Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

93371: Merged 5.0.N (5.0.1) to HEAD-BUG-FIX (5.1/Cloud) 93309: MNT-12794: Merged dev. 5.0.N (5.0.1) to 5.0.N (5.0.1) 92772: MNT-12794: [Security] Information leak via verbose eror messages - Not public exceptions have been transformed into a configurable parameter. The basic configuration has been moved to .web-scripts-application-context.xml.. A safe choice for the name of the parent bean in the context of enterprise tests was put into the .enterprise-web-scripts-application-context.xml.. to ensure that the Cloud tests will work well without not public exceptions configuration. All tests related to the not public exceptions are implemented in .org.alfresco.repo.web.scripts.RepositoryContainerTest.. << N. B.: This revision does not contain changes for Cloud >> git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94956 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2015-01-31 12:21:40 +00:00
parent 6d5691a0b0
commit 586807e319
4 changed files with 288 additions and 88 deletions
--- a/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
+++ b/source/java/org/alfresco/repo/web/scripts/RepositoryContainer.java
@@ -21,8 +21,8 @@ package org.alfresco.repo.web.scripts;
 import java.io.File;
 import java.io.IOException;
 import java.net.SocketException;
-import java.sql.SQLException;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;

 import javax.servlet.http.HttpServletResponse;
@@ -90,7 +90,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer
    private long maxContentSize = (long) 4 * 1024 * 1024 * 1024; // 4gb
    private ThresholdOutputStreamFactory streamFactory = null;

-    private final static Class<?>[] HIDE_EXCEPTIONS = new Class[] { SQLException.class };
+    private Class<?>[] notPublicExceptions = new Class<?>[] {};

    /*
     * Shame init is already used (by TenantRepositoryContainer).
@@ -178,6 +178,25 @@ public class RepositoryContainer extends AbstractRuntimeContainer
        this.authorityService = authorityService;
    }

+    /**
+     * Exceptions which may contain information that cannot be displayed in UI 
+     * 
+     * @param notPublicExceptions - {@link Class}&lt;?&gt;[] instance which contains list of not public exceptions
+     */
+    public void setNotPublicExceptions(List<Class<?>> notPublicExceptions)
+    {
+        this.notPublicExceptions = new Class<?>[] {};
+        if((null != notPublicExceptions) && !notPublicExceptions.isEmpty())
+        {
+            this.notPublicExceptions = notPublicExceptions.toArray(this.notPublicExceptions);
+        }
+    }
+
+    public Class<?>[] getNotPublicExceptions()
+    {
+        return notPublicExceptions;
+    }
+
    /* (non-Javadoc)
     * @see org.alfresco.web.scripts.Container#getDescription()
     */
@@ -262,7 +281,7 @@ public class RepositoryContainer extends AbstractRuntimeContainer
        }
        catch (RuntimeException e)
        {
-            Throwable hideCause = ExceptionStackUtil.getCause(e, HIDE_EXCEPTIONS);
+            Throwable hideCause = ExceptionStackUtil.getCause(e, notPublicExceptions);
            if (hideCause != null)
            {
                AlfrescoRuntimeException alf = null;