This is an automated email from the ASF dual-hosted git repository.
cshannon pushed a commit to branch activemq-5.19.x
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/activemq-5.19.x by this push:
new a65f8860da Queue browse improvements in webconsole (#1938) (#1943)
a65f8860da is described below
commit a65f8860dafb50c848127fa95ed00cbd27952f87
Author: Christopher L. Shannon <[email protected]>
AuthorDate: Fri Apr 17 10:02:55 2026 -0400
Queue browse improvements in webconsole (#1938) (#1943)
This change makes sure we always use the correct content type for the
output based on the configured view and also escape xml content when
displaying.
(cherry picked from commit a240dba6088b971dcbad079c4b2272da8baf56c8)
---
activemq-web/pom.xml | 7 +++
.../org/apache/activemq/web/util/ViewUtils.java | 66 ++++++++++++++++++++++
.../activemq/web/view/RssMessageRenderer.java | 10 +---
.../activemq/web/view/SimpleMessageRenderer.java | 22 ++++----
.../apache/activemq/web/util/ViewUtilsTest.java | 39 +++++++++++++
activemq-web/src/test/resources/activemq.xml | 37 ++++++++++++
pom.xml | 7 +++
7 files changed, 169 insertions(+), 19 deletions(-)
diff --git a/activemq-web/pom.xml b/activemq-web/pom.xml
index 7ea514fced..c90c50e735 100644
--- a/activemq-web/pom.xml
+++ b/activemq-web/pom.xml
@@ -91,6 +91,13 @@
<artifactId>websocket-server</artifactId>
</dependency>
+ <!-- Just used for testing -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <scope>test</scope>
+ </dependency>
+
<!-- Rome RSS Reader -->
<dependency>
<groupId>com.rometools</groupId>
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
b/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
new file mode 100644
index 0000000000..c091809ca1
--- /dev/null
+++ b/activemq-web/src/main/java/org/apache/activemq/web/util/ViewUtils.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web.util;
+
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+public class ViewUtils {
+
+ public static final String AMP = "&";
+ public static final String QUOTE = "\"";
+ public static final String LT = "<";
+ public static final String GT = ">";
+ public static final String APOS = "'";
+
+ public static final String XML_ESCAPED_AMP = "&";
+ public static final String XML_ESCAPED_QUOTE = """;
+ public static final String XML_ESCAPED_LT = "<";
+ public static final String XML_ESCAPED_GT = ">";
+ public static final String XML_ESCAPED_APOS = "'";
+
+ public static final Map<String, String> XML_ESCAPE_MAPPINGS;
+
+ static {
+ // order matters for processing so use a linked map
+ Map<String,String> mappings = new LinkedHashMap<>();
+ mappings.put(AMP, XML_ESCAPED_AMP);
+ mappings.put(LT, XML_ESCAPED_LT);
+ mappings.put(GT, XML_ESCAPED_GT);
+ mappings.put(QUOTE, XML_ESCAPED_QUOTE);
+ mappings.put(APOS, XML_ESCAPED_APOS);
+
+ XML_ESCAPE_MAPPINGS = Collections.unmodifiableMap(mappings);
+ }
+
+
+ public static String escapeXml(String input) {
+ if (input == null) {
+ return null;
+ }
+
+ String escaped = input;
+ for (Entry<String, String> entry : XML_ESCAPE_MAPPINGS.entrySet()) {
+ escaped = escaped.replace(entry.getKey(), entry.getValue());
+ }
+
+ return escaped;
+ }
+
+}
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
b/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
index 21b7a2e9f9..b1afb2a8c4 100644
---
a/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
+++
b/activemq-web/src/main/java/org/apache/activemq/web/view/RssMessageRenderer.java
@@ -49,7 +49,7 @@ public class RssMessageRenderer extends SimpleMessageRenderer
{
private String feedType = "rss_2.0";
private SyndFeed feed;
private String description = "This feed is auto-generated by Apache
ActiveMQ";
- private String entryContentType = "text/plain";
+ private static final String ENTRY_CONTENT_TYPE = "text/plain";
public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException {
SyndFeed feed = getFeed(browser, request);
@@ -79,11 +79,7 @@ public class RssMessageRenderer extends
SimpleMessageRenderer {
}
public String getEntryContentType() {
- return entryContentType;
- }
-
- public void setEntryContentType(String entryContentType) {
- this.entryContentType = entryContentType;
+ return ENTRY_CONTENT_TYPE;
}
// Implementation methods
@@ -122,7 +118,7 @@ public class RssMessageRenderer extends
SimpleMessageRenderer {
protected SyndContent createEntryContent(QueueBrowser browser, Message
message, HttpServletRequest request) throws JMSException {
SyndContent description = new SyndContentImpl();
- description.setType(entryContentType);
+ description.setType(getEntryContentType());
if (message instanceof TextMessage) {
String text = ((TextMessage)message).getText();
diff --git
a/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
b/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
index 35983aedc4..ad1d45c152 100644
---
a/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
+++
b/activemq-web/src/main/java/org/apache/activemq/web/view/SimpleMessageRenderer.java
@@ -26,6 +26,7 @@ import javax.jms.QueueBrowser;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.activemq.web.util.ViewUtils;
/**
* A simple rendering of the contents of a queue appear as a list of message
@@ -35,11 +36,12 @@ import javax.servlet.http.HttpServletResponse;
*/
public class SimpleMessageRenderer implements MessageRenderer {
- private String contentType = "text/xml";
+ protected static final String DEFAULT_CONTENT_TYPE = "text/xml";
+
private int maxMessages;
public void renderMessages(HttpServletRequest request, HttpServletResponse
response, QueueBrowser browser) throws IOException, JMSException,
ServletException {
- // lets use XML by default
+ // XML is used by default unless a child class overrides this method
response.setContentType(getContentType());
PrintWriter writer = response.getWriter();
printHeader(writer, browser, request);
@@ -53,10 +55,10 @@ public class SimpleMessageRenderer implements
MessageRenderer {
printFooter(writer, browser, request);
}
- public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException, ServletException {
+ public void renderMessage(PrintWriter writer, HttpServletRequest request,
HttpServletResponse response, QueueBrowser browser, Message message) throws
JMSException {
// lets just write the message IDs for now
writer.print("<message id='");
- writer.print(message.getJMSMessageID());
+ writer.print(ViewUtils.escapeXml(message.getJMSMessageID()));
writer.println("'/>");
}
@@ -71,25 +73,21 @@ public class SimpleMessageRenderer implements
MessageRenderer {
}
public String getContentType() {
- return contentType;
- }
-
- public void setContentType(String contentType) {
- this.contentType = contentType;
+ return DEFAULT_CONTENT_TYPE;
}
// Implementation methods
//
-------------------------------------------------------------------------
- protected void printHeader(PrintWriter writer, QueueBrowser browser,
HttpServletRequest request) throws IOException, JMSException, ServletException {
+ protected void printHeader(PrintWriter writer, QueueBrowser browser,
HttpServletRequest request) throws IOException, JMSException {
writer.println("");
writer.print("<messages queue='");
- writer.print(browser.getQueue());
+ writer.print(ViewUtils.escapeXml(String.valueOf(browser.getQueue())));
writer.print("'");
String selector = browser.getMessageSelector();
if (selector != null) {
writer.print(" selector='");
- writer.print(selector);
+ writer.print(ViewUtils.escapeXml(selector));
writer.print("'");
}
writer.println(">");
diff --git
a/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
b/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
new file mode 100644
index 0000000000..668edb2fce
--- /dev/null
+++ b/activemq-web/src/test/java/org/apache/activemq/web/util/ViewUtilsTest.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web.util;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import org.apache.commons.text.StringEscapeUtils;
+import org.junit.Test;
+
+public class ViewUtilsTest {
+
+ @Test
+ public void testXmlEscape() throws IOException {
+ final String original =
Files.readString(Path.of("src/test/resources/activemq.xml"));
+ final String escaped = ViewUtils.escapeXml(original);
+
+ // Verify that our escape method matches StringEscapeUtils
+ assertEquals(StringEscapeUtils.escapeXml11(original),
ViewUtils.escapeXml(original));
+ // Verify if we unescape we get back the original
+ assertEquals(original, StringEscapeUtils.unescapeXml(escaped));
+ }
+}
diff --git a/activemq-web/src/test/resources/activemq.xml
b/activemq-web/src/test/resources/activemq.xml
new file mode 100644
index 0000000000..9affdddf3e
--- /dev/null
+++ b/activemq-web/src/test/resources/activemq.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<!-- START SNIPPET: xbean -->
+<beans
+ xmlns="http://www.springframework.org/schema/beans";
+ xmlns:amq="http://activemq.apache.org/schema/core";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+ http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd";>
+
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <broker useJmx="false" xmlns="http://activemq.apache.org/schema/core";
persistent="false">
+
+ <transportConnectors>
+ <transportConnector
uri="nio://localhost:61616?wireFormat.maxFrameSize=1048576" />
+ </transportConnectors>
+
+ </broker>
+
+</beans>
+ <!-- END SNIPPET: xbean -->
diff --git a/pom.xml b/pom.xml
index 8dca9ad2f5..d43fe9cda6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -53,6 +53,7 @@
<commons-collections-version>3.2.2</commons-collections-version>
<commons-daemon-version>1.4.1</commons-daemon-version>
<commons-dbcp2-version>2.13.0</commons-dbcp2-version>
+ <commons-text-version>1.15.0</commons-text-version>
<commons-io-version>2.20.0</commons-io-version>
<commons-lang-version>3.18.0</commons-lang-version>
<commons-logging-version>1.3.5</commons-logging-version>
@@ -1064,6 +1065,12 @@
<version>${commons-io-version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-text</artifactId>
+ <version>${commons-text-version}</version>
+ </dependency>
+
<!-- ACTIVEMQ-WEB Specific Dependencies -->
<dependency>
<groupId>com.rometools</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
