SOLR-5517: Return HTTP error on POST requests with no Content-Type

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1547322 13f79535-47bb-0310-9956-ffa450edef68
2013-12-03 09:19:30 +00:00 · 2013-12-03 09:19:30 +00:00 · ce46fecc28
parent d1085391c1
commit ce46fecc28
7 changed files with 43 additions and 8 deletions
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@ -218,6 +218,9 @@ Other Changes
 * SOLR-5499: Log a warning if /get is not registered when using SolrCloud.
  (Daniel Collins via shalin)

+* SOLR-5517: Return HTTP error on POST requests with no Content-Type.
+  (Ryan Ernst, Uwe Schindler)
+
 ==================  4.6.0 ==================

 Versions of Major Components
--- a/solr/core/src/java/org/apache/solr/handler/UpdateRequestHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/UpdateRequestHandler.java
@ -75,7 +75,7 @@ public class UpdateRequestHandler extends ContentStreamHandlerBase {
        type = stream.getContentType();
      }
      if( type == null ) { // Normal requests will not get here.
-        throw new SolrException(ErrorCode.BAD_REQUEST, "Missing ContentType");
+        throw new SolrException(ErrorCode.UNSUPPORTED_MEDIA_TYPE, "Missing ContentType");
      }
      int idx = type.indexOf(';');
      if(idx>0) {
@ -83,7 +83,7 @@ public class UpdateRequestHandler extends ContentStreamHandlerBase {
      }
      ContentStreamLoader loader = loaders.get(type);
      if(loader==null) {
-        throw new SolrException(ErrorCode.BAD_REQUEST, "Unsupported ContentType: "
+        throw new SolrException(ErrorCode.UNSUPPORTED_MEDIA_TYPE, "Unsupported ContentType: "
            +type+ "  Not in: "+loaders.keySet());
      }
      if(loader.getDefaultWT()!=null) {
--- a/solr/core/src/java/org/apache/solr/handler/component/SearchHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/component/SearchHandler.java
@ -22,9 +22,11 @@ import java.util.LinkedList;
 import java.util.List;

 import org.apache.solr.common.SolrException;
+import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.solr.common.params.CommonParams;
 import org.apache.solr.common.params.ModifiableSolrParams;
 import org.apache.solr.common.params.ShardParams;
+import org.apache.solr.common.util.ContentStream;
 import org.apache.solr.core.CloseHook;
 import org.apache.solr.core.PluginInfo;
 import org.apache.solr.core.SolrCore;
@ -165,6 +167,10 @@ public class SearchHandler extends RequestHandlerBase implements SolrCoreAware ,
  {
    // int sleep = req.getParams().getInt("sleep",0);
    // if (sleep > 0) {log.error("SLEEPING for " + sleep);  Thread.sleep(sleep);}
+    if (req.getContentStreams() != null && req.getContentStreams().iterator().hasNext()) {
+      throw new SolrException(ErrorCode.BAD_REQUEST, "Search requests cannot accept content streams");
+    }
+    
    ResponseBuilder rb = new ResponseBuilder(req, rsp, components);
    if (rb.requestInfo != null) {
      rb.requestInfo.setResponseBuilder(rb);
--- a/solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java
+++ b/solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java
@ -584,7 +584,7 @@ public class SolrRequestParsers
      if (!isFormData(req)) {
        throw new SolrException( ErrorCode.BAD_REQUEST, "Not application/x-www-form-urlencoded content: "+req.getContentType() );
      }
-      
+
      final Map<String,String[]> map = new HashMap<String, String[]>();
      
      // also add possible URL parameters and include into the map (parsed using UTF-8):
@ -600,7 +600,7 @@ public class SolrRequestParsers
        throw new SolrException(ErrorCode.BAD_REQUEST, "application/x-www-form-urlencoded content length (" +
          totalLength + " bytes) exceeds upload limit of " + uploadLimitKB + " KB");
      }
-      
+
      // get query String from request body, using the charset given in content-type:
      final String cs = ContentStreamBase.getCharsetFromContentType(req.getContentType());
      final Charset charset = (cs == null) ? IOUtils.CHARSET_UTF_8 : Charset.forName(cs);
@ -680,7 +680,10 @@ public class SolrRequestParsers
        if (ServletFileUpload.isMultipartContent(req)) {
          return multipart.parseParamsAndFillStreams(req, streams);
        }
-        return raw.parseParamsAndFillStreams(req, streams);
+        if (req.getContentType() != null) {
+          return raw.parseParamsAndFillStreams(req, streams);
+        }
+        throw new SolrException(ErrorCode.UNSUPPORTED_MEDIA_TYPE, "Must specify a Content-Type header with POST requests");
      }
      throw new SolrException(ErrorCode.BAD_REQUEST, "Unsupported method: " + method + " for request " + req);
    }
--- a/solr/core/src/test/org/apache/solr/request/TestRemoteStreaming.java
+++ b/solr/core/src/test/org/apache/solr/request/TestRemoteStreaming.java
@ -27,6 +27,7 @@ import org.apache.solr.client.solrj.request.QueryRequest;
 import org.apache.solr.client.solrj.response.QueryResponse;
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrInputDocument;
+import org.apache.solr.common.SolrException.ErrorCode;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
@ -103,14 +104,18 @@ public class TestRemoteStreaming extends SolrJettyTestBase {
    return null;
  }

-  /** Do a select query with the stream.url. Solr should NOT access that URL, and so the data should be there. */
+  /** Do a select query with the stream.url. Solr should fail */
  @Test
  public void testNoUrlAccess() throws Exception {
    SolrQuery query = new SolrQuery();
    query.setQuery( "*:*" );//for anything
    query.add("stream.url",makeDeleteAllUrl());
-    getSolrServer().query(query);
-    assertTrue(searchFindsIt());//still there
+    try {
+      getSolrServer().query(query);
+      fail();
+    } catch (SolrException se) {
+      assertSame(ErrorCode.BAD_REQUEST, ErrorCode.getErrorCode(se.code()));
+    }
  }

  /** SOLR-3161
--- a/solr/core/src/test/org/apache/solr/servlet/SolrRequestParserTest.java
+++ b/solr/core/src/test/org/apache/solr/servlet/SolrRequestParserTest.java
@ -379,4 +379,21 @@ public class SolrRequestParserTest extends SolrTestCaseJ4 {
    assertEquals("10.0.0.1", ((HttpServletRequest)solrReq.getContext().get("httpRequest")).getHeaders("X-Forwarded-For").nextElement());
    
  }
+
+  public void testPostMissingContentType() throws Exception {
+    HttpServletRequest request = createMock(HttpServletRequest.class);
+    expect(request.getMethod()).andReturn("POST").anyTimes();
+    expect(request.getContentType()).andReturn(null).anyTimes();
+    expect(request.getQueryString()).andReturn(null).anyTimes();
+    replay(request);
+
+    SolrRequestParsers parsers = new SolrRequestParsers(h.getCore().getSolrConfig());
+    try {
+      parsers.parse(h.getCore(), "/select", request);
+      fail("should throw SolrException");
+    } catch (SolrException e) {
+      assertTrue(e.getMessage().startsWith("Must specify a Content-Type header with POST requests"));
+      assertEquals(415, e.code());
+    }
+  }
 }
--- a/solr/solrj/src/java/org/apache/solr/common/SolrException.java
+++ b/solr/solrj/src/java/org/apache/solr/common/SolrException.java
@ -42,6 +42,7 @@ public class SolrException extends RuntimeException {
    FORBIDDEN( 403 ),
    NOT_FOUND( 404 ),
    CONFLICT( 409 ),
+    UNSUPPORTED_MEDIA_TYPE( 415 ),
    SERVER_ERROR( 500 ),
    SERVICE_UNAVAILABLE( 503 ),
    UNKNOWN(0);