[opencms-dev] question/potential modification to OpenCmsServlet
Marc Johnson
originalstoic at yahoo.com
Fri Sep 26 01:26:47 CEST 2014
Hello list and especially keepers and curators of the opencms source code, this question is mostly for you but it could be for anyone whose worked extensively with OpenCmsServlet.
I inherited an OpenCms project a while back where the previous developer had riddled the Opencms source code with a bunch of mostly unnecessary customization that made it impossible to upgrade to newer versions. It was stuck at 7.0.1
As I've been settling a ton of technical debt, I've removed all but one src code modification and been upgrading to newer versions of OpenCms but I've carried that one forward in org.opencms.main.OpenCmsServlet that I think could be useful.
in 8.5.1 the invokeHandler goes from
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
protected void invokeHandler(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
String name = OpenCmsCore.getInstance().getPathInfo(req).substring(HANDLE_PATH.length());
int iIndex = name.indexOf( "/" );
if ( iIndex >= 0 ) {
name = name.substring( 0, iIndex );
}
I_CmsRequestHandler handler = OpenCmsCore.getInstance().getRequestHandler(name);
if (handler != null) {
handler.handle(req, res, name);
} else {
openErrorHandler(req, res, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
essentially it allows for the path to the servlet to still find a match for the handler even if there's some random runtime generated stuff in it that the handler (that you design) will correctly interpret
In my case it's a captcha with the random string generating an image captcha on the fly based upon the value passed to it (/handleCaptcha/148af064124/captcha.jpg)
I thought to rip this whole thing out and use the official captcha code, but it works fine as long as I keep the customization.
Is there some better way for me to do this w/o the customization? (for example can the handler be a regex the way you could specify for a servlet in the web.xml?)
Does this seem insecure to you in any way?
Is this something that jibes with the purpose/usage of the OpenCmsServlet that you think might be useful to include in upgrades?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20140925/922a4d7e/attachment.htm>
More information about the opencms-dev
mailing list