7cfe35c1c45f506ae5188e552b59470933384ad1,entitybroker/impl/src/java/org/sakaiproject/entitybroker/impl/EntityHandlerImpl.java,EntityHandlerImpl,handleEntityAccess,#HttpServletRequest#HttpServletResponse#String#,384

Before Change


               if ( (EntityView.VIEW_EDIT.equals(view.getViewKey()) || EntityView.VIEW_DELETE.equals(view.getViewKey()) )
                     && view.getEntityReference().getId() == null) {
                  throw new EntityException("Unable to handle entity ("+prefix+") edit or delete request without entity id, url=" + view.getOriginalEntityUrl(), 
                        view.getEntityReference().toString(), HttpServletResponse.SC_BAD_REQUEST);
               }
            }

            boolean handled = false;
            if (output) {
               // output request
               try {
                  Outputable outputable = (Outputable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Outputable.class);
                  if (outputable != null) {
                     if ( ReflectUtil.contains(outputable.getHandledOutputFormats(), view.getExtension()) ) {
                        // we are handling this type of format for this entity
                        res.setCharacterEncoding(UTF_8);
                        String encoding = null;
                        if (Formats.XML.equals(view.getExtension())) {
                           encoding = Formats.XML_MIME_TYPE;
                        } else if (Formats.HTML.equals(view.getExtension())) {
                           encoding = Formats.HTML_MIME_TYPE;
                        } else if (Formats.JSON.equals(view.getExtension())) {
                           encoding = Formats.JSON_MIME_TYPE;
                        } else if (Formats.RSS.equals(view.getExtension())) {
                           encoding = Formats.RSS_MIME_TYPE;                        
                        } else if (Formats.ATOM.equals(view.getExtension())) {
                           encoding = Formats.ATOM_MIME_TYPE;                        
                        } else {
                           encoding = Formats.TXT_MIME_TYPE;
                        }
                        res.setContentType(encoding);

                        // get the entities to output
                        Search search = makeSearchFromRequest(req);
                        List<?> entities = fetchEntityList(view.getEntityReference(), search);
                        OutputStream outputStream = null;
                        try {
                           outputStream = res.getOutputStream();
                        } catch (IOException e) {
                           throw new RuntimeException("Failed to get output stream from response: " + view.getEntityReference(), e);
                        }

                        OutputFormattable formattable = (OutputFormattable) entityProviderManager.getProviderByPrefixAndCapability(prefix, OutputFormattable.class);
                        if (formattable == null) {
                           // handle internally or fail
                           internalOutputFormatter(view.getEntityReference(), view.getExtension(), entities, outputStream, view);
                        } else {
                           // use provider's formatter
                           formattable.formatOutput(view.getEntityReference(), view.getExtension(), entities, outputStream);
                        }
                        res.setStatus(HttpServletResponse.SC_OK);
                        handled = true;
                     } else {
                        // will not handle this format type
                        throw new EntityException( "Will not handle output request for format  "+view.getExtension()+" for this path (" 
                              + path + ") for prefix (" + prefix + ") for entity (" + view.getEntityReference().toString() + ")", 
                              view.getEntityReference().toString(), HttpServletResponse.SC_METHOD_NOT_ALLOWED );
                     }
                  }
               } catch (IllegalArgumentException e) {
                  // translate IAE into EE
                  throw new EntityException("IllegalArgumentException: Unable to handle output input request url ("
                        + view.getOriginalEntityUrl()+"), " + e.getMessage(),
                        view.getEntityReference().toString(), HttpServletResponse.SC_BAD_REQUEST);                  
               }
            } else {
               // input request
               try {
                  if (EntityView.VIEW_DELETE.equals(view.getViewKey())) {
                     // delete request
                     Deleteable deleteable = (Deleteable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Deleteable.class);
                     if (deleteable != null) {
                        deleteable.deleteEntity(view.getEntityReference());
                        res.setStatus(HttpServletResponse.SC_NO_CONTENT);
                        handled = true;
                     }
                  } else {
                     // save request
                     Inputable inputable = (Inputable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Inputable.class);
                     if (inputable != null) {
                        if ( ReflectUtil.contains(inputable.getHandledInputFormats(), view.getExtension()) ) {
                           // we are handling this type of format for this entity
                           Object entity = null;
                           InputStream inputStream = null;
                           try {
                              inputStream = req.getInputStream();
                           } catch (IOException e) {
                              throw new RuntimeException("Failed to get output stream from response: " + view.getEntityReference(), e);
                           }

                           InputTranslatable translatable = (InputTranslatable) entityProviderManager.getProviderByPrefixAndCapability(prefix, InputTranslatable.class);
                           if (translatable == null) {
                              // use internal translators or fail
                              entity = internalInputTranslator(view.getEntityReference(), 
                                       view.getExtension(), inputStream, req);
                           } else {
                              // use provider's translator
                              entity = translatable.translateFormattedData(view.getEntityReference(), 
                                    view.getExtension(), inputStream);
                           }

                           if (entity == null) {
                              throw new EntityException("Unable to save entity ("+view.getEntityReference()+"), entity object was null", 
                                    view.toString(), HttpServletResponse.SC_BAD_REQUEST);
                           } else {
                              if (EntityView.VIEW_NEW.equals(view.getViewKey())) {
                                 String createdId = inputable.createEntity(view.getEntityReference(), entity);
                                 view.setEntityReference( new EntityReference(prefix, createdId) ); // update the entity view
                                 res.setHeader(EntityRequestHandler.HEADER_ENTITY_ID, createdId);
                                 res.setStatus(HttpServletResponse.SC_CREATED);
                              } else if (EntityView.VIEW_EDIT.equals(view.getViewKey())) {
                                 inputable.updateEntity(view.getEntityReference(), entity);
                                 res.setStatus(HttpServletResponse.SC_NO_CONTENT);
                              } else {
                                 throw new EntityException("Unable to handle entity input ("+view.getEntityReference()+"), " +
                                 		"action was not understood: " + view.getViewKey(), 
                                       view.toString(), HttpServletResponse.SC_BAD_REQUEST);
                              }
                              // return the location of this updated or created entity (without any extension)
                              res.setHeader(EntityRequestHandler.HEADER_ENTITY_URL, view.getEntityURL(EntityView.VIEW_SHOW, null));

After Change


         path = req.getPathInfo();
      }

      EntityView view;
      try {
         view = parseEntityURL(path);
      } catch (IllegalArgumentException e) {
         // indicates we could not parse the reference
         throw new EntityException("Could not parse entity path ("+path+"): " + e.getMessage(), path, HttpServletResponse.SC_BAD_REQUEST);
      }

      if (view == null) {
         // no provider for this entity prefix
         throw new EntityException( "No entity provider could be found to handle the prefix in this path: " + path, 
               path, HttpServletResponse.SC_NOT_IMPLEMENTED );
      } else if (! entityExists(view.getEntityReference()) ) {
         // reference parsing failure
         throw new EntityException( "Attempted to access an entity URL path (" + path + ") for an entity ("
               + view.getEntityReference() + ") that does not exist", 
               view.getEntityReference()+"", HttpServletResponse.SC_NOT_FOUND );
      } else {
         String prefix = view.getEntityReference().getPrefix();
         // reference successfully parsed
         res.setStatus(HttpServletResponse.SC_OK); // other things can switch this later on

         // store the current request and response
         ((RequestGetterImpl) requestGetter).setRequest(req);
         ((RequestGetterImpl) requestGetter).setResponse(res);

         // check for extensions
         if (view.getExtension() == null) {
            view.setExtension(Outputable.HTML); // update the view
         }
         req.setAttribute("extension", view.getExtension());

         // handle the before interceptor
         RequestInterceptor interceptor = (RequestInterceptor) entityProviderManager.getProviderByPrefixAndCapability(prefix, RequestInterceptor.class);
         if (interceptor != null) {
            interceptor.before(view, req, res);
         }

         // check for provider handling of this request
         RequestHandler handler = (RequestHandler) entityProviderManager.getProviderByPrefixAndCapability(prefix, RequestHandler.class);
         if (handler != null) {
            // provider is handling this request
            handleClassLoaderAccess(handler, req, res, view);
         } else {
            // handle the request internally if possible

            // identify the type of request (input or output) and the action (will be encoded in the viewKey)
            boolean output = false;
            String method = req.getMethod() == null ? "GET" : req.getMethod().toUpperCase().trim();
            if ("GET".equals(method)) {
               output = true;
            } else {
               // identify the action based on the method type or "_method" attribute
               if ("DELETE".equals(method)) {
                  view.setViewKey(EntityView.VIEW_DELETE);
               } else if ("PUT".equals(method)) {
                  view.setViewKey(EntityView.VIEW_EDIT);
               } else if ("POST".equals(method)) {
                  String _method = req.getParameter("_method");
                  if (_method == null) {
                     // this better be a create request
                     view.setViewKey(EntityView.VIEW_NEW);
                  } else {
                     _method = _method.toUpperCase().trim();
                     if ("DELETE".equals(_method)) {
                        view.setViewKey(EntityView.VIEW_DELETE);
                     } else if ("PUT".equals(_method)) {
                        view.setViewKey(EntityView.VIEW_EDIT);
                     } else {
                        throw new EntityException("Unable to handle POST request with _method, unknown method (only PUT/DELETE allowed): " + _method, 
                              view.getEntityReference()+"", HttpServletResponse.SC_BAD_REQUEST);                        
                     }
                  }
               } else {
                  throw new EntityException("Unable to handle request method, unknown method (only GET/POST/PUT/DELETE allowed): " + method, 
                        view.getEntityReference()+"", HttpServletResponse.SC_BAD_REQUEST);
               }

               // check that the request is valid (edit and delete require an entity id)
               if ( (EntityView.VIEW_EDIT.equals(view.getViewKey()) || EntityView.VIEW_DELETE.equals(view.getViewKey()) )
                     && view.getEntityReference().getId() == null) {
                  throw new EntityException("Unable to handle entity ("+prefix+") edit or delete request without entity id, url=" 
                        + view.getOriginalEntityUrl(), 
                        view.getEntityReference()+"", HttpServletResponse.SC_BAD_REQUEST);
               }
            }

            boolean handled = false;
            try {
               if (output) {
                  // output request
                  Outputable outputable = (Outputable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Outputable.class);
                  if (outputable != null) {
                     if ( ReflectUtil.contains(outputable.getHandledOutputFormats(), view.getExtension()) ) {
                        // we are handling this type of format for this entity
                        res.setCharacterEncoding(UTF_8);
                        String encoding = null;
                        if (Formats.XML.equals(view.getExtension())) {
                           encoding = Formats.XML_MIME_TYPE;
                        } else if (Formats.HTML.equals(view.getExtension())) {
                           encoding = Formats.HTML_MIME_TYPE;
                        } else if (Formats.JSON.equals(view.getExtension())) {
                           encoding = Formats.JSON_MIME_TYPE;
                        } else if (Formats.RSS.equals(view.getExtension())) {
                           encoding = Formats.RSS_MIME_TYPE;                        
                        } else if (Formats.ATOM.equals(view.getExtension())) {
                           encoding = Formats.ATOM_MIME_TYPE;                        
                        } else {
                           encoding = Formats.TXT_MIME_TYPE;
                        }
                        res.setContentType(encoding);

                        // get the entities to output
                        Search search = makeSearchFromRequest(req);
                        List<?> entities = fetchEntityList(view.getEntityReference(), search);
                        OutputStream outputStream = null;
                        try {
                           outputStream = res.getOutputStream();
                        } catch (IOException e) {
                           throw new RuntimeException("Failed to get output stream from response: " + view.getEntityReference(), e);
                        }

                        OutputFormattable formattable = (OutputFormattable) entityProviderManager.getProviderByPrefixAndCapability(prefix, OutputFormattable.class);
                        if (formattable == null) {
                           // handle internally or fail
                           internalOutputFormatter(view.getEntityReference(), view.getExtension(), entities, outputStream, view);
                        } else {
                           // use provider's formatter
                           formattable.formatOutput(view.getEntityReference(), view.getExtension(), entities, outputStream);
                        }
                        res.setStatus(HttpServletResponse.SC_OK);
                        handled = true;
                     } else {
                        // will not handle this format type
                        throw new EntityException( "Will not handle output request for format  "+view.getExtension()+" for this path (" 
                              + path + ") for prefix (" + prefix + ") for entity (" + view.getEntityReference() + ")", 
                              view.getEntityReference()+"", HttpServletResponse.SC_METHOD_NOT_ALLOWED );
                     }
                  }
               } else {
                  // input request
                  if (EntityView.VIEW_DELETE.equals(view.getViewKey())) {
                     // delete request
                     Deleteable deleteable = (Deleteable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Deleteable.class);
                     if (deleteable != null) {
                        deleteable.deleteEntity(view.getEntityReference());
                        res.setStatus(HttpServletResponse.SC_NO_CONTENT);
                        handled = true;
                     }
                  } else {
                     // save request
                     Inputable inputable = (Inputable) entityProviderManager.getProviderByPrefixAndCapability(prefix, Inputable.class);
                     if (inputable != null) {
                        if ( ReflectUtil.contains(inputable.getHandledInputFormats(), view.getExtension()) ) {
                           // we are handling this type of format for this entity
                           Object entity = null;
                           InputStream inputStream = null;
                           try {
                              inputStream = req.getInputStream();
                           } catch (IOException e) {
                              throw new RuntimeException("Failed to get output stream from response: " + view.getEntityReference(), e);
                           }

                           InputTranslatable translatable = (InputTranslatable) entityProviderManager.getProviderByPrefixAndCapability(prefix, InputTranslatable.class);
                           if (translatable == null) {
                              // use internal translators or fail
                              entity = internalInputTranslator(view.getEntityReference(), 
                                    view.getExtension(), inputStream, req);
                           } else {
                              // use provider's translator
                              entity = translatable.translateFormattedData(view.getEntityReference(), 
                                    view.getExtension(), inputStream);
                           }

                           if (entity == null) {
                              throw new EntityException("Unable to save entity ("+view.getEntityReference()+"), entity object was null", 
                                    view.toString(), HttpServletResponse.SC_BAD_REQUEST);
                           } else {
                              if (EntityView.VIEW_NEW.equals(view.getViewKey())) {
                                 String createdId = inputable.createEntity(view.getEntityReference(), entity);
                                 view.setEntityReference( new EntityReference(prefix, createdId) ); // update the entity view
                                 res.setHeader(EntityRequestHandler.HEADER_ENTITY_ID, createdId);
                                 res.setStatus(HttpServletResponse.SC_CREATED);
                              } else if (EntityView.VIEW_EDIT.equals(view.getViewKey())) {
                                 inputable.updateEntity(view.getEntityReference(), entity);
                                 res.setStatus(HttpServletResponse.SC_NO_CONTENT);
                              } else {
                                 throw new EntityException("Unable to handle entity input ("+view.getEntityReference()+"), " +
                                       "action was not understood: " + view.getViewKey(), 
                                       view.getEntityReference()+"", HttpServletResponse.SC_BAD_REQUEST);
                              }
                              // return the location of this updated or created entity (without any extension)
                              res.setHeader(EntityRequestHandler.HEADER_ENTITY_URL, view.getEntityURL(EntityView.VIEW_SHOW, null));