This is an automated email from the ASF dual-hosted git repository.
cshannon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push:
new a240dba608 Queue browse improvements in webconsole (#1938)
a240dba608 is described below
commit a240dba6088b971dcbad079c4b2272da8baf56c8
Author: Christopher L. Shannon <[email protected]>
AuthorDate: Fri Apr 17 07:48:11 2026 -0400
Queue browse improvements in webconsole (#1938)
This change makes sure we always use the correct content type for the
output based on the configured view and also escape xml content when
displaying.
---
activemq-web/pom.xml | 7 +++
.../org/apache/activemq/web/util/ViewUtils.java | 66 ++++++++++++++++++++++
.../activemq/web/view/RssMessageRenderer.java | 10 +---
.../activemq/web/view/SimpleMessageRenderer.java | 22 ++++----
.../apache/activemq/web/util/ViewUtilsTest.java | 39 +++++++++++++
activemq-web/src/test/resources/activemq.xml | 37 ++++++++++++
pom.xml | 7 +++
7 files changed, 169 insertions(+), 19 deletions(-)
diff --git a/activemq-web/pom.xml b/activemq-web/pom.xml
index 6c1f85d28a..11f556b220 100644
--- a/activemq-web/pom.xml
+++ b/activemq-web/pom.xml
@@ -87,6 +87,13 @@
<artifactId>websocket-jetty-server</artifactId>
</dependency>
+ <!-- Just used for testing -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <scope>test</scope>
+ </dependency>
+
<!-- Rome RSS Reader -->
<dependency>
<groupId>com.rometools</groupId>
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
b/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
new file mode 100644
index 0000000000..378461f74d
--- /dev/null
+++ b/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web.util;
+
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+public class ViewUtils {
+
+ public static final String AMP = "&";
+ public static final String QUOTE = "\"";
+ public static final String LT = "<";
+ public static final String GT = ">";
+ public static final String APOS = "'";
+
+ public static final String XML_ESCAPED_AMP = "&";
+ public static final String XML_ESCAPED_QUOTE = """;
+ public static final String XML_ESCAPED_LT = "<";
+ public static final String XML_ESCAPED_GT = ">";
+ public static final String XML_ESCAPED_APOS = "'";
+
+ public static final Map<String, String> XML_ESCAPE_MAPPINGS;
+
+ static {
+ // order matters for processing so use a linked map
+ Map<String,String> mappings = new LinkedHashMap<>();
+ mappings.put(AMP, XML_ESCAPED_AMP);
+ mappings.put(LT, XML_ESCAPED_LT);
+ mappings.put(GT, XMl_ESCAPED_GT);
+ mappings.put(QUOTE, XML_ESCAPED_QUOTE);
+ mappings.put(APOS, XML_ESCAPED_APOS);
+
+ XML_ESCAPE_MAPPINGS = Collections.unmodifiableMap(mappings);
+ }
+
+
+ public static String escapeXml(String input) {
+ if (input == null) {
+ return null;
+ }
+
+ String escaped = input;
+ for (Entry<String, String> entry : XML_ESCAPE_MAPPINGS.entrySet()) {
+ escaped = escaped.replace(entry.getKey(), entry.getValue());
+ }
+
+ return escaped;
+ }
+
+}
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
b/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
index 088a4c1926..f05d046783 100644
---
a/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
+++
b/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
@@ -49,7 +49,7 @@ public class RssMessageRenderer extends SimpleMessageRenderer
{
private String feedType = "rss_2.0";
private SyndFeed feed;
private String description = "This feed is auto-generated by Apache
ActiveMQ";
- private String entryContentType = "text/plain";
+ private static final String ENTRY_CONTENT_TYPE = "text/plain";
public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException {
SyndFeed feed = getFeed(browser, request);
@@ -79,11 +79,7 @@ public class RssMessageRenderer extends
SimpleMessageRenderer {
}
public String getEntryContentType() {
- return entryContentType;
- }
-
- public void setEntryContentType(String entryContentType) {
- this.entryContentType = entryContentType;
+ return ENTRY_CONTENT_TYPE;
}
// Implementation methods
@@ -122,7 +118,7 @@ public class RssMessageRenderer extends
SimpleMessageRenderer {
protected SyndContent createEntryContent(QueueBrowser browser, Message
message, HttpServletRequest request) throws JMSException {
SyndContent description = new SyndContentImpl();
- description.setType(entryContentType);
+ description.setType(getEntryContentType());
if (message instanceof TextMessage) {
String text = ((TextMessage)message).getText();
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
b/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
index f8165d8849..7c14248743 100644
---
a/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
+++
b/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
@@ -26,6 +26,7 @@ import jakarta.jms.QueueBrowser;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
+import org.apache.activemq.web.util.ViewUtils;
/**
* A simple rendering of the contents of a queue appear as a list of message
@@ -35,11 +36,12 @@ import jakarta.servlet.http.HttpServletResponse;
*/
public class SimpleMessageRenderer implements MessageRenderer {
- private String contentType = "text/xml";
+ protected static final String DEFAULT_CONTENT_TYPE = "text/xml";
+
private int maxMessages;
public void renderMessages(HttpServletRequest request, HttpServletResponse
response, QueueBrowser browser) throws IOException, JMSException,
ServletException {
- // lets use XML by default
+ // XML is used by default unless a child class overrides this method
response.setContentType(getContentType());
PrintWriter writer = response.getWriter();
printHeader(writer, browser, request);
@@ -53,10 +55,10 @@ public class SimpleMessageRenderer implements
MessageRenderer {
printFooter(writer, browser, request);
}
- public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException, ServletException {
+ public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException {
// lets just write the message IDs for now
writer.print("<message id='");
- writer.print(message.getJMSMessageID());
+ writer.print(ViewUtils.escapeXml(message.getJMSMessageID()));
writer.println("'/>");
}
@@ -71,25 +73,21 @@ public class SimpleMessageRenderer implements
MessageRenderer {
}
public String getContentType() {
- return contentType;
- }
-
- public void setContentType(String contentType) {
- this.contentType = contentType;
+ return DEFAULT_CONTENT_TYPE;
}
// Implementation methods
//
-------------------------------------------------------------------------
- protected void printHeader(PrintWriter writer, QueueBrowser browser,
HttpServletRequest request) throws IOException, JMSException, ServletException {
+ protected void printHeader(PrintWriter writer, QueueBrowser browser,
HttpServletRequest request) throws IOException, JMSException {
writer.println("");
writer.print("<messages queue='");
- writer.print(browser.getQueue());
+ writer.print(ViewUtils.escapeXml(String.valueOf(browser.getQueue())));
writer.print("'");
String selector = browser.getMessageSelector();
if (selector != null) {
writer.print(" selector='");
- writer.print(selector);
+ writer.print(ViewUtils.escapeXml(selector));
writer.print("'");
}
writer.println(">");
diff --git
a/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
b/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
new file mode 100644
index 0000000000..668edb2fce
--- /dev/null
+++ b/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web.util;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import org.apache.commons.text.StringEscapeUtils;
+import org.junit.Test;
+
+public class ViewUtilsTest {
+
+ @Test
+ public void testXmlEscape() throws IOException {
+ final String original =
Files.readString(Path.of("src/test/resources/activemq.xml"));
+ final String escaped = ViewUtils.escapeXml(original);
+
+ // Verify that our escape method matches StringEscapeUtils
+ assertEquals(StringEscapeUtils.escapeXml11(original),
ViewUtils.escapeXml(original));
+ // Verify if we unescape we get back the original
+ assertEquals(original, StringEscapeUtils.unescapeXml(escaped));
+ }
+}
diff --git a/activemq-web/src/test/resources/activemq.xml
b/activemq-web/src/test/resources/activemq.xml
new file mode 100644
index 0000000000..9affdddf3e
--- /dev/null
+++ b/activemq-web/src/test/resources/activemq.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<!-- START SNIPPET: xbean -->
+<beans
+ xmlns="http://www.springframework.org/schema/beans";
+ xmlns:amq="http://activemq.apache.org/schema/core";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd";>
+
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <broker useJmx="false" xmlns="http://activemq.apache.org/schema/core";
persistent="false">
+
+ <transportConnectors>
+ <transportConnector
uri="nio://localhost:61616?wireFormat.maxFrameSize=1048576" />
+ </transportConnectors>
+
+ </broker>
+
+</beans>
+ <!-- END SNIPPET: xbean -->
diff --git a/pom.xml b/pom.xml
index 260f4342fa..4e3943b0ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,7 @@
<commons-io-version>2.21.0</commons-io-version>
<commons-logging-version>1.3.6</commons-logging-version>
<commons-pool2-version>2.13.1</commons-pool2-version>
+ <commons-text-version>1.15.0</commons-text-version>
<directory-version>2.0.0.AM25</directory-version>
<ecj.version>3.45.0</ecj.version>
<hawtbuf-version>1.11</hawtbuf-version>
@@ -901,6 +902,12 @@
<version>${commons-io-version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <version>${commons-text-version}</version>
+ </dependency>
+
<!-- ACTIVEMQ-WEB Specific Dependencies -->
<dependency>
<groupId>com.rometools</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
