Require namespace and apiVersion for PUT request In order to prevent accidentally overwriting complete projects or extensions with unrelated content we now require namespace and apiVersion attributes in a PUT request. Change-Id: I1062d414741566807f41e6da2f3a72a067de2849 Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>

commit: 9e79dc8d9495168bd2d69e9b86cdcf2f177db0d2 [log] [tgz]
author: Michael Ochmann <michael.ochmann@sap.com> Mon Nov 16 16:43:28 2015 +0100
committer: Michael Ochmann <michael.ochmann@sap.com> Tue Nov 17 13:05:14 2015 +0100
tree: bdde9ff78aef0b0cf325cd23b6bf75718caedfe9
parent: 6b45a50974f22f9bd3ec4d4aa1e43a23842a4288 [diff]
diff --git a/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/CommonProjectConverter.java b/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/CommonProjectConverter.java
index 78eeb22..d80a982 100644
--- a/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/CommonProjectConverter.java
+++ b/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/CommonProjectConverter.java

@@ -20,6 +20,7 @@
 import java.util.SortedSet;
 import java.util.UUID;
 
+import org.apache.commons.lang.StringUtils;
 import org.eclipse.skalli.commons.CollectionUtils;
 import org.eclipse.skalli.commons.XMLUtils;
 import org.eclipse.skalli.model.Derived;
@@ -230,22 +231,14 @@
 
     @SuppressWarnings("nls")
     private Project unmarshal(Project project) throws RestException, IOException {
+        String apiVersion = null;
+        String namespace = null;
         reader.object();
         while (reader.hasMore()) {
             if (reader.isKeyAnyOf("apiVersion")) {
-                String apiVersion = reader.attributeString();
-                if (!getApiVersion().equals(apiVersion)) {
-                    throw new RestException(MessageFormat.format(
-                            "Unsupported API version (requested: ''{0}'', expected: ''{1}'')",
-                            apiVersion, getApiVersion()));
-                }
-            } else if (reader.isKeyAnyOf(XMLUtils.XMLNS)) {
-                String namespace = reader.attributeString();
-                if (!getNamespace().equals(namespace)) {
-                    throw new RestException(MessageFormat.format(
-                            "Unsupported namespace (requested: ''{0}'', expected: ''{1}'')",
-                            namespace, getNamespace()));
-                }
+                apiVersion = reader.attributeString();
+            } else if (reader.isKeyAnyOf(XMLUtils.XMLNS, "namespace")) {
+                namespace = reader.attributeString();
             } else if (reader.isKey("id")) {
                 project.setProjectId(reader.valueString());
             } else if (reader.isKey("name")) {
@@ -267,6 +260,22 @@
             }
         }
         reader.end();
+        if (StringUtils.isBlank(apiVersion)) {
+            throw new RestException("Missing required apiVersion attribute");
+        }
+        if (!getApiVersion().equals(apiVersion)) {
+            throw new RestException(MessageFormat.format(
+                    "Unsupported API version (requested: ''{0}'', expected: ''{1}'')",
+                    apiVersion, getApiVersion()));
+        }
+        if (StringUtils.isBlank(namespace)) {
+            throw new RestException("Missing required namespace attribute");
+        }
+        if (!getNamespace().equals(namespace)) {
+            throw new RestException(MessageFormat.format(
+                    "Unsupported namespace (requested: ''{0}'', expected: ''{1}'')",
+                    namespace, getNamespace()));
+        }
         return project;
     }
 

diff --git a/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/InheritableExtensionConverter.java b/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/InheritableExtensionConverter.java
index bce4721..30751ca 100644
--- a/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/InheritableExtensionConverter.java
+++ b/org.eclipse.skalli.core/src/main/java/org/eclipse/skalli/core/rest/resources/InheritableExtensionConverter.java

@@ -13,6 +13,7 @@
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import org.apache.commons.lang.StringUtils;
 import org.eclipse.skalli.commons.XMLUtils;
 import org.eclipse.skalli.model.Derived;
 import org.eclipse.skalli.model.ExtensionEntityBase;
@@ -83,23 +84,15 @@
 
     @SuppressWarnings("nls")
     private void unmarshallCommonAttributes(InheritableExtension inheritable) throws IOException, RestException {
+        String apiVersion = null;
+        String namespace = null;
         while (reader.hasMore()) {
             if (reader.isKeyAnyOf("inherited")) {
                 inheritable.setInherited(reader.attributeBoolean());
             } else if (reader.isKeyAnyOf("apiVersion")) {
-                String apiVersion = reader.attributeString();
-                if (!getApiVersion().equals(apiVersion)) {
-                    throw new RestException(MessageFormat.format(
-                            "Unsupported API version (requested: ''{0}'', expected: ''{1}'')",
-                            apiVersion, getApiVersion()));
-                }
-            } else if (reader.isKeyAnyOf(XMLUtils.XMLNS)) {
-                String namespace = reader.attributeString();
-                if (!getNamespace().equals(namespace)) {
-                    throw new RestException(MessageFormat.format(
-                            "Unsupported namespace (requested: ''{0}'', expected: ''{1}'')",
-                            namespace, getNamespace()));
-                }
+                apiVersion = reader.attributeString();
+            } else if (reader.isKeyAnyOf(XMLUtils.XMLNS, "namespace")) {
+                namespace = reader.attributeString();
             } else if (reader.isKeyAnyOf(XMLUtils.XMLNS_XSI, XMLUtils.XSI_SCHEMA_LOCATION,
                     "lastModified", "lastModifiedMillis", "modifiedBy", "derived")) {
                 // ignore these attributes
@@ -109,6 +102,22 @@
                 break;
             }
         }
+        if (StringUtils.isBlank(apiVersion)) {
+            throw new RestException("Missing required apiVersion attribute");
+        }
+        if (!getApiVersion().equals(apiVersion)) {
+            throw new RestException(MessageFormat.format(
+                    "Unsupported API version (requested: ''{0}'', expected: ''{1}'')",
+                    apiVersion, getApiVersion()));
+        }
+        if (StringUtils.isBlank(namespace)) {
+            throw new RestException("Missing required namespace attribute");
+        }
+        if (!getNamespace().equals(namespace)) {
+            throw new RestException(MessageFormat.format(
+                    "Unsupported namespace (requested: ''{0}'', expected: ''{1}'')",
+                    namespace, getNamespace()));
+        }
     }
 
     @Override
commit	9e79dc8d9495168bd2d69e9b86cdcf2f177db0d2	[log] [tgz]
author	Michael Ochmann <michael.ochmann@sap.com>	Mon Nov 16 16:43:28 2015 +0100
committer	Michael Ochmann <michael.ochmann@sap.com>	Tue Nov 17 13:05:14 2015 +0100
tree	bdde9ff78aef0b0cf325cd23b6bf75718caedfe9
parent	6b45a50974f22f9bd3ec4d4aa1e43a23842a4288 [diff]