@Override @Nonnull protected IReadableResource getResource (@Nonnull final IRequestWebScopeWithoutResponse aRequestScope, @Nonnull final String sFilename) { // URL decode is required because requests contain e.g. "%20" final String sFilename1 = URLHelper.urlDecode (sFilename); return new ClassPathResource (sFilename1); } }
/** * Get the user data object matching the passed request and filename * * @param aRequestScope * HTTP request * @param sFilename * Filename as extracted from the URL * @return Never <code>null</code>. */ @Nonnull @OverrideOnDemand protected UserDataObject getUserDataObject (@Nonnull final IRequestWebScopeWithoutResponse aRequestScope, @Nonnull final String sFilename) { // URL decode is required because requests contain e.g. "%20" final String sFilename1 = URLHelper.urlDecode (sFilename); return new UserDataObject (sFilename1); }
@Override @OverridingMethodsMustInvokeSuper public EContinue initRequestState (@Nonnull final IRequestWebScopeWithoutResponse aRequestScope, @Nonnull final UnifiedResponse aUnifiedResponse) { // cut the leading "/" final String sFilename = URLHelper.urlDecode (aRequestScope.getPathWithinServlet ()); if (StringHelper.hasNoText (sFilename) || !isValidFilenameAccordingToTheRules (sFilename) || isPossibleDirectoryTraversalRequest (sFilename)) { // Send the same error code as if it is simply not found to confuse // attackers :) LOGGER.warn ("Illegal delivery request '" + sFilename + "'"); aUnifiedResponse.setStatus (HttpServletResponse.SC_NOT_FOUND); return EContinue.BREAK; } // Filename seems to be safe aRequestScope.attrs ().putIn (REQUEST_ATTR_OBJECT_DELIVERY_FILENAME, sFilename); return EContinue.CONTINUE; }
final String sDocumentTypeID = URLHelper.urlDecode (sHref.substring (nIndex + URL_PART_SERVICES.length ()), StandardCharsets.UTF_8); final IDocumentTypeIdentifier aDocTypeID = aIdentifierFactory.parseDocumentTypeIdentifier (sDocumentTypeID);
final String sDocumentTypeID = URLHelper.urlDecode (sHref.substring (nIndex + URL_PART_SERVICES.length ()), StandardCharsets.UTF_8); final IDocumentTypeIdentifier aDocTypeID = aIdentifierFactory.parseDocumentTypeIdentifier (sDocumentTypeID);