From 81c567c8cbac189162886ab09f8d3cbe1d1cfa6a Mon Sep 17 00:00:00 2001
From: gmantele <gmantele@ari.uni-heidelberg.de>
Date: Wed, 27 Sep 2017 13:00:28 +0200
Subject: [PATCH] [UWS] Fix HTTP request for job destruction.
Until now, it was possible to destroy the job by posting ACTION=DELETE
with a URL like below:
{root-uws}/{job-list}/{job-id}/foo/bar
That is completely wrong. The correct URL for this action must always be:
{root-uws}/{job-list}/{job-id}
This commit fixes this error in UWSServlet and UWSService.
---
src/uws/service/UWSServlet.java | 10 ++++-----
src/uws/service/actions/DestroyJob.java | 27 +++++++++++++------------
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/src/uws/service/UWSServlet.java b/src/uws/service/UWSServlet.java
index 7416f9b..9c4e2d9 100644
--- a/src/uws/service/UWSServlet.java
+++ b/src/uws/service/UWSServlet.java
@@ -398,16 +398,16 @@ public abstract class UWSServlet extends HttpServlet implements UWS, UWSFactory
uwsAction = UWSAction.ADD_JOB;
doAddJob(requestUrl, req, resp, user);
+ }// DESTROY JOB:
+ else if (requestUrl.hasJobList() && requestUrl.hasJob() && requestUrl.getAttributes().length == 0 && UWSToolBox.hasParameter(UWSJob.PARAM_ACTION, UWSJob.ACTION_DELETE, req, false)){
+ uwsAction = UWSAction.DESTROY_JOB;
+ doDestroyJob(requestUrl, req, resp, user);
+
}// SET JOB's UWS STANDARD PARAMETER
else if (requestUrl.hasJobList() && requestUrl.hasJob() && requestUrl.getAttributes().length == 1 && requestUrl.getAttributes()[0].toLowerCase().matches(UWSParameters.UWS_RW_PARAMETERS_REGEXP) && UWSToolBox.hasParameter(requestUrl.getAttributes()[0], req, false)){
uwsAction = UWSAction.SET_UWS_PARAMETER;
doSetUWSParameter(requestUrl, req, resp, user);
- }// DESTROY JOB:
- else if (requestUrl.hasJobList() && requestUrl.hasJob() && UWSToolBox.hasParameter(UWSJob.PARAM_ACTION, UWSJob.ACTION_DELETE, req, false)){
- uwsAction = UWSAction.DESTROY_JOB;
- doDestroyJob(requestUrl, req, resp, user);
-
}// SET JOB PARAMETER:
else if (requestUrl.hasJobList() && requestUrl.hasJob() && (!requestUrl.hasAttribute() || requestUrl.getAttributes().length == 1 && requestUrl.getAttributes()[0].equalsIgnoreCase(UWSJob.PARAM_PARAMETERS)) && UWSToolBox.getNbParameters(req) > 0){
uwsAction = UWSAction.SET_JOB_PARAM;
diff --git a/src/uws/service/actions/DestroyJob.java b/src/uws/service/actions/DestroyJob.java
index f2629e1..41a7dd7 100644
--- a/src/uws/service/actions/DestroyJob.java
+++ b/src/uws/service/actions/DestroyJob.java
@@ -2,21 +2,21 @@ package uws.service.actions;
/*
* This file is part of UWSLibrary.
- *
+ *
* UWSLibrary is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* UWSLibrary is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Lesser General Public License
* along with UWSLibrary. If not, see <http://www.gnu.org/licenses/>.
- *
- * Copyright 2012-2015 - UDS/Centre de Données astronomiques de Strasbourg (CDS),
+ *
+ * Copyright 2012-2017 - UDS/Centre de Données astronomiques de Strasbourg (CDS),
* Astronomisches Rechen Institut (ARI)
*/
@@ -36,14 +36,14 @@ import uws.service.log.UWSLog.LogLevel;
/**
* <p>The "Destroy Job" action of a UWS.</p>
- *
+ *
* <p><i><u>Note:</u> The corresponding name is {@link UWSAction#DESTROY_JOB}.</i></p>
- *
+ *
* <p>This action destroys the job specified in the UWS URL.
* The response of this action is a redirection to the jobs list.</p>
- *
+ *
* @author Grégory Mantelet (CDS;ARI)
- * @version 4.1 (04/2015)
+ * @version 4.2 (09/2017)
*/
public class DestroyJob extends UWSAction {
private static final long serialVersionUID = 1L;
@@ -71,27 +71,28 @@ public class DestroyJob extends UWSAction {
* <ul>
* <li>a job list name is specified in the given UWS URL <i>(<u>note:</u> the existence of the jobs list is not checked)</i>,</li>
* <li>a job ID is given in the UWS URL <i>(<u>note:</u> the existence of the job is not checked)</i>,</li>
+ * <li>no job attribute is specified in the URL <i>(i.e. {uws-root}/{jobs}/{job-id})</i>,</li>
* <li>the HTTP method is HTTP-DELETE...</li>
* <li>...<b>or</b> the HTTP method is HTTP-POST <b>and</b> there is the parameter {@link UWSJob#PARAM_ACTION PARAM_ACTION} (=ACTION) with the value {@link UWSJob#ACTION_DELETE ACTION_DELETE} (=DELETE).</li>
* </ul>
- *
+ *
* @see uws.service.actions.UWSAction#match(UWSUrl, JobOwner, HttpServletRequest)
*/
@Override
public boolean match(UWSUrl urlInterpreter, JobOwner user, HttpServletRequest request) throws UWSException{
- return urlInterpreter.hasJobList() && urlInterpreter.hasJob() && (request.getMethod().equalsIgnoreCase("delete") || (request.getMethod().equalsIgnoreCase("post") && UWSToolBox.hasParameter(UWSJob.PARAM_ACTION, UWSJob.ACTION_DELETE, request, false)));
+ return urlInterpreter.hasJobList() && urlInterpreter.hasJob() && urlInterpreter.getAttributes().length == 0 && (request.getMethod().equalsIgnoreCase("delete") || (request.getMethod().equalsIgnoreCase("post") && UWSToolBox.hasParameter(UWSJob.PARAM_ACTION, UWSJob.ACTION_DELETE, request, false)));
}
/**
* Gets the specified jobs list <i>(throw an error if not found)</i>,
* gets the specified job <i>(throw an error if not found)</i>,
* destroys the job and makes a redirection to the jobs list.
- *
+ *
* @see #getJobsList(UWSUrl)
* @see #getJob(UWSUrl, JobList)
* @see JobList#destroyJob(String,JobOwner)
* @see UWSService#redirect(String, HttpServletRequest, JobOwner, String, HttpServletResponse)
- *
+ *
* @see uws.service.actions.UWSAction#apply(UWSUrl, JobOwner, HttpServletRequest, HttpServletResponse)
*/
@Override
--
GitLab