mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
PRODESC-5780: ACS Repo DAU APIs to also use non-attach allow list (#830)
* PRODSEC-5780: ACS Repo DAU APIs to also use non-attach allow list - moved existing pre-configured allow list from remote-api to repository layer - ("nodes.nonAttachContentTypes" xml -> "content.nonAttach.mimetypes" prop) - now also used by DAU (as well as existing V1 REST API and CMIS to get/download content)
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
* #%L
|
||||
* Alfresco Remote API
|
||||
* %%
|
||||
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
||||
* Copyright (C) 2005 - 2021 Alfresco Software Limited
|
||||
* %%
|
||||
* This file is part of the Alfresco software.
|
||||
* If the software was purchased under a paid Alfresco license, the terms of
|
||||
@@ -86,7 +86,8 @@ public abstract class CMISServletDispatcher implements CMISDispatcher
|
||||
|
||||
private boolean allowUnsecureCallbackJSONP;
|
||||
|
||||
private Set<String> nonAttachContentTypes = Collections.emptySet(); // pre-configured whitelist, eg. images & pdf
|
||||
// pre-configured allow list of media/mime types, eg. specific types of images & also pdf
|
||||
private Set<String> nonAttachContentTypes = Collections.emptySet();
|
||||
|
||||
public void setTenantAdminService(TenantAdminService tenantAdminService)
|
||||
{
|
||||
@@ -133,9 +134,12 @@ public abstract class CMISServletDispatcher implements CMISDispatcher
|
||||
this.cmisVersion = CmisVersion.fromValue(cmisVersion);
|
||||
}
|
||||
|
||||
public void setNonAttachContentTypes(Set<String> nonAttachWhiteList)
|
||||
public void setNonAttachContentTypes(String nonAttachAllowListStr)
|
||||
{
|
||||
this.nonAttachContentTypes = nonAttachWhiteList;
|
||||
if ((nonAttachAllowListStr != null) && (! nonAttachAllowListStr.isEmpty()))
|
||||
{
|
||||
nonAttachContentTypes = Set.of(nonAttachAllowListStr.trim().split("\\s*,\\s*"));
|
||||
}
|
||||
}
|
||||
|
||||
protected synchronized Descriptor getCurrentDescriptor()
|
||||
|
@@ -239,11 +239,15 @@ public class NodesImpl implements Nodes
|
||||
|
||||
private ConcurrentHashMap<String,NodeRef> ddCache = new ConcurrentHashMap<>();
|
||||
|
||||
private Set<String> nonAttachContentTypes = Collections.emptySet(); // pre-configured whitelist, eg. images & pdf
|
||||
// pre-configured allow list of media/mime types, eg. specific types of images & also pdf
|
||||
private Set<String> nonAttachContentTypes = Collections.emptySet();
|
||||
|
||||
public void setNonAttachContentTypes(Set<String> nonAttachWhiteList)
|
||||
public void setNonAttachContentTypes(String nonAttachAllowListStr)
|
||||
{
|
||||
this.nonAttachContentTypes = nonAttachWhiteList;
|
||||
if ((nonAttachAllowListStr != null) && (! nonAttachAllowListStr.isEmpty()))
|
||||
{
|
||||
nonAttachContentTypes = Set.of(nonAttachAllowListStr.trim().split("\\s*,\\s*"));
|
||||
}
|
||||
}
|
||||
|
||||
public void init()
|
||||
|
@@ -509,19 +509,6 @@
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="nodes.nonAttachContentTypes" class="org.springframework.beans.factory.config.SetFactoryBean">
|
||||
<property name="sourceSet">
|
||||
<set>
|
||||
<value>application/pdf</value>
|
||||
<value>image/jpeg</value>
|
||||
<value>image/gif</value>
|
||||
<value>image/png</value>
|
||||
<value>image/tiff</value>
|
||||
<value>image/bmp</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="nodes.personLookupProperties" class="org.springframework.beans.factory.config.SetFactoryBean">
|
||||
<property name="sourceSet">
|
||||
<set>
|
||||
@@ -542,7 +529,7 @@
|
||||
<property name="quickShareLinks" ref="QuickShareLinks"/>
|
||||
<property name="behaviourFilter" ref="policyBehaviourFilter"/>
|
||||
<property name="ignoreTypes" ref="nodes.ignoreTypes"/>
|
||||
<property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
|
||||
<property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
|
||||
<property name="personLookupProperties" ref="nodes.personLookupProperties"/>
|
||||
<property name="poster" ref="activitiesPoster" />
|
||||
<property name="smartStore" ref="smartStore"/>
|
||||
@@ -1142,7 +1129,7 @@
|
||||
<property name="version" value="1.0"/>
|
||||
<property name="cmisVersion" value="1.0"/>
|
||||
<property name="tenantAdminService" ref="tenantAdminService"/>
|
||||
<property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
|
||||
<property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
|
||||
</bean>
|
||||
|
||||
<bean id="cmisAtomPubDispatcher1.1" class="org.alfresco.opencmis.PublicApiAtomPubCMISDispatcher" init-method="init">
|
||||
@@ -1154,7 +1141,7 @@
|
||||
<property name="version" value="1.1"/>
|
||||
<property name="cmisVersion" value="1.1"/>
|
||||
<property name="tenantAdminService" ref="tenantAdminService"/>
|
||||
<property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
|
||||
<property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
|
||||
</bean>
|
||||
|
||||
<bean id="cmisBrowserDispatcher1.1" class="org.alfresco.opencmis.PublicApiBrowserCMISDispatcher" init-method="init">
|
||||
@@ -1166,7 +1153,7 @@
|
||||
<property name="version" value="1.1"/>
|
||||
<property name="cmisVersion" value="1.1"/>
|
||||
<property name="tenantAdminService" ref="tenantAdminService"/>
|
||||
<property name="nonAttachContentTypes" ref="nodes.nonAttachContentTypes"/>
|
||||
<property name="nonAttachContentTypes" value="${content.nonAttach.mimetypes}"/>
|
||||
<property name="allowUnsecureCallbackJSONP" value="${allow.unsecure.callback.jsonp}"/>
|
||||
</bean>
|
||||
|
||||
|
Reference in New Issue
Block a user