Adding Header check to archiva rest services

author: Martin Stockhammer <martin_s@apache.org> 2017-01-31 22:56:50 +0100
committer: Martin Stockhammer <martin_s@apache.org> 2017-01-31 22:56:50 +0100
commit: fc41a798858b6362a50f4b49e28028d328246602 (patch)
tree: 584ca4c59620a40940d265f3d9c91797ed4c4f92
parent: 65e04d66ce60621663effbcc35cd48c7e3da7ceb (diff)
download: archiva-fc41a798858b6362a50f4b49e28028d328246602.tar.gz
archiva-fc41a798858b6362a50f4b49e28028d328246602.zip
3 files changed, 12 insertions, 0 deletions
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/resources/META-INF/spring-context.xml b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/resources/META-INF/spring-context.xml
index 77d365cbc..c9e677db6 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/resources/META-INF/spring-context.xml
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/main/resources/META-INF/spring-context.xml
@@ -52,6 +52,7 @@
       <ref bean="jsonProvider"/>
       <ref bean="authenticationInterceptor#rest"/>
       <ref bean="permissionInterceptor#rest"/>
+      <ref bean="requestValidationInterceptor#rest" />
       <ref bean="archivaRestServiceExceptionMapper"/>
     </jaxrs:providers>
 
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/AbstractArchivaRestTest.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/AbstractArchivaRestTest.java
index 2453e6af8..acf9df5b0 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/AbstractArchivaRestTest.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/AbstractArchivaRestTest.java
@@ -138,6 +138,7 @@ public abstract class AbstractArchivaRestTest
         {
             WebClient.client( service ).header( "Authorization", authzHeader );
         }
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 100000000 );
         WebClient.client( service ).accept( MediaType.APPLICATION_JSON_TYPE );
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
@@ -200,6 +201,7 @@ public abstract class AbstractArchivaRestTest
                                        Collections.singletonList( new JacksonJaxbJsonProvider() ) );
 
         WebClient.client( service ).header( "Authorization", authorizationHeader );
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 300000 );
         WebClient.client( service ).accept( MediaType.APPLICATION_JSON_TYPE );
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
@@ -214,6 +216,7 @@ public abstract class AbstractArchivaRestTest
                                        Collections.singletonList( new JacksonJaxbJsonProvider() ) );
 
         WebClient.client( service ).header( "Authorization", authorizationHeader );
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 300000 );
         WebClient.client( service ).accept( MediaType.APPLICATION_JSON_TYPE );
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
@@ -231,6 +234,8 @@ public abstract class AbstractArchivaRestTest
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
 
         WebClient.client( service ).header( "Authorization", authorizationHeader );
+        WebClient.client(service).header("Referer","http://localhost:"+port);
+
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 300000 );
         return service;
     }
@@ -246,6 +251,7 @@ public abstract class AbstractArchivaRestTest
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
 
         WebClient.client( service ).header( "Authorization", authorizationHeader );
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 300000 );
         return service;
     }
@@ -262,6 +268,7 @@ public abstract class AbstractArchivaRestTest
         {
             WebClient.client( service ).header( "Authorization", authzHeader );
         }
+        WebClient.client(service).header("Referer","http://localhost:"+port);
 
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 100000000 );
         if ( useXml )
@@ -291,6 +298,7 @@ public abstract class AbstractArchivaRestTest
         {
             WebClient.client( service ).header( "Authorization", authzHeader );
         }
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         // to configure read timeout
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 100000000 );
         // if you want to use json as exchange format xml is supported too
@@ -312,6 +320,7 @@ public abstract class AbstractArchivaRestTest
         {
             WebClient.client( service ).header( "Authorization", authzHeader );
         }
+        WebClient.client(service).header("Referer","http://localhost:"+port);
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 100000000 );
         WebClient.client( service ).accept( MediaType.APPLICATION_JSON_TYPE );
         WebClient.client( service ).type( MediaType.APPLICATION_JSON_TYPE );
diff --git a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoryGroupServiceTest.java b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoryGroupServiceTest.java
index 017505859..1fee4a342 100644
--- a/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoryGroupServiceTest.java
+++ b/archiva-modules/archiva-web/archiva-rest/archiva-rest-services/src/test/java/org/apache/archiva/rest/services/RepositoryGroupServiceTest.java
@@ -39,6 +39,8 @@ public class RepositoryGroupServiceTest
     {
         RepositoryGroupService service = getRepositoryGroupService();
         WebClient.client( service ).header( "Authorization", authorizationHeader );
+        WebClient.client(service).header("Referer","http://localhost:"+port);
+
         WebClient.getConfig( service ).getHttpConduit().getClient().setReceiveTimeout( 300000 );
 
         assertTrue( service.getRepositoriesGroups().isEmpty() );
author	Martin Stockhammer <martin_s@apache.org>	2017-01-31 22:56:50 +0100
committer	Martin Stockhammer <martin_s@apache.org>	2017-01-31 22:56:50 +0100
commit	fc41a798858b6362a50f4b49e28028d328246602 (patch)
tree	584ca4c59620a40940d265f3d9c91797ed4c4f92
parent	65e04d66ce60621663effbcc35cd48c7e3da7ceb (diff)
download	archiva-fc41a798858b6362a50f4b49e28028d328246602.tar.gz archiva-fc41a798858b6362a50f4b49e28028d328246602.zip