author | František Kučera <franta-hg@frantovo.cz> |
Sun Jul 10 19:01:03 2011 +0200 (2011-07-10) | |
changeset 183 | 96abaf49fc7a |
parent 174 | ca3c7dd220fe |
permissions | -rw-r--r-- |
franta-hg@110 | 1 |
package cz.frantovo.nekurak.rest; |
franta-hg@110 | 2 |
|
franta-hg@174 | 3 |
import cz.frantovo.nekurak.posluchac.OchranaProtiCSRF; |
franta-hg@110 | 4 |
import cz.frantovo.nekurak.util.HttpPozadavek; |
franta-hg@110 | 5 |
import cz.frantovo.nekurak.web.HledacSluzby; |
franta-hg@110 | 6 |
import cz.frantovo.nekurak.xml.HlasXML; |
franta-hg@110 | 7 |
import javax.servlet.http.HttpServletRequest; |
franta-hg@110 | 8 |
import javax.ws.rs.Consumes; |
franta-hg@110 | 9 |
import javax.ws.rs.POST; |
franta-hg@110 | 10 |
import javax.ws.rs.Path; |
franta-hg@110 | 11 |
import javax.ws.rs.Produces; |
franta-hg@110 | 12 |
import javax.ws.rs.core.Context; |
franta-hg@110 | 13 |
|
franta-hg@110 | 14 |
@Path("hlas") |
franta-hg@110 | 15 |
public class HlasovaniREST { |
franta-hg@110 | 16 |
|
franta-hg@145 | 17 |
@Context |
franta-hg@145 | 18 |
HttpServletRequest pozadavek; |
franta-hg@145 | 19 |
private static final String MIME_XML = "text/xml"; |
franta-hg@145 | 20 |
private static final String MIME_TEXT = "text/plain"; |
franta-hg@145 | 21 |
private HledacSluzby hledac = new HledacSluzby(); |
franta-hg@110 | 22 |
|
franta-hg@145 | 23 |
@POST |
franta-hg@145 | 24 |
@Consumes(MIME_XML) |
franta-hg@145 | 25 |
@Produces(MIME_TEXT) |
franta-hg@145 | 26 |
public String hlasuj(HlasXML xml) { |
franta-hg@174 | 27 |
zkontrolujCSRF(pozadavek, xml); |
franta-hg@145 | 28 |
hledac.getPodnikEJB().hlasuj(xml.getPodnik(), xml.isKourit(), HttpPozadavek.getIPadresa(pozadavek)); |
franta-hg@145 | 29 |
return "ok"; |
franta-hg@145 | 30 |
} |
franta-hg@174 | 31 |
|
franta-hg@174 | 32 |
private static void zkontrolujCSRF(HttpServletRequest pozadavek, HlasXML xml) throws RuntimeException { |
franta-hg@174 | 33 |
String csrfTokenOcekavany = (String) pozadavek.getSession().getAttribute(OchranaProtiCSRF.NAZEV_ATRIBUTU); |
franta-hg@174 | 34 |
String csrfTokenObdrzeny = xml.getCsrfToken(); |
franta-hg@174 | 35 |
if (csrfTokenOcekavany == null || !csrfTokenOcekavany.equals(csrfTokenObdrzeny)) { |
franta-hg@183 | 36 |
String hláška = String.format("CSRF token zaslaný klientem neodpovídá očekávanému. '%1s' != '%2s'", csrfTokenOcekavany, csrfTokenObdrzeny); |
franta-hg@183 | 37 |
throw new RuntimeException(hláška); |
franta-hg@174 | 38 |
} |
franta-hg@174 | 39 |
} |
franta-hg@110 | 40 |
} |