diff --git a/api/gwtsrc/org/labkey/api/gwt/client/util/ErrorDialogAsyncCallback.java b/api/gwtsrc/org/labkey/api/gwt/client/util/ErrorDialogAsyncCallback.java index f760be8bac7..b2731e84655 100644 --- a/api/gwtsrc/org/labkey/api/gwt/client/util/ErrorDialogAsyncCallback.java +++ b/api/gwtsrc/org/labkey/api/gwt/client/util/ErrorDialogAsyncCallback.java @@ -67,13 +67,13 @@ public final void onFailure(Throwable caught) // Indicates the request was cancelled because the user navigated to another page // Don't bother showing any dialog at all return; - case 401: + case 403: // HttpStatus.SC_UNAUTHORIZED message = "You do not have permission to perform this operation. Your session may have expired."; break; - case 404: + case 404: // HttpStatus.SC_NOT_FOUND message = "Not found."; break; - case 500: + case 500: // HttpStatus.SC_INTERNAL_SERVER_ERROR message = "The server encountered an error"; if(statusCodeException.getMessage() != null) message += ": " + statusCodeException.getMessage(); diff --git a/api/src/org/labkey/api/action/AbstractFileUploadAction.java b/api/src/org/labkey/api/action/AbstractFileUploadAction.java index d905c115b19..855bda5bd71 100644 --- a/api/src/org/labkey/api/action/AbstractFileUploadAction.java +++ b/api/src/org/labkey/api/action/AbstractFileUploadAction.java @@ -15,6 +15,7 @@ */ package org.labkey.api.action; +import org.apache.hc.core5.http.HttpStatus; import org.labkey.api.util.ExceptionUtil; import org.labkey.api.util.FileUtil; import org.labkey.api.util.PageFlowUtil; @@ -158,19 +159,19 @@ private void export(FORM form, HttpServletResponse response) throws Exception { if (form.getFileName() == null) { - error(writer, "No fileName parameter values included", HttpServletResponse.SC_BAD_REQUEST); + error(writer, "No fileName parameter values included", HttpStatus.SC_UNPROCESSABLE_ENTITY); return; } if (form.getFileContent() == null) { - error(writer, "No fileContent parameter values included", HttpServletResponse.SC_BAD_REQUEST); + error(writer, "No fileContent parameter values included", HttpStatus.SC_UNPROCESSABLE_ENTITY); return; } if (form.getFileName().length != form.getFileContent().length) { - error(writer, "Must include the same number of fileName and fileContent parameter values", HttpServletResponse.SC_BAD_REQUEST); + error(writer, "Must include the same number of fileName and fileContent parameter values", HttpStatus.SC_UNPROCESSABLE_ENTITY); return; } @@ -179,9 +180,8 @@ private void export(FORM form, HttpServletResponse response) throws Exception // Parameter name (String) -> File on disk/original file name Pair Map> savedFiles = new HashMap<>(); - if (basicRequest instanceof MultipartHttpServletRequest) + if (basicRequest instanceof MultipartHttpServletRequest request) { - MultipartHttpServletRequest request = (MultipartHttpServletRequest) basicRequest; Iterator nameIterator = request.getFileNames(); while (nameIterator.hasNext()) @@ -226,7 +226,7 @@ private void export(FORM form, HttpServletResponse response) throws Exception } catch (UploadException e) { - error(writer, "Must include the same number of fileName and fileContent parameter values", HttpServletResponse.SC_BAD_REQUEST); + error(writer, "Must include the same number of fileName and fileContent parameter values", e.getStatusCode()); } } } @@ -235,7 +235,7 @@ protected File handleFile(String filename, InputStream input, Writer writer) thr { if (filename == null || input == null) { - error(writer, "No file uploaded, or no filename specified", HttpServletResponse.SC_BAD_REQUEST); + error(writer, "No file uploaded, or no filename specified", HttpStatus.SC_UNPROCESSABLE_ENTITY); return null; } @@ -266,14 +266,14 @@ protected File handleFile(String filename, InputStream input, Writer writer) thr } catch (UploadException e) { - error(writer, e.getMessage(), HttpServletResponse.SC_BAD_REQUEST); + error(writer, e.getMessage(), e.getStatusCode()); return null; } } public static class UploadException extends IOException { - private int _statusCode; + private final int _statusCode; public UploadException(String message, int statusCode) { diff --git a/api/src/org/labkey/api/action/ApiResponseWriter.java b/api/src/org/labkey/api/action/ApiResponseWriter.java index 5223b100143..fe682ea102f 100644 --- a/api/src/org/labkey/api/action/ApiResponseWriter.java +++ b/api/src/org/labkey/api/action/ApiResponseWriter.java @@ -16,6 +16,7 @@ package org.labkey.api.action; import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.hc.core5.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.json.JSONArray; import org.json.JSONObject; @@ -60,7 +61,7 @@ public abstract class ApiResponseWriter implements AutoCloseable * * Allow new code to specify that SC_OK should be used for errors */ - static final int defaultErrorStatus = HttpServletResponse.SC_BAD_REQUEST; + static final int defaultErrorStatus = HttpStatus.SC_BAD_REQUEST; Integer errorResponseStatus = null; private boolean serializeViaJacksonAnnotations = false; diff --git a/api/src/org/labkey/api/action/ApiUsageException.java b/api/src/org/labkey/api/action/ApiUsageException.java index 1551350c1ba..674b236a5b3 100644 --- a/api/src/org/labkey/api/action/ApiUsageException.java +++ b/api/src/org/labkey/api/action/ApiUsageException.java @@ -15,33 +15,28 @@ */ package org.labkey.api.action; +import org.apache.hc.core5.http.HttpStatus; import org.labkey.api.util.SkipMothershipLogging; +import org.labkey.api.view.BadRequestException; /** * Signals the client API caller that they somehow made an invalid request. These errors are not reported to the * mothership. - * User: jeckels - * Date: Oct 5, 2010 */ -public class ApiUsageException extends RuntimeException implements SkipMothershipLogging +public class ApiUsageException extends BadRequestException implements SkipMothershipLogging { - public ApiUsageException() + public ApiUsageException(String message, Throwable cause) { - super(); + super(message, cause, HttpStatus.SC_UNPROCESSABLE_ENTITY, HowBad.MaybeBad); } public ApiUsageException(String message) { - super(message); - } - - public ApiUsageException(String message, Throwable cause) - { - super(message, cause); + this(message, null); } public ApiUsageException(Throwable cause) { - super(cause.getMessage() == null ? cause.toString() : cause.getMessage(), cause); + this(cause.getMessage(), cause); } } diff --git a/api/src/org/labkey/api/security/AuthFilter.java b/api/src/org/labkey/api/security/AuthFilter.java index a44c2aa7b65..4bef5ebf276 100644 --- a/api/src/org/labkey/api/security/AuthFilter.java +++ b/api/src/org/labkey/api/security/AuthFilter.java @@ -18,6 +18,7 @@ import org.apache.commons.collections4.IteratorUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.hc.core5.http.HttpStatus; import org.labkey.api.module.ModuleLoader; import org.labkey.api.module.SafeFlushResponseWrapper; import org.labkey.api.query.QueryService; @@ -189,7 +190,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } catch (UnsupportedEncodingException uee) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, uee.getMessage()); + resp.sendError(HttpStatus.SC_BAD_REQUEST, uee.getMessage()); return; } diff --git a/api/src/org/labkey/api/util/ExceptionUtil.java b/api/src/org/labkey/api/util/ExceptionUtil.java index 51d747f5cb8..246ed8e0cbe 100644 --- a/api/src/org/labkey/api/util/ExceptionUtil.java +++ b/api/src/org/labkey/api/util/ExceptionUtil.java @@ -772,7 +772,7 @@ static ActionURL handleException(@NotNull HttpServletRequest request, @NotNull H } else if (ex instanceof ApiUsageException) { - responseStatus = HttpServletResponse.SC_BAD_REQUEST; + responseStatus = ((ApiUsageException) ex).getStatus(); errorType = ErrorRenderer.ErrorType.notFound; if (ex.getMessage() != null) { diff --git a/api/src/org/labkey/api/view/BadRequestException.java b/api/src/org/labkey/api/view/BadRequestException.java index ccb84733272..2ea9e428b51 100644 --- a/api/src/org/labkey/api/view/BadRequestException.java +++ b/api/src/org/labkey/api/view/BadRequestException.java @@ -16,11 +16,11 @@ package org.labkey.api.view; import org.apache.commons.lang3.StringUtils; +import org.apache.hc.core5.http.HttpStatus; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** * Indicates that the client made a bad HTTP request, typically resulting in a 400 HTTP response code and avoiding much @@ -57,7 +57,7 @@ public boolean isSuspiciousRequest(HttpServletRequest req, boolean isSuspicious) @Override public boolean isSuspiciousRequest(HttpServletRequest req, boolean isSuspicious) { - return true; + return false; } }; @@ -73,25 +73,25 @@ public BadRequestException() public BadRequestException(String message) { - this(message, null, HttpServletResponse.SC_BAD_REQUEST, HowBad.MaybeBad); + this(message, null, HttpStatus.SC_BAD_REQUEST, HowBad.MaybeBad); } - public BadRequestException(String message, @Nullable Exception x) + public BadRequestException(String message, @Nullable Throwable x) { - this(message, x, HttpServletResponse.SC_BAD_REQUEST, HowBad.MaybeBad); + this(message, x, HttpStatus.SC_BAD_REQUEST, HowBad.MaybeBad); } - public BadRequestException(String message, @Nullable Exception x, int httpStatusCode) + public BadRequestException(String message, @Nullable Throwable x, int httpStatusCode) { - this(message, x, httpStatusCode, HttpServletResponse.SC_METHOD_NOT_ALLOWED == httpStatusCode ? HowBad.Malicious : HowBad.MaybeBad); + this(message, x, httpStatusCode, HttpStatus.SC_METHOD_NOT_ALLOWED == httpStatusCode ? HowBad.Malicious : HowBad.MaybeBad); } public BadRequestException(String message, @NotNull HowBad severity) { - this(message, null, HttpServletResponse.SC_BAD_REQUEST, severity); + this(message, null, HttpStatus.SC_BAD_REQUEST, severity); } - BadRequestException(String message, @Nullable Exception x, int httpStatusCode, HowBad severity) + protected BadRequestException(String message, @Nullable Throwable x, int httpStatusCode, HowBad severity) { super(StringUtils.defaultIfEmpty(message, "BAD REQUEST"), x, httpStatusCode); this.severity = severity; diff --git a/core/src/org/labkey/core/security/BlockListFilter.java b/core/src/org/labkey/core/security/BlockListFilter.java index c8112c2d951..c47975ea60c 100644 --- a/core/src/org/labkey/core/security/BlockListFilter.java +++ b/core/src/org/labkey/core/security/BlockListFilter.java @@ -73,9 +73,9 @@ static void registerBadRequest(HttpServletRequest req) static void handleBadRequest(HttpServletRequest req) { Object ex = req.getAttribute(ExceptionUtil.REQUEST_EXCEPTION_ATTRIBUTE); - if (ex instanceof BadRequestException) + if (ex instanceof BadRequestException badRequestException) { - if (!((BadRequestException)ex).isSuspiciousRequest(req, isSuspicious(req.getRequestURI(),req.getQueryString(),req.getHeader("User-Agent")))) + if (!badRequestException.isSuspiciousRequest(req, isSuspicious(req.getRequestURI(),req.getQueryString(),req.getHeader("User-Agent")))) return; } registerBadRequest(req); diff --git a/core/src/org/labkey/core/security/SecurityPointcutServiceImpl.java b/core/src/org/labkey/core/security/SecurityPointcutServiceImpl.java index 3a25c9e6277..0f71b5fba1d 100644 --- a/core/src/org/labkey/core/security/SecurityPointcutServiceImpl.java +++ b/core/src/org/labkey/core/security/SecurityPointcutServiceImpl.java @@ -15,6 +15,7 @@ */ package org.labkey.core.security; +import org.apache.hc.core5.http.HttpStatus; import org.labkey.api.module.Module; import org.labkey.api.security.SecurityPointcutService; import org.labkey.api.settings.AppProps; @@ -69,7 +70,7 @@ else if (res.getStatus() == SC_UNAUTHORIZED || res.getStatus() == SC_FORBIDDEN) if (ex instanceof CSRFException) BlockListFilter.handleBadRequest(req); } - else if (res.getStatus() == SC_BAD_REQUEST) + else if (res.getStatus() == SC_BAD_REQUEST || res.getStatus() == HttpStatus.SC_UNPROCESSABLE_ENTITY) { BlockListFilter.handleBadRequest(req); } diff --git a/experiment/src/org/labkey/experiment/controllers/exp/ExperimentController.java b/experiment/src/org/labkey/experiment/controllers/exp/ExperimentController.java index 7fb30ddf1e4..17efc3528d1 100644 --- a/experiment/src/org/labkey/experiment/controllers/exp/ExperimentController.java +++ b/experiment/src/org/labkey/experiment/controllers/exp/ExperimentController.java @@ -18,6 +18,7 @@ import au.com.bytecode.opencsv.CSVWriter; import org.apache.commons.lang3.StringUtils; +import org.apache.hc.core5.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.poi.openxml4j.exceptions.InvalidFormatException; @@ -2563,7 +2564,7 @@ public void export(ConvertArraysToExcelForm form, HttpServletResponse response, catch (JSONException | ClassCastException e) { // We can get a ClassCastException if we expect an array and get a simple String, for example - ExceptionUtil.renderErrorView(getViewContext(), getPageConfig(), ErrorRenderer.ErrorType.notFound, HttpServletResponse.SC_BAD_REQUEST, "Failed to convert to Excel - invalid input", e, false, false); + ExceptionUtil.renderErrorView(getViewContext(), getPageConfig(), ErrorRenderer.ErrorType.notFound, HttpStatus.SC_UNPROCESSABLE_ENTITY, "Failed to convert to Excel - invalid input", e, false, false); } } } @@ -2642,7 +2643,7 @@ public void export(ConvertArraysToExcelForm form, HttpServletResponse response, } catch (JSONException e) { - ExceptionUtil.renderErrorView(getViewContext(), getPageConfig(), ErrorRenderer.ErrorType.notFound, HttpServletResponse.SC_BAD_REQUEST, "Failed to convert to table - invalid input", e, false, false); + ExceptionUtil.renderErrorView(getViewContext(), getPageConfig(), ErrorRenderer.ErrorType.notFound, HttpStatus.SC_UNPROCESSABLE_ENTITY, "Failed to convert to table - invalid input", e, false, false); } } } diff --git a/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java b/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java index 90a35ce3d6a..651a6aa37bb 100644 --- a/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java +++ b/experiment/src/org/labkey/experiment/controllers/property/PropertyController.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter; import org.apache.commons.beanutils.ConvertUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.hc.core5.http.HttpStatus; import org.apache.poi.util.IOUtils; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -1251,7 +1252,7 @@ public String getResponse(FileUploadForm form, Map> f { if (files.isEmpty()) { - throw new UploadException("No file(s) uploaded, or the uploaded file was empty", 400); + throw new UploadException("No file(s) uploaded, or the uploaded file was empty", HttpStatus.SC_BAD_REQUEST); } if (files.size() > 1) { @@ -1263,7 +1264,7 @@ public String getResponse(FileUploadForm form, Map> f separator = ", "; message.append(fileStringPair.getValue()); } - throw new UploadException("Only one file is supported, but " + files.size() + " were uploaded: " + message, 400); + throw new UploadException("Only one file is supported, but " + files.size() + " were uploaded: " + message, HttpStatus.SC_BAD_REQUEST); } // Store the file in the session, and delete it when the session expires HttpSession session = getViewContext().getSession();