From 3075051aa8ae9a2af4267148da5221687c6da9ba Mon Sep 17 00:00:00 2001 From: Jim Hahn Date: Thu, 12 Sep 2019 17:29:49 -0400 Subject: Report bad-request for invalid YAML Added classes and modified code to report bad-request when a servlet attempts to read invalid YAML. Change-Id: Iacddee92a448fb69d5c778a3c3f3f2b5528983f7 Issue-ID: POLICY-2085 Signed-off-by: Jim Hahn --- .../endpoints/http/server/JsonExceptionMapper.java | 2 +- .../common/endpoints/http/server/RestServer.java | 2 +- .../endpoints/http/server/YamlExceptionMapper.java | 55 ++++++++++++++++++++++ .../http/server/YamlMessageBodyHandler.java | 25 ++++++++-- 4 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlExceptionMapper.java (limited to 'policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http') diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/JsonExceptionMapper.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/JsonExceptionMapper.java index 9ee72f03..55b3a0d5 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/JsonExceptionMapper.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/JsonExceptionMapper.java @@ -42,7 +42,7 @@ public class JsonExceptionMapper implements ExceptionMapper @Override public Response toResponse(JsonSyntaxException exception) { logger.warn("invalid JSON request", exception); - return Response.status(Response.Status.BAD_REQUEST).entity(new SimpleResponse("Invalid JSON request")).build(); + return Response.status(Response.Status.BAD_REQUEST).entity(new SimpleResponse("Invalid request")).build(); } @Getter diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java index decf95f9..43e39d33 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java @@ -100,7 +100,7 @@ public class RestServer extends ServiceManagerContainer { String.valueOf(restServerParameters.isAaf())); props.setProperty(svcpfx + PolicyEndPointProperties.PROPERTY_HTTP_SERIALIZATION_PROVIDER, String.join(",", GsonMessageBodyHandler.class.getName(), YamlMessageBodyHandler.class.getName(), - JsonExceptionMapper.class.getName())); + JsonExceptionMapper.class.getName(), YamlExceptionMapper.class.getName())); return props; } diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlExceptionMapper.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlExceptionMapper.java new file mode 100644 index 00000000..ac96cab0 --- /dev/null +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlExceptionMapper.java @@ -0,0 +1,55 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.common.endpoints.http.server; + +import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; +import javax.ws.rs.ext.ExceptionMapper; +import javax.ws.rs.ext.Provider; +import lombok.Getter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.error.YAMLException; + +/** + * Catches JSON exceptions when decoding a REST request and converts them from an HTTP 500 + * error code to an HTTP 400 error code. + */ +@Provider +@Produces("application/yaml") +public class YamlExceptionMapper implements ExceptionMapper { + private static Logger logger = LoggerFactory.getLogger(YamlExceptionMapper.class); + + @Override + public Response toResponse(YAMLException exception) { + logger.warn("invalid YAML request", exception); + return Response.status(Response.Status.BAD_REQUEST).entity(new SimpleResponse("Invalid request")).build(); + } + + @Getter + private static class SimpleResponse { + private String errorDetails; + + public SimpleResponse(String errorDetails) { + this.errorDetails = errorDetails; + } + } +} diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlMessageBodyHandler.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlMessageBodyHandler.java index ab09c1a6..36418e4a 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlMessageBodyHandler.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/YamlMessageBodyHandler.java @@ -20,11 +20,13 @@ package org.onap.policy.common.endpoints.http.server; +import com.google.gson.JsonSyntaxException; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.io.OutputStreamWriter; +import java.io.Reader; import java.lang.annotation.Annotation; import java.lang.reflect.Type; import java.nio.charset.StandardCharsets; @@ -39,6 +41,7 @@ import org.onap.policy.common.utils.coder.CoderException; import org.onap.policy.common.utils.coder.StandardYamlCoder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.error.YAMLException; /** * Provider that serializes and de-serializes JSON via gson. @@ -72,7 +75,7 @@ public class YamlMessageBodyHandler implements MessageBodyReader, Messag MultivaluedMap httpHeaders, OutputStream entityStream) throws IOException { try (OutputStreamWriter writer = new OutputStreamWriter(entityStream, StandardCharsets.UTF_8)) { - new StandardYamlCoder().encode(writer, object); + new MyYamlCoder().encode(writer, object); } catch (CoderException e) { throw new IOException(e); @@ -101,10 +104,24 @@ public class YamlMessageBodyHandler implements MessageBodyReader, Messag try (InputStreamReader streamReader = new InputStreamReader(entityStream, StandardCharsets.UTF_8)) { Class clazz = (Class) genericType; - return new StandardYamlCoder().decode(streamReader, clazz); + return new MyYamlCoder().decode(streamReader, clazz); + } + } - } catch (CoderException e) { - throw new IOException(e); + /** + * Yaml coder that yields YAMLException on input so that the http servlet can identify + * it and generate a bad-request status code. Only the {@link #decode(Reader, Class)} + * method must be overridden. + */ + private static class MyYamlCoder extends StandardYamlCoder { + @Override + public T decode(Reader source, Class clazz) { + try { + return fromJson(source, clazz); + + } catch (JsonSyntaxException e) { + throw new YAMLException(e); + } } } } -- cgit 1.2.3-korg