed all but one src code modification and been upgrading to newer versions of OpenCms but I've carried that one forward in org.opencms.main.OpenCmsServlet that I think could be useful.
in 8.5.1 the invokeHandler goes from
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
int iIndex = name.indexOf( "/" );
if ( iIndex >= 0 ) {
name = name.substring( 0, iIndex );
}
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
essentially it allows for the path to the servlet to still find a match for the handler even if there's some random runtime generated stuff in it that the handler (that you design) will correctly interpret
In my case it's a captcha with the random string generating an image captcha on the fly based upon the value passed to it (/handleCaptcha/148af064124/captcha.jpg)
I thought to rip this whole thing out and use the official captcha code, but it works fine as long as I keep the customization.
Is there some better way for me to do this w/o the customization? (for example can the handler be a regex the way you could specify for a servlet in the web.xml?)
Does this seem insecure to you in any way?
Is this something that jibes with the purpose/usage of the OpenCmsServlet that you think might be useful to include in upgrades?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencms.org/pipermail/opencms-dev/attachments/20140925/922a4d7e/attachment.html>
I inherited an OpenCms project a while back where the previous developer had riddled the Opencms source code with a bunch of mostly unnecessary customization that made it impossible to upgrade to newer versions. It was stuck at 7.0.1
As I've been settling a ton of technical debt, I've removed all but one src code modification and been upgrading to newer versions of OpenCms but I've carried that one forward in org.opencms.main.OpenCmsServlet that I think could be useful.
in 8.5.1 the invokeHandler goes from
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
int iIndex = name.indexOf( "/" );
if ( iIndex >= 0 ) {
name = name.substring( 0, iIndex );
}
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
essentially it allows for the path to the servlet to still find a match for the handler even if there's some random runtime generated stuff in it that the handler (that you design) will correctly interpret
In my case it's a captcha with the random string generating an image captcha on the fly based upon the value passed to it (/handleCaptcha/148af064124/captcha.jpg)
I thought to rip this whole thing out and use the official captcha code, but it works fine as long as I keep the customization.
Is there some better way for me to do this w/o the customization? (for example can the handler be a regex the way you could specify for a servlet in the web.xml?)
Does this seem insecure to you in any way?
Is this something that jibes with the purpose/usage of the OpenCmsServlet that you think might be useful to include in upgrades?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencms.org/pipermail/opencms-dev/attachments/20140925/922a4d7e/attachment.html>