All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • com.jslsolucoes.jax.rs.server.ee.JsonMessageBodyReader Maven / Gradle / Ivy

    There is a newer version: 1.0.32
    Show newest version
    package com.jslsolucoes.jax.rs.server.ee;

import java.io.IOException;

import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.lang.reflect.Type;
import java.nio.charset.Charset;
import java.util.Arrays;

import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.MessageBodyReader;
import javax.ws.rs.ext.Provider;

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.jslsolucoes.jax.rs.provider.se.ObjectMapper;
import com.jslsolucoes.jax.rs.server.ee.annotation.XssPolicy;
import com.jslsolucoes.jax.rs.server.ee.annotation.XssPolicyType;

@Provider
@Consumes(MediaType.APPLICATION_JSON)
public class JsonMessageBodyReader implements MessageBodyReader {

    private static final Logger logger = LoggerFactory.getLogger(JsonMessageBodyReader.class);

    @Context
    private ResourceInfo resourceInfo;

    private ObjectMapper objectMapper;

    @Deprecated
    public JsonMessageBodyReader() {

    }

    @Inject
    public JsonMessageBodyReader(ObjectMapper objectMapper) {
	this.objectMapper = objectMapper;
    }

    @Override
    public boolean isReadable(Class type, Type genericType, Annotation[] annotations, MediaType mediaType) {
	return true;
    }

    @Override
    public Object readFrom(Class type, Type genericType, Annotation[] annotations, MediaType mediaType,
	    MultivaluedMap httpHeaders, InputStream inputStream)
	    throws IOException, WebApplicationException {
	
	String json = IOUtils.toString(inputStream, Charset.forName("UTF-8"));
	
	if (!StringUtils.isEmpty(json)) {
	    XssPolicy xssPolicy = searchForAnnotation(XssPolicy.class);
	    if (xssPolicy == null || xssPolicy.value().equals(XssPolicyType.REMOVE)) {
		json = removeHtmlTags(json);
	    } else if (xssPolicy.value().equals(XssPolicyType.ESCAPE)) {
		json = escapeHtmlTags(json);
	    }
	    logger.debug("Json to accepts {}", json);
	    return objectMapper.deserialize(json, type);
	} else {
	    logger.debug("Json body is empty");
	    return null;
	}
    }

    private String escapeHtmlTags(String json) {
	return json.replaceAll("<(.*?)>", "<$1>");
    }

    private String removeHtmlTags(String json) {
	return json.replaceAll("<.*?>(.*?)?", "");
    }

    @SuppressWarnings("unchecked")
    private  T searchForAnnotation(Class annotationClazz) {
	Method method = resourceInfo.getResourceMethod();
	if (method != null) {
	    return (T) Arrays.asList(method.getAnnotations()).stream()
		    .filter(annotation -> annotation.annotationType().equals(annotationClazz)).findFirst().orElse(null);
	}
	return null;
    }

}
    
    
    
    

    




    
    
    © 2015 - 2025 Weber Informatics LLC | Privacy Policy