Mercurial > dive4elements > river
comparison flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java @ 2098:8284c8fca840
Removed security problem when working with map infos.
flys-artifacts/trunk@3650 c6561f87-3c4e-4783-a992-168aeb5c3f6f
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Wed, 11 Jan 2012 11:54:16 +0000 |
| parents | a18ec861b4a4 |
| children | 247f3e98a14b |
comparison
equal
deleted
inserted
replaced
| 2097:a18ec861b4a4 | 2098:8284c8fca840 |
|---|---|
| 1 package de.intevation.flys.artifacts.services; | 1 package de.intevation.flys.artifacts.services; |
| 2 | 2 |
| 3 import org.apache.log4j.Logger; | 3 import org.apache.log4j.Logger; |
| 4 | 4 |
| 5 import java.util.Map; | |
| 6 import java.util.HashMap; | |
| 7 | |
| 5 import org.w3c.dom.Document; | 8 import org.w3c.dom.Document; |
| 9 import org.w3c.dom.Node; | |
| 6 import org.w3c.dom.Element; | 10 import org.w3c.dom.Element; |
| 11 | |
| 12 import javax.xml.xpath.XPathConstants; | |
| 7 | 13 |
| 8 import com.vividsolutions.jts.geom.Envelope; | 14 import com.vividsolutions.jts.geom.Envelope; |
| 9 | 15 |
| 10 import de.intevation.artifacts.CallMeta; | 16 import de.intevation.artifacts.CallMeta; |
| 11 import de.intevation.artifacts.GlobalContext; | 17 import de.intevation.artifacts.GlobalContext; |
| 31 | 37 |
| 32 /** XPath that points to the river.*/ | 38 /** XPath that points to the river.*/ |
| 33 public static final String XPATH_RIVER = "/mapinfo/river/text()"; | 39 public static final String XPATH_RIVER = "/mapinfo/river/text()"; |
| 34 | 40 |
| 35 public static final String XPATH_RIVER_PROJECTION = | 41 public static final String XPATH_RIVER_PROJECTION = |
| 36 "/artifact-database/floodmap/river[@name='%RIVER%']/srid/@value"; | 42 "/artifact-database/floodmap/river[@name=$river]/srid/@value"; |
| 37 | 43 |
| 38 public static final String XPATH_RIVER_BACKGROUND = | 44 public static final String XPATH_RIVER_BACKGROUND = |
| 39 "/artifact-database/floodmap/river[@name='%RIVER%']/background-wms"; | 45 "/artifact-database/floodmap/river[@name='%RIVER%']/background-wms"; |
| 40 | 46 |
| 41 public static final String XPATH_RIVER_WMS = | 47 public static final String XPATH_RIVER_WMS = |
| 42 "/artifact-database/floodmap/river[@name='%RIVER%']/river-wms/@url"; | 48 "/artifact-database/floodmap/river[@name=$river]/river-wms/@url"; |
| 43 | 49 |
| 44 | 50 |
| 45 /** The logger used in this service.*/ | 51 /** The logger used in this service.*/ |
| 46 private static Logger logger = Logger.getLogger(MapInfoService.class); | 52 private static Logger logger = Logger.getLogger(MapInfoService.class); |
| 47 | 53 |
| 50 * The default constructor. | 56 * The default constructor. |
| 51 */ | 57 */ |
| 52 public MapInfoService() { | 58 public MapInfoService() { |
| 53 } | 59 } |
| 54 | 60 |
| 61 protected static String getStringXPath( | |
| 62 String query, | |
| 63 Map<String, String> variables | |
| 64 ) { | |
| 65 return (String)XMLUtils.xpath( | |
| 66 Config.getConfig(), query, XPathConstants.STRING, | |
| 67 null, variables); | |
| 68 } | |
| 69 | |
| 70 protected static Node getNodeXPath( | |
| 71 String query, | |
| 72 Map<String, String> variables | |
| 73 ) { | |
| 74 return (Node)XMLUtils.xpath( | |
| 75 Config.getConfig(), query, XPathConstants.NODE, | |
| 76 null, variables); | |
| 77 } | |
| 55 | 78 |
| 56 public Document process( | 79 public Document process( |
| 57 Document data, | 80 Document data, |
| 58 GlobalContext globalContext, | 81 GlobalContext globalContext, |
| 59 CallMeta callMeta | 82 CallMeta callMeta |
| 84 Element bbox = cr.create("bbox"); | 107 Element bbox = cr.create("bbox"); |
| 85 cr.addAttr(bbox, "value", bounds); | 108 cr.addAttr(bbox, "value", bounds); |
| 86 root.appendChild(bbox); | 109 root.appendChild(bbox); |
| 87 } | 110 } |
| 88 | 111 |
| 89 String xpathS = XPATH_RIVER_PROJECTION.replace("%RIVER%", river); | 112 Map<String, String> vars = new HashMap<String, String>(); |
| 90 String sridStr = Config.getStringXPath(xpathS); | 113 vars.put("river", river); |
| 114 | |
| 115 String sridStr = getStringXPath(XPATH_RIVER_PROJECTION, vars); | |
| 116 | |
| 91 if (sridStr != null && sridStr.length() > 0) { | 117 if (sridStr != null && sridStr.length() > 0) { |
| 92 Element srid = cr.create("srid"); | 118 Element srid = cr.create("srid"); |
| 93 cr.addAttr(srid, "value", sridStr); | 119 cr.addAttr(srid, "value", sridStr); |
| 94 root.appendChild(srid); | 120 root.appendChild(srid); |
| 95 } | 121 } |
| 96 | 122 |
| 97 String xpathB = XPATH_RIVER_BACKGROUND.replace("%RIVER%", river); | 123 Element back = (Element)getNodeXPath(XPATH_RIVER_BACKGROUND, vars); |
| 98 Element back = (Element) Config.getNodeXPath(xpathB); | |
| 99 if (back != null) { | 124 if (back != null) { |
| 100 Element background = cr.create("background-wms"); | 125 Element background = cr.create("background-wms"); |
| 101 cr.addAttr(background, "url", back.getAttribute("url")); | 126 cr.addAttr(background, "url", back.getAttribute("url")); |
| 102 cr.addAttr(background, "layers", back.getAttribute("layers")); | 127 cr.addAttr(background, "layers", back.getAttribute("layers")); |
| 103 root.appendChild(background); | 128 root.appendChild(background); |
| 104 } | 129 } |
| 105 | 130 |
| 106 String xpathWMS = XPATH_RIVER_WMS.replace("%RIVER%", river); | 131 String wmsStr = getStringXPath(XPATH_RIVER_WMS, vars); |
| 107 String wmsStr = Config.getStringXPath(xpathWMS); | |
| 108 if (wmsStr != null && wmsStr.length() > 0) { | 132 if (wmsStr != null && wmsStr.length() > 0) { |
| 109 Element wms = cr.create("river-wms"); | 133 Element wms = cr.create("river-wms"); |
| 110 cr.addAttr(wms, "url", wmsStr); | 134 cr.addAttr(wms, "url", wmsStr); |
| 111 root.appendChild(wms); | 135 root.appendChild(wms); |
| 112 } | 136 } |