Mercurial > dive4elements > river
comparison flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java @ 4811:a06e443f159a
Removed XPath injection!
| author | Sascha L. Teichmann <teichmann@intevation.de> |
|---|---|
| date | Fri, 18 Jan 2013 10:30:09 +0100 |
| parents | 5ca2516ebef1 |
| children |
comparison
equal
deleted
inserted
replaced
| 4810:5ca2516ebef1 | 4811:a06e443f159a |
|---|---|
| 33 public static final String XPATH_RIVER = "/mapinfo/river/text()"; | 33 public static final String XPATH_RIVER = "/mapinfo/river/text()"; |
| 34 | 34 |
| 35 public static final String XPATH_MAPTYPE = "/mapinfo/maptype/text()"; | 35 public static final String XPATH_MAPTYPE = "/mapinfo/maptype/text()"; |
| 36 | 36 |
| 37 private static final String XPATH_RIVER_PROJECTION = | 37 private static final String XPATH_RIVER_PROJECTION = |
| 38 "/artifact-database/floodmap/river[@name=$river]/srid/@value"; | 38 "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/srid/@value"; |
| 39 | 39 |
| 40 private static final String XPATH_RIVER_BACKGROUND = | 40 private static final String XPATH_RIVER_BACKGROUND = |
| 41 "/artifact-database/floodmap/river[@name=$river]/background-wms"; | 41 "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/background-wms"; |
| 42 | 42 |
| 43 private static final String XPATH_RIVER_WMS = | 43 private static final String XPATH_RIVER_WMS = |
| 44 "/artifact-database/floodmap/river[@name=$river]/river-wms"; | 44 "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/river-wms"; |
| 45 | 45 |
| 46 | 46 |
| 47 /** The logger used in this service.*/ | 47 /** The logger used in this service.*/ |
| 48 private static Logger logger = Logger.getLogger(MapInfoService.class); | 48 private static Logger logger = Logger.getLogger(MapInfoService.class); |
| 49 | 49 |
| 70 return (Node)XMLUtils.xpath( | 70 return (Node)XMLUtils.xpath( |
| 71 Config.getConfig(), query, XPathConstants.NODE, | 71 Config.getConfig(), query, XPathConstants.NODE, |
| 72 null, variables); | 72 null, variables); |
| 73 } | 73 } |
| 74 | 74 |
| 75 protected String xpathMaptypeSwitch(String maptype, String xpath) { | |
| 76 if (maptype != null) { | |
| 77 return xpath.replace("floodmap", maptype); | |
| 78 } | |
| 79 return xpath; | |
| 80 } | |
| 81 | |
| 82 @Override | 75 @Override |
| 83 public Document processXML( | 76 public Document processXML( |
| 84 Document data, | 77 Document data, |
| 85 GlobalContext globalContext, | 78 GlobalContext globalContext, |
| 86 CallMeta callMeta | 79 CallMeta callMeta |
| 91 ElementCreator cr = new ElementCreator(result, null, null); | 84 ElementCreator cr = new ElementCreator(result, null, null); |
| 92 | 85 |
| 93 Element mapinfo = cr.create("mapinfo"); | 86 Element mapinfo = cr.create("mapinfo"); |
| 94 result.appendChild(mapinfo); | 87 result.appendChild(mapinfo); |
| 95 | 88 |
| 96 String mapType = extractMaptype(data); | |
| 97 String river = extractRiver(data); | 89 String river = extractRiver(data); |
| 98 if (river == null || river.length() == 0) { | 90 if (river == null || river.length() == 0) { |
| 99 logger.warn("Cannot generate information: river is empty!"); | 91 logger.warn("Cannot generate information: river is empty!"); |
| 100 return result; | 92 return result; |
| 93 } | |
| 94 | |
| 95 String mapType = extractMaptype(data); | |
| 96 if (mapType == null | |
| 97 || !(mapType.equals("floodmap") || mapType.equals("rivermap"))) { | |
| 98 mapType = "floodmap"; | |
| 101 } | 99 } |
| 102 | 100 |
| 103 Element root = cr.create("river"); | 101 Element root = cr.create("river"); |
| 104 cr.addAttr(root, "name", river); | 102 cr.addAttr(root, "name", river); |
| 105 mapinfo.appendChild(root); | 103 mapinfo.appendChild(root); |
| 106 | 104 |
| 107 Envelope env = GeometryUtils.getRiverBoundary(river); | 105 Envelope env = GeometryUtils.getRiverBoundary(river); |
| 108 if (env != null) { | 106 if (env != null) { |
| 109 String bounds = GeometryUtils.jtsBoundsToOLBounds(env); | 107 String bounds = GeometryUtils.jtsBoundsToOLBounds(env); |
| 110 logger.debug("River '" + river + "' bounds: " + bounds); | 108 if (logger.isDebugEnabled()) { |
| 109 logger.debug("River '" + river + "' bounds: " + bounds); | |
| 110 } | |
| 111 | 111 |
| 112 Element bbox = cr.create("bbox"); | 112 Element bbox = cr.create("bbox"); |
| 113 cr.addAttr(bbox, "value", bounds); | 113 cr.addAttr(bbox, "value", bounds); |
| 114 root.appendChild(bbox); | 114 root.appendChild(bbox); |
| 115 } | 115 } |
| 116 | 116 |
| 117 Map<String, String> vars = new HashMap<String, String>(); | 117 Map<String, String> vars = new HashMap<String, String>(); |
| 118 vars.put("maptype", mapType); | |
| 118 vars.put("river", river); | 119 vars.put("river", river); |
| 119 | 120 |
| 120 String sridStr = getStringXPath( | 121 String sridStr = getStringXPath(XPATH_RIVER_PROJECTION, vars); |
| 121 xpathMaptypeSwitch(mapType, XPATH_RIVER_PROJECTION), vars); | |
| 122 | 122 |
| 123 if (sridStr != null && sridStr.length() > 0) { | 123 if (sridStr != null && sridStr.length() > 0) { |
| 124 Element srid = cr.create("srid"); | 124 Element srid = cr.create("srid"); |
| 125 cr.addAttr(srid, "value", sridStr); | 125 cr.addAttr(srid, "value", sridStr); |
| 126 root.appendChild(srid); | 126 root.appendChild(srid); |
| 127 } | 127 } |
| 128 | 128 |
| 129 logger.debug("processXML: " + XMLUtils.toString(root)); | 129 if (logger.isDebugEnabled()) { |
| 130 logger.debug("processXML: " + XMLUtils.toString(root)); | |
| 131 } | |
| 132 | |
| 130 root.appendChild( | 133 root.appendChild( |
| 131 createWMSElement("background-wms", | 134 createWMSElement("background-wms", |
| 132 xpathMaptypeSwitch(mapType, XPATH_RIVER_BACKGROUND), vars, cr)); | 135 XPATH_RIVER_BACKGROUND, vars, cr)); |
| 136 | |
| 133 root.appendChild( | 137 root.appendChild( |
| 134 createWMSElement("river-wms", | 138 createWMSElement("river-wms", |
| 135 xpathMaptypeSwitch(mapType, XPATH_RIVER_WMS), vars, cr)); | 139 XPATH_RIVER_WMS, vars, cr)); |
| 136 | 140 |
| 137 return result; | 141 return result; |
| 138 } | 142 } |
| 139 | 143 |
| 140 | 144 |
| 141 protected Element createWMSElement( | 145 protected Element createWMSElement( |
| 142 String elementName, | 146 String elementName, |
| 143 String xpath, | 147 String xpath, |
| 144 Map<String, String> vars, | 148 Map<String, String> vars, |
| 145 ElementCreator cr) | 149 ElementCreator cr) |
| 146 { | 150 { |
| 147 logger.debug("createWMSElement()"); | 151 logger.debug("createWMSElement()"); |
| 148 | 152 |
| 149 Element el = cr.create(elementName); | 153 Element el = cr.create(elementName); |
| 150 Element wms = (Element)getNodeXPath(xpath, vars); | 154 Element wms = (Element)getNodeXPath(xpath, vars); |
| 161 | 165 |
| 162 return el; | 166 return el; |
| 163 } | 167 } |
| 164 | 168 |
| 165 | 169 |
| 166 protected String extractRiver(Document data) { | 170 private static String extractRiver(Document data) { |
| 167 return XMLUtils.xpathString( | 171 return XMLUtils.xpathString( |
| 168 data, XPATH_RIVER, ArtifactNamespaceContext.INSTANCE); | 172 data, XPATH_RIVER, ArtifactNamespaceContext.INSTANCE); |
| 169 } | 173 } |
| 170 | 174 |
| 171 protected String extractMaptype(Document data) { | 175 private static String extractMaptype(Document data) { |
| 172 return XMLUtils.xpathString( | 176 return XMLUtils.xpathString( |
| 173 data, XPATH_MAPTYPE, ArtifactNamespaceContext.INSTANCE); | 177 data, XPATH_MAPTYPE, ArtifactNamespaceContext.INSTANCE); |
| 174 } | 178 } |
| 175 } | 179 } |
| 176 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : | 180 // vim:set ts=4 sw=4 si et sta sts=4 fenc=utf8 : |