svn commit: r758104 - in /incubator/shindig/trunk/java: common/conf/ common/src/main/java/org/apache/shindig/protocol/ common/src/main/java/org/apache/shindig/protocol/conversion/ common/src/test/java/org/apache/shindig/protocol/ gadgets/src/main/java/...

Tue, 24 Mar 2009 17:36:50 -0700 

Author: lryan
Date: Wed Mar 25 00:36:11 2009
New Revision: 758104

URL: http://svn.apache.org/viewvc?rev=758104&view=rev
Log:
Enable strict content type checks for REST/RPC API calls.

Added:
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ContentTypes.java
    
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/ContentTypesTest.java
Modified:
    incubator/shindig/trunk/java/common/conf/shindig.properties
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanAtomConverter.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonConverter.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonLibConverter.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXStreamConverter.java
    
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXmlConverter.java
    
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
    
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
    
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/HtmlRenderer.java
    
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/HtmlRendererTest.java
    
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/util/BeanXStreamAtomConverter.java
    
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
    
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonActivityTest.java
    
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonDataTest.java
    
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonPeopleTest.java

Modified: incubator/shindig/trunk/java/common/conf/shindig.properties
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/conf/shindig.properties?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- incubator/shindig/trunk/java/common/conf/shindig.properties (original)
+++ incubator/shindig/trunk/java/common/conf/shindig.properties Wed Mar 25 
00:36:11 2009
@@ -62,3 +62,7 @@
 # true to skip expensive encoding detection.
 # if true, will only attempt to validate utf-8. Assumes all other encodings 
are ISO-8859-1.
 shindig.http.fast-encoding-detection=true
+
+# true to force strict content type checking for requests made to API 
endpoints.
+# E.g. require application/json for JSON-RPC
+shindig.api.disallow-unknown-content-types=true

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ApiServlet.java
 Wed Mar 25 00:36:11 2009
@@ -46,14 +46,19 @@
  * Common base class for API servlets.
  */
 public abstract class ApiServlet extends InjectedServlet {
-  
+
   private static final Logger logger = 
Logger.getLogger(ApiServlet.class.getName());
-  
+
+  protected static final String FORMAT_PARAM = "format";
+  protected static final String JSON_FORMAT = "json";
+  protected static final String ATOM_FORMAT = "atom";
+  protected static final String XML_FORMAT = "xml";
+
   protected static final String DEFAULT_ENCODING = "UTF-8";
 
   /** ServletConfig parameter set to provide an explicit named binding for 
handlers */
   public static final String HANDLERS_PARAM = "handlers";
-  
+
   /** The default key used to look up handlers if the servlet config parameter 
is not available */
   public static final Key<Set<Object>> DEFAULT_HANDLER_KEY =
        Key.get(new TypeLiteral<Set<Object>>(){}, 
Names.named("org.apache.shindig.protocol.handlers"));
@@ -63,6 +68,9 @@
   protected BeanConverter xmlConverter;
   protected BeanConverter atomConverter;
 
+  @Deprecated
+  protected boolean disallowUnknownContentTypes = true;
+
   @Override
   public void init(ServletConfig config) throws ServletException {
     super.init(config);
@@ -76,7 +84,6 @@
     } else {
       handlerKey = Key.get(new TypeLiteral<Set<Object>>(){}, 
Names.named(handlers));
     }
-    
     this.dispatcher.addHandlers(injector.getInstance(handlerKey));
     this.dispatcher.addHandlers(Collections.<Object>singleton(new 
SystemHandler(dispatcher)));
   }
@@ -87,6 +94,12 @@
   }
 
   @Inject
+  public void setDisallowUnknownContentTypes(
+      @Named("shindig.api.disallow-unknown-content-types") boolean 
disallowUnknownContentTypes) {
+    this.disallowUnknownContentTypes = disallowUnknownContentTypes;
+  }
+
+  @Inject
   public void setBeanConverters(
       @Named("shindig.bean.converter.json") BeanConverter jsonConverter,
       @Named("shindig.bean.converter.xml") BeanConverter xmlConverter,
@@ -133,7 +146,6 @@
       logger.log(Level.INFO, "Returning a response error as result of a 
protocol exception", spe);
       return new ResponseItem(spe.getError(), spe.getMessage());
     }
-    
     logger.log(Level.WARNING, "Returning a response error as result of an 
exception", t);
     return new ResponseItem(ResponseError.INTERNAL_ERROR, t.getMessage());
   }
@@ -145,4 +157,9 @@
     }
     servletResponse.setCharacterEncoding(DEFAULT_ENCODING);
   }
+
+  public void checkContentTypes(Set<String> allowedContentTypes,
+      String contentType) throws ContentTypes.InvalidContentTypeException {
+    ContentTypes.checkContentTypes(allowedContentTypes, contentType, 
disallowUnknownContentTypes);
+  }
 }

Added: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ContentTypes.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ContentTypes.java?rev=758104&view=auto
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ContentTypes.java
 (added)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/ContentTypes.java
 Wed Mar 25 00:36:11 2009
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.protocol;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.google.common.collect.ImmutableSet;
+
+import java.util.Set;
+import java.util.logging.Logger;
+
+/**
+ * Common mime content types and utilities
+ */
+public class ContentTypes {
+
+  private static final Logger logger = 
Logger.getLogger(ContentTypes.class.getName());
+
+  /**
+   * Allowed alternatives to application/json
+   */
+  public static final Set<String> ALLOWED_JSON_CONTENT_TYPES =
+      ImmutableSet.of("application/json", "text/x-json", 
"application/javascript",
+          "application/x-javascript", "text/javascript", "text/ecmascript");
+
+  /**
+   * Allowed alternatives to application/xml
+   */
+  public static final Set<String> ALLOWED_XML_CONTENT_TYPES =
+      ImmutableSet.of("text/xml", "application/xml");
+
+  /**
+   * Allowed alternatives to application/atom+xml
+   */
+  public static final Set<String> ALLOWED_ATOM_CONTENT_TYPES =
+      ImmutableSet.of("application/atom+xml");
+
+  /**
+   * Content types that are forbidden for REST & RPC calls
+   */
+  public static final Set<String> FORBIDDEN_CONTENT_TYPES =
+      ImmutableSet.of(
+          "application/x-www-form-urlencoded" // Not allowed because of OAuth 
body signing issues
+      );
+
+  public static final String MULTIPART_FORM_CONTENT_TYPE = 
"multipart/form-data";
+
+  public static final Set<String> ALLOWED_MULTIPART_CONTENT_TYPES =
+      ImmutableSet.of(MULTIPART_FORM_CONTENT_TYPE);
+
+  public static final String OUTPUT_JSON_CONTENT_TYPE = "application/json";
+  public static final String OUTPUT_XML_CONTENT_TYPE = "application/xml";
+  public static final String OUTPUT_ATOM_CONTENT_TYPE = "application/atom+xml";
+
+  /**
+   * Extract the mime part from an Http Content-Type header
+   */
+  public static String extractMimePart(String contentType) {
+    contentType = contentType.trim();
+    int separator = contentType.indexOf(';');
+    if (separator != -1) {
+      contentType = contentType.substring(0, separator);
+    }
+    return contentType.trim().toLowerCase();
+  }
+
+  public static void checkContentTypes(Set<String> allowedContentTypes,
+      String contentType, boolean disallowUnknownContentTypes) throws 
InvalidContentTypeException {
+
+    if (StringUtils.isEmpty(contentType)) {
+       if (disallowUnknownContentTypes) {
+        throw new InvalidContentTypeException(
+            "No Content-Type specified. One of "
+                + StringUtils.join(allowedContentTypes, ", ") + " is 
required");
+       } else {
+         // No content type specified, we can fail in other ways later.
+         return;
+       }
+    }
+
+    contentType = ContentTypes.extractMimePart(contentType);
+
+    if (ContentTypes.FORBIDDEN_CONTENT_TYPES.contains(contentType)) {
+      throw new InvalidContentTypeException(
+          "Cannot use disallowed Content-Type " + contentType);
+    }
+    if (allowedContentTypes.contains(contentType)) {
+      return;
+    }
+    if (disallowUnknownContentTypes) {
+      throw new InvalidContentTypeException(
+          "Unsupported Content-Type "
+              + contentType
+              + ". One of "
+              + StringUtils.join(allowedContentTypes, ", ")
+              + " is required");
+    } else {
+      logger.warning("Unsupported Content-Type "
+          + contentType
+          + ". One of "
+          + StringUtils.join(allowedContentTypes, ", ")
+          + " is expected");
+    }
+  }
+
+  public static class InvalidContentTypeException extends Exception {
+    public InvalidContentTypeException(String message) {
+      super(message);
+    }
+  }
+}

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/DataServiceServlet.java
 Wed Mar 25 00:36:11 2009
@@ -21,28 +21,28 @@
 import org.apache.shindig.protocol.conversion.BeanConverter;
 
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.io.Reader;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.Future;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 public class DataServiceServlet extends ApiServlet {
 
-  protected static final String FORMAT_PARAM = "format";
-  protected static final String ATOM_FORMAT = "atom";
-  protected static final String XML_FORMAT = "xml";
-
-  public static final String CONTENT_TYPE = "CONTENT_TYPE";
+  private static final Logger logger = 
Logger.getLogger(DataServiceServlet.class.getName());
 
-  private static final Logger logger = 
Logger.getLogger("org.apache.shindig.social.opensocial.spi");
+  public static final Set<String> ALLOWED_CONTENT_TYPES =
+      new 
ImmutableSet.Builder<String>().addAll(ContentTypes.ALLOWED_JSON_CONTENT_TYPES)
+          .addAll(ContentTypes.ALLOWED_XML_CONTENT_TYPES)
+          .addAll(ContentTypes.ALLOWED_ATOM_CONTENT_TYPES).build();
 
   protected static final String X_HTTP_METHOD_OVERRIDE = 
"X-HTTP-Method-Override";
 
@@ -50,28 +50,48 @@
   protected void doGet(HttpServletRequest servletRequest,
       HttpServletResponse servletResponse)
       throws ServletException, IOException {
-    doPost(servletRequest, servletResponse);
+    executeRequest(servletRequest, servletResponse);
   }
 
   @Override
   protected void doPut(HttpServletRequest servletRequest,
       HttpServletResponse servletResponse)
       throws ServletException, IOException {
-    doPost(servletRequest, servletResponse);
+    try {
+      checkContentTypes(ALLOWED_CONTENT_TYPES, 
servletRequest.getContentType());
+      executeRequest(servletRequest, servletResponse);
+    } catch (ContentTypes.InvalidContentTypeException icte) {
+      sendError(servletResponse, new ResponseItem(ResponseError.BAD_REQUEST, 
icte.getMessage()));
+    }
   }
 
   @Override
   protected void doDelete(HttpServletRequest servletRequest,
       HttpServletResponse servletResponse)
       throws ServletException, IOException {
-    doPost(servletRequest, servletResponse);
+    executeRequest(servletRequest, servletResponse);
   }
 
   @Override
   protected void doPost(HttpServletRequest servletRequest,
       HttpServletResponse servletResponse)
       throws ServletException, IOException {
-    if (logger.isLoggable(Level.FINEST)) logger.finest("Handling restful 
request for " + servletRequest.getPathInfo());
+    try {
+      checkContentTypes(ALLOWED_CONTENT_TYPES, 
servletRequest.getContentType());
+      executeRequest(servletRequest, servletResponse);
+    } catch (ContentTypes.InvalidContentTypeException icte) {
+      sendError(servletResponse, new ResponseItem(ResponseError.BAD_REQUEST, 
icte.getMessage()));
+    }
+  }
+
+  /**
+   * Actual dispatch handling for servlet requests
+   */
+  void executeRequest(HttpServletRequest servletRequest, HttpServletResponse 
servletResponse)
+      throws IOException {
+    if (logger.isLoggable(Level.FINEST)) {
+      logger.finest("Handling restful request for " + 
servletRequest.getPathInfo());
+    }
 
     setCharacterEncodings(servletRequest, servletResponse);
 
@@ -105,10 +125,7 @@
 
     Reader bodyReader = null;
     if (!servletRequest.getMethod().equals("GET") && 
!servletRequest.getMethod().equals("HEAD")) {
-      String contentType = servletRequest.getContentType();
-      if (contentType == null || 
!contentType.startsWith("application/x-www-form-urlencoded")) {
-        bodyReader = servletRequest.getReader();
-      }
+      bodyReader = servletRequest.getReader();
     }
 
     // Execute the request
@@ -156,21 +173,26 @@
       formatString = servletRequest.getParameter(FORMAT_PARAM);
     } catch (Throwable t) {
       // this happens while testing
-      if (logger.isLoggable(Level.FINE)) logger.fine("Unexpected error : 
format param is null " + t.toString());
+      if (logger.isLoggable(Level.FINE)) {
+        logger.fine("Unexpected error : format param is null " + t.toString());
+      }
     }
     try {
-      contentType = servletRequest.getHeader(CONTENT_TYPE);
+      contentType = servletRequest.getContentType();
     } catch (Throwable t) {
       //this happens while testing
-      if (logger.isLoggable(Level.FINE)) logger.fine("Unexpected error : 
content type is null " + t.toString());
+      if (logger.isLoggable(Level.FINE)) {
+        logger.fine("Unexpected error : content type is null " + t.toString());
+      }
     }
 
+
     if (contentType != null) {
-      if (contentType.equals("application/json")) {
+      if (ContentTypes.ALLOWED_JSON_CONTENT_TYPES.contains(contentType)) {
         converter = jsonConverter;
-      } else if (contentType.equals("application/atom+xml")) {
+      } else if 
(ContentTypes.ALLOWED_ATOM_CONTENT_TYPES.contains(contentType)) {
         converter = atomConverter;
-      } else if (contentType.equals("application/xml")) {
+      } else if (ContentTypes.ALLOWED_XML_CONTENT_TYPES.contains(contentType)) 
{
         converter = xmlConverter;
       } else if (formatString == null) {
         // takes care of cases where content!= null but is ""

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
 Wed Mar 25 00:36:11 2009
@@ -17,42 +17,45 @@
  */
 package org.apache.shindig.protocol;
 
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.shindig.auth.SecurityToken;
 import org.apache.shindig.common.util.JsonConversionUtil;
 import org.apache.shindig.protocol.multipart.FormDataItem;
 import org.apache.shindig.protocol.multipart.MultipartFormParser;
 
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import com.google.inject.Inject;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.Future;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 /**
  * JSON-RPC handler servlet.
  */
 public class JsonRpcServlet extends ApiServlet {
 
+  public static final Set<String> ALLOWED_CONTENT_TYPES =
+      new 
ImmutableSet.Builder<String>().addAll(ContentTypes.ALLOWED_JSON_CONTENT_TYPES)
+          .addAll(ContentTypes.ALLOWED_MULTIPART_CONTENT_TYPES).build();
+
   /**
    * In a multipart request, the form item with field name "request" will 
contain the
    * actual request, per the proposed Opensocial 0.9 specification.
    */
   public static final String REQUEST_PARAM = "request";
-  private static final String CONTENT_TYPE_JSON = "application/json";
   
   private MultipartFormParser formParser;
 
@@ -82,19 +85,20 @@
   @Override
   protected void doPost(HttpServletRequest servletRequest, HttpServletResponse 
servletResponse)
       throws IOException {
-    SecurityToken token = getSecurityToken(servletRequest);
-    if (token == null) {
-      sendSecurityError(servletResponse);
-      return;
-    }
+    try {
+      checkContentTypes(ALLOWED_CONTENT_TYPES, 
servletRequest.getContentType());
+      SecurityToken token = getSecurityToken(servletRequest);
+      if (token == null) {
+        sendSecurityError(servletResponse);
+        return;
+      }
 
-    setCharacterEncodings(servletRequest, servletResponse);
-    servletResponse.setContentType(CONTENT_TYPE_JSON);
+      setCharacterEncodings(servletRequest, servletResponse);
+      servletResponse.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
-    try {
       String content = null;
       Map<String, FormDataItem> formItems = new HashMap<String, 
FormDataItem>();
-      
+
       if (formParser.isMultipartContent(servletRequest)) {
         for (FormDataItem item : formParser.parse(servletRequest)) {
           if (item.isFormField() && content == null) {
@@ -103,15 +107,15 @@
             // field or file item will not be parsed out, but will be exposed 
via getFormItem
             // method of RequestItem. Here we are lenient where a mime part 
which has content type
             // application/json will be considered as request.
-            if (REQUEST_PARAM.equals(item.getFieldName()) ||
-                CONTENT_TYPE_JSON.equals(item.getContentType())) {
-              content = IOUtils.toString(item.getInputStream());
+            if (!REQUEST_PARAM.equals(item.getFieldName())) {
+              checkContentTypes(ContentTypes.ALLOWED_JSON_CONTENT_TYPES, 
item.getContentType());
             }
+            content = IOUtils.toString(item.getInputStream());
           } else {
             formItems.put(item.getFieldName(), item);
           }
         }
-        
+
         if (content == null) {
           content = "";
         }
@@ -130,6 +134,8 @@
       }
     } catch (JSONException je) {
       sendBadRequest(je, servletResponse);
+    } catch (ContentTypes.InvalidContentTypeException icte) {
+      sendBadRequest(icte, servletResponse);
     }
   }
 

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanAtomConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanAtomConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanAtomConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanAtomConverter.java
 Wed Mar 25 00:36:11 2009
@@ -20,6 +20,7 @@
 import org.apache.commons.betwixt.IntrospectionConfiguration;
 import org.apache.commons.betwixt.io.BeanReader;
 import org.apache.commons.betwixt.io.BeanWriter;
+import org.apache.shindig.protocol.ContentTypes;
 
 import org.xml.sax.SAXException;
 
@@ -37,7 +38,7 @@
 
 
   public String getContentType() {
-    return "application/atom+xml";
+    return ContentTypes.OUTPUT_ATOM_CONTENT_TYPE;
   }
 
   public String convertToString(Object pojo) {

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonConverter.java
 Wed Mar 25 00:36:11 2009
@@ -17,16 +17,16 @@
  */
 package org.apache.shindig.protocol.conversion;
 
+import com.google.common.collect.MapMaker;
+import com.google.inject.Inject;
+import com.google.inject.Injector;
+
 import org.apache.shindig.common.JsonProperty;
 import org.apache.shindig.common.JsonSerializer;
 import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.protocol.model.Enum;
 import org.apache.shindig.protocol.model.EnumImpl;
-
-import com.google.common.collect.MapMaker;
-import com.google.inject.Inject;
-import com.google.inject.Injector;
-
 import org.joda.time.DateTime;
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -64,6 +64,20 @@
     this.injector = injector;
   }
 
+  public String getContentType() {
+    return ContentTypes.OUTPUT_JSON_CONTENT_TYPE;
+  }
+
+  /**
+   * Convert the passed in object to a string.
+   *
+   * @param pojo The object to convert
+   * @return An object whose toString method will return json
+   */
+  public String convertToString(final Object pojo) {
+    return JsonSerializer.serialize(pojo);
+  }
+
   public void append(Appendable buf, Object pojo) throws IOException {
     JsonSerializer.append(buf, pojo);
   }
@@ -105,14 +119,6 @@
     return (T)convertToObject(string, (Type) clazz);
   }
 
-  public String convertToString(Object pojo) {
-    return JsonSerializer.serialize(pojo);
-  }
-
-  public String getContentType() {
-    return "application/json";
-  }
-
   @SuppressWarnings("unchecked")
   public <T> T convertToObject(String json, Type type) {
     try {
@@ -122,7 +128,7 @@
     }
   }
 
-  private Object convertToObject(Object value, Type type) {
+  public Object convertToObject(Object value, Type type) {
     if (type == null || type.equals(Object.class)) {
       // Use the source type instead.
       if (value instanceof JSONObject) {
@@ -136,7 +142,7 @@
     } else if (type.equals(String.class)) {
       return String.valueOf(value);
     } else if (type.equals(Boolean.class) || type.equals(Boolean.TYPE)) {
-      return Boolean.TRUE.equals(value);
+      return value instanceof String ? Boolean.valueOf((String) value) : 
Boolean.TRUE.equals(value);
     } else if (type.equals(Integer.class) || type.equals(Integer.TYPE)) {
       return value instanceof String ? Integer.valueOf((String) value) : 
((Number) value).intValue();
     } else if (type.equals(Long.class) || type.equals(Long.TYPE)) {

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonLibConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonLibConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonLibConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanJsonLibConverter.java
 Wed Mar 25 00:36:11 2009
@@ -17,6 +17,7 @@
  */
 package org.apache.shindig.protocol.conversion;
 
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.protocol.conversion.jsonlib.JsonLibConverterUtils;
 
 import com.google.inject.Inject;
@@ -63,7 +64,7 @@
   }
 
   public String getContentType() {
-    return "application/json";
+    return ContentTypes.OUTPUT_JSON_CONTENT_TYPE;
   }
 
   /**

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXStreamConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXStreamConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXStreamConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXStreamConverter.java
 Wed Mar 25 00:36:11 2009
@@ -17,6 +17,7 @@
  */
 package org.apache.shindig.protocol.conversion;
 
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.protocol.DataCollection;
 import org.apache.shindig.protocol.RestfulCollection;
 import org.apache.shindig.protocol.conversion.xstream.StackDriver;
@@ -80,7 +81,7 @@
   }
 
   public String getContentType() {
-    return "application/xml";
+    return ContentTypes.OUTPUT_XML_CONTENT_TYPE;
   }
 
   public String convertToString(Object pojo) {

Modified: 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXmlConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXmlConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXmlConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/main/java/org/apache/shindig/protocol/conversion/BeanXmlConverter.java
 Wed Mar 25 00:36:11 2009
@@ -20,6 +20,7 @@
 import org.apache.commons.betwixt.IntrospectionConfiguration;
 import org.apache.commons.betwixt.io.BeanReader;
 import org.apache.commons.betwixt.io.BeanWriter;
+import org.apache.shindig.protocol.ContentTypes;
 
 import org.xml.sax.SAXException;
 
@@ -35,7 +36,7 @@
       Logger.getLogger(BeanXmlConverter.class.getName());
 
   public String getContentType() {
-    return "application/xml";
+    return ContentTypes.OUTPUT_XML_CONTENT_TYPE;
   }
 
   public String convertToString(Object pojo) {

Added: 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/ContentTypesTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/ContentTypesTest.java?rev=758104&view=auto
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/ContentTypesTest.java
 (added)
+++ 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/ContentTypesTest.java
 Wed Mar 25 00:36:11 2009
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.protocol;
+
+import junit.framework.TestCase;
+
+/**
+ * Test content type checks
+ */
+public class ContentTypesTest extends TestCase {
+
+  @Override
+  protected void setUp() throws Exception {
+  }
+
+  public void testAllowJson() throws Exception {
+    ContentTypes.checkContentTypes(ContentTypes.ALLOWED_JSON_CONTENT_TYPES,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE, true);
+  }
+
+  public void testAllowAtom() throws Exception {
+    ContentTypes.checkContentTypes(ContentTypes.ALLOWED_ATOM_CONTENT_TYPES,
+        ContentTypes.OUTPUT_ATOM_CONTENT_TYPE, true);
+  }
+
+  public void testAllowXml() throws Exception {
+    ContentTypes.checkContentTypes(ContentTypes.ALLOWED_XML_CONTENT_TYPES,
+        ContentTypes.OUTPUT_XML_CONTENT_TYPE, true);
+  }
+
+  public void testAllowMultipart() throws Exception {
+    
ContentTypes.checkContentTypes(ContentTypes.ALLOWED_MULTIPART_CONTENT_TYPES,
+        ContentTypes.MULTIPART_FORM_CONTENT_TYPE, true);
+  }
+
+  public void testForbidden() throws Exception {
+    try {
+      ContentTypes.checkContentTypes(ContentTypes.ALLOWED_JSON_CONTENT_TYPES,
+          "application/x-www-form-urlencoded", false);
+      fail("Should fail as form encoded is forbidden");
+    } catch (ContentTypes.InvalidContentTypeException icte) {
+    }
+  }
+
+  public void testStrictDisallowUnknown() throws Exception {
+    try {
+      ContentTypes.checkContentTypes(ContentTypes.ALLOWED_JSON_CONTENT_TYPES,
+          "text/plain", true);
+      fail("Should fail with strict content type checking enabled");
+    } catch (ContentTypes.InvalidContentTypeException icte) {
+    }
+  }
+
+  public void testNonStrictAllowUnknown() throws Exception {
+    ContentTypes.checkContentTypes(ContentTypes.ALLOWED_JSON_CONTENT_TYPES,
+        "text/plain", false);
+  }
+
+  public void textExtractMimePart() throws Exception {
+    assertEquals("text/xml", ContentTypes.extractMimePart("Text/Xml ; charset 
= ISO-8859-1;x=y"));
+  }
+}
\ No newline at end of file

Modified: 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/DataServiceServletTest.java
 Wed Mar 25 00:36:11 2009
@@ -61,9 +61,12 @@
     xmlConverter = mockControl.createMock(BeanConverter.class);
     atomConverter = mockControl.createMock(BeanConverter.class);
 
-    
EasyMock.expect(jsonConverter.getContentType()).andReturn("application/json").anyTimes();
-    
EasyMock.expect(xmlConverter.getContentType()).andReturn("application/xml").anyTimes();
-    
EasyMock.expect(atomConverter.getContentType()).andReturn("application/atom+xml").anyTimes();
+    EasyMock.expect(jsonConverter.getContentType()).andReturn(
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE).anyTimes();
+    EasyMock.expect(xmlConverter.getContentType()).andReturn(
+        ContentTypes.OUTPUT_XML_CONTENT_TYPE).anyTimes();
+    EasyMock.expect(atomConverter.getContentType()).andReturn(
+        ContentTypes.OUTPUT_ATOM_CONTENT_TYPE).anyTimes();
 
     HandlerRegistry registry = new DefaultHandlerRegistry(null, jsonConverter,
         new HandlerExecutionListener.NoOpHandler());
@@ -99,7 +102,7 @@
     writerMock.write(TestHandler.GET_RESPONSE);
     EasyMock.expectLastCall();
     res.setCharacterEncoding("UTF-8");
-    res.setContentType("application/json");
+    res.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     mockControl.replay();
     servlet.service(req, res);
@@ -127,7 +130,7 @@
     // Shouldnt these be expectations
     res.sendError(ResponseError.BAD_REQUEST.getHttpErrorCode(), 
TestHandler.FAILURE_MESSAGE);
     res.setCharacterEncoding("UTF-8");
-    res.setContentType("application/json");
+    res.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     mockControl.replay();
     servlet.service(req, res);
@@ -146,6 +149,7 @@
     }
     fakeReq.setMethod(actualMethod);
     fakeReq.setAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId(), 
FAKE_GADGET_TOKEN);
+    fakeReq.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     req = fakeReq;
   }
 
@@ -158,15 +162,18 @@
   }
 
   public void testGetConverterForRequestContentType() throws Exception {
-    assertConverterForContentType(atomConverter, "application/atom+xml");
-    assertConverterForContentType(xmlConverter, "application/xml");
+    assertConverterForContentType(atomConverter, 
ContentTypes.OUTPUT_ATOM_CONTENT_TYPE);
+    assertConverterForContentType(xmlConverter, 
ContentTypes.OUTPUT_XML_CONTENT_TYPE);
+    assertConverterForContentType(xmlConverter, "text/xml");
+    assertConverterForContentType(jsonConverter, 
ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
+    assertConverterForContentType(jsonConverter, "application/json");
     assertConverterForContentType(jsonConverter, "");
     assertConverterForContentType(jsonConverter, null);
     assertConverterForContentType(jsonConverter, "abcd!");
   }
 
   private void assertConverter(BeanConverter converter, String format) {
-    EasyMock.expect(req.getParameter(DataServiceServlet.FORMAT_PARAM))
+    EasyMock.expect(req.getParameter(ApiServlet.FORMAT_PARAM))
         .andReturn(format);
     EasyMock.replay(req);
     assertEquals(converter, servlet.getConverterForRequest(req));
@@ -176,8 +183,7 @@
 
   private void assertConverterForContentType(BeanConverter converter,
       String contentType) {
-    EasyMock.expect(req.getHeader(DataServiceServlet.CONTENT_TYPE)).andReturn(
-        contentType);
+    EasyMock.expect(req.getContentType()).andReturn(contentType);
     EasyMock.replay(req);
     assertEquals(converter, servlet.getConverterForRequest(req));
     EasyMock.verify(req);

Modified: 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
 (original)
+++ 
incubator/shindig/trunk/java/common/src/test/java/org/apache/shindig/protocol/JsonRpcServletTest.java
 Wed Mar 25 00:36:11 2009
@@ -17,24 +17,22 @@
  */
 package org.apache.shindig.protocol;
 
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.isA;
-import static org.easymock.classextension.EasyMock.reset;
+import com.google.common.collect.ImmutableMap;
+import com.google.inject.Guice;
+
+import junit.framework.TestCase;
 
 import org.apache.shindig.common.JsonAssert;
 import org.apache.shindig.common.testing.FakeGadgetToken;
 import org.apache.shindig.protocol.conversion.BeanJsonConverter;
 import org.apache.shindig.protocol.multipart.FormDataItem;
 import org.apache.shindig.protocol.multipart.MultipartFormParser;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.inject.Guice;
-
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+import static org.easymock.EasyMock.isA;
 import org.easymock.IMocksControl;
 import org.easymock.classextension.EasyMock;
-
-import junit.framework.TestCase;
+import static org.easymock.classextension.EasyMock.reset;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -130,14 +128,15 @@
     expect(req.getMethod()).andStubReturn("POST");
     expect(req.getAttribute(isA(String.class))).andReturn(FAKE_GADGET_TOKEN);
     expect(req.getCharacterEncoding()).andStubReturn("UTF-8");
+    
expect(req.getContentType()).andStubReturn(ContentTypes.MULTIPART_FORM_CONTENT_TYPE);
     res.setCharacterEncoding("UTF-8");
-    res.setContentType("application/json");
+    res.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     List<FormDataItem> formItems = new ArrayList<FormDataItem>();
     String request = "{method:test.get,id:id,params:" +
         "{userId:5,groupId:@self,image-ref:@" + IMAGE_FIELDNAME + "}}";
-    formItems.add(mockFormDataItem(JsonRpcServlet.REQUEST_PARAM, 
"application/json",
-        request.getBytes(), true));
+    formItems.add(mockFormDataItem(JsonRpcServlet.REQUEST_PARAM,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE, request.getBytes(), true));
     formItems.add(mockFormDataItem(IMAGE_FIELDNAME, IMAGE_TYPE, IMAGE_DATA, 
false));
     expect(multipartFormParser.isMultipartContent(req)).andReturn(true);
     expect(multipartFormParser.parse(req)).andReturn(formItems);
@@ -171,14 +170,15 @@
     expect(req.getMethod()).andStubReturn("POST");
     expect(req.getAttribute(isA(String.class))).andReturn(FAKE_GADGET_TOKEN);
     expect(req.getCharacterEncoding()).andStubReturn("UTF-8");
+    
expect(req.getContentType()).andStubReturn(ContentTypes.MULTIPART_FORM_CONTENT_TYPE);
     res.setCharacterEncoding("UTF-8");
-    res.setContentType("application/json");
+    res.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     List<FormDataItem> formItems = new ArrayList<FormDataItem>();
     String request = "{method:test.get,id:id,params:" +
         "{userId:5,groupId:@self,image-ref:@" + IMAGE_FIELDNAME + "}}";
     formItems.add(mockFormDataItem(IMAGE_FIELDNAME, IMAGE_TYPE, IMAGE_DATA, 
false));
-    formItems.add(mockFormDataItem("json", "application/json",
+    formItems.add(mockFormDataItem("json", 
ContentTypes.OUTPUT_JSON_CONTENT_TYPE,
         request.getBytes(), true));
     expect(multipartFormParser.isMultipartContent(req)).andReturn(true);
     expect(multipartFormParser.parse(req)).andReturn(formItems);
@@ -273,9 +273,9 @@
     expect(req.getMethod()).andStubReturn("POST");
     expect(req.getAttribute(isA(String.class))).andReturn(FAKE_GADGET_TOKEN);
     expect(req.getCharacterEncoding()).andStubReturn("UTF-8");
-    expect(req.getContentType()).andStubReturn("application/json");
+    
expect(req.getContentType()).andStubReturn(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     res.setCharacterEncoding("UTF-8");
-    res.setContentType("application/json");
+    res.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
   }
 
   private FormDataItem mockFormDataItem(String fieldName, String contentType, 
byte content[],

Modified: 
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/HtmlRenderer.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/HtmlRenderer.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/HtmlRenderer.java
 (original)
+++ 
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/HtmlRenderer.java
 Wed Mar 25 00:36:11 2009
@@ -185,7 +185,7 @@
       // to enable caching
       request.setMethod("POST")
           .setPostBody(UTF8.encode(postContent).array())
-          .setHeader("Content-Type", "text/json;charset=utf-8");
+          .setHeader("Content-Type", "application/json;charset=utf-8");
     }
     return request;
   }

Modified: 
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/HtmlRendererTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/HtmlRendererTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/HtmlRendererTest.java
 (original)
+++ 
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/HtmlRendererTest.java
 Wed Mar 25 00:36:11 2009
@@ -221,7 +221,7 @@
 
     HttpRequest lastHttpRequest = pipeline.getLastHttpRequest();
     assertEquals("POST", lastHttpRequest.getMethod());
-    assertEquals("text/json;charset=utf-8", 
lastHttpRequest.getHeader("Content-Type"));
+    assertEquals("application/json;charset=utf-8", 
lastHttpRequest.getHeader("Content-Type"));
     String postBody = lastHttpRequest.getPostBodyAsString();
     JSONArray actualJson = new JSONArray(postBody);
 
@@ -246,7 +246,7 @@
 
     HttpRequest lastHttpRequest = pipeline.getLastHttpRequest();
     assertEquals("POST", lastHttpRequest.getMethod());
-    assertEquals("text/json;charset=utf-8", 
lastHttpRequest.getHeader("Content-Type"));
+    assertEquals("application/json;charset=utf-8", 
lastHttpRequest.getHeader("Content-Type"));
     String postBody = lastHttpRequest.getPostBodyAsString();
     JSONArray actualJson = new JSONArray(postBody);
 

Modified: 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/util/BeanXStreamAtomConverter.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/util/BeanXStreamAtomConverter.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/util/BeanXStreamAtomConverter.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/util/BeanXStreamAtomConverter.java
 Wed Mar 25 00:36:11 2009
@@ -17,12 +17,13 @@
  */
 package org.apache.shindig.social.core.util;
 
+import com.google.inject.Inject;
+
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.protocol.conversion.BeanXStreamConverter;
 import org.apache.shindig.protocol.conversion.xstream.XStreamConfiguration;
 import org.apache.shindig.social.core.util.atom.AtomFeed;
 
-import com.google.inject.Inject;
-
 /**
  * Converts output to atom.
  * TODO: Move to common once atom binding can be decoupled form social code
@@ -44,7 +45,7 @@
    */
   @Override
   public String getContentType() {
-    return "application/atom+xml";
+    return ContentTypes.OUTPUT_ATOM_CONTENT_TYPE;
   }
 
   /**

Modified: 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/AbstractLargeRestfulTests.java
 Wed Mar 25 00:36:11 2009
@@ -29,22 +29,22 @@
 import org.apache.shindig.social.core.util.BeanXStreamAtomConverter;
 import org.apache.shindig.social.core.util.xstream.XStream081Configuration;
 
+import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
-import com.google.common.collect.ImmutableMap;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Key;
 import com.google.inject.TypeLiteral;
 import com.google.inject.name.Names;
-import org.easymock.EasyMock;
-import org.json.JSONObject;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 import org.custommonkey.xmlunit.NamespaceContext;
 import org.custommonkey.xmlunit.SimpleNamespaceContext;
 import org.custommonkey.xmlunit.XMLUnit;
 import org.custommonkey.xmlunit.XpathEngine;
+import org.easymock.EasyMock;
+import org.json.JSONObject;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.stream.XMLInputFactory;
@@ -133,6 +133,7 @@
     req.setParameter("format",format);
     req.setParameter("X-HTTP-Method-Override", method);
     req.setAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId(), 
FAKE_GADGET_TOKEN);
+    req.setContentType(contentType);
     for (Map.Entry<String,String> entry : extraParams.entrySet()) {
       req.setParameter(entry.getKey(), entry.getValue());
     }

Modified: 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonActivityTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonActivityTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonActivityTest.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonActivityTest.java
 Wed Mar 25 00:36:11 2009
@@ -17,6 +17,7 @@
  */
 package org.apache.shindig.social.dataservice.integration;
 
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.social.core.model.ActivityImpl;
 import org.apache.shindig.social.opensocial.model.Activity;
 
@@ -50,7 +51,8 @@
    */
   @Test
   public void testGetActivityJson() throws Exception {
-    String resp = getResponse("/activities/john.doe/@self/@app/1", "GET", 
null, "application/json");
+    String resp = getResponse("/activities/john.doe/@self/@app/1", "GET", null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
     assertActivitiesEqual(johnsActivity, result.getJSONObject("entry"));
   }
@@ -71,7 +73,8 @@
    */
   @Test
   public void testGetActivitiesJson() throws Exception {
-    String resp = getResponse("/activities/john.doe/@self", "GET", null, 
"application/json");
+    String resp = getResponse("/activities/john.doe/@self", "GET", null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
 
     assertEquals(1, result.getInt("totalResults"));
@@ -95,7 +98,8 @@
    */
   @Test
   public void testGetFriendsActivitiesJson() throws Exception {
-    String resp = getResponse("/activities/john.doe/@friends", "GET", null, 
"application/json");
+    String resp = getResponse("/activities/john.doe/@friends", "GET", null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
 
     assertEquals(2, result.getInt("totalResults"));
@@ -114,10 +118,12 @@
   public void testCreateActivity() throws Exception {
     String postData = "{title : 'hi mom!', body : 'and dad.'}";
     // Create the activity
-    getResponse("/activities/john.doe/@self", "POST", postData, null, 
"application/json");
+    getResponse("/activities/john.doe/@self", "POST", postData, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     // Verify it can be retrieved
-    String resp = getResponse("/activities/john.doe/@self", "GET", null, 
"application/json");
+    String resp = getResponse("/activities/john.doe/@self", "GET", null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
 
     assertEquals(2, result.getInt("totalResults"));
@@ -135,4 +141,4 @@
   }
 
   // TODO: Add tests for the fields= parameter
-}
\ No newline at end of file
+}

Modified: 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonDataTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonDataTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonDataTest.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonDataTest.java
 Wed Mar 25 00:36:11 2009
@@ -17,6 +17,8 @@
  */
 package org.apache.shindig.social.dataservice.integration;
 
+import org.apache.shindig.protocol.ContentTypes;
+
 import com.google.common.collect.Maps;
 import org.json.JSONObject;
 import org.junit.Test;
@@ -44,7 +46,8 @@
     // app id is mocked out
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", "count");
-    String resp = getResponse("/appdata/john.doe/@friends/app", "GET", 
extraParams, null, "application/json");
+    String resp = getResponse("/appdata/john.doe/@friends/app", "GET", 
extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     JSONObject data = getJson(resp).getJSONObject("entry");
     assertEquals(3, data.length());
@@ -74,7 +77,8 @@
     // app id is mocked out
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", null);
-    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null, "application/json");
+    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     JSONObject data = getJson(resp).getJSONObject("entry");
     assertEquals(1, data.length());
@@ -100,7 +104,8 @@
     // app id is mocked out
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", "count");
-    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null, "application/json");
+    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     JSONObject data = getJson(resp).getJSONObject("entry");
     assertEquals(1, data.length());
@@ -127,7 +132,8 @@
     // app id is mocked out
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", "peabody");
-    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null, "application/json");
+    String resp = getResponse("/appdata/john.doe/@self/app", "GET", 
extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     JSONObject data = getJson(resp).getJSONObject("entry");
     assertEquals(1, data.length());
@@ -143,12 +149,14 @@
     // With the wrong field
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", "peabody");
-    getResponse("/appdata/john.doe/@self/app", "DELETE", extraParams, null, 
"application/json");
+    getResponse("/appdata/john.doe/@self/app", "DELETE", extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     assertCount("0");
 
     extraParams.put("fields", "count");
-    getResponse("/appdata/john.doe/@self/app", "DELETE", extraParams, null, 
"application/json");
+    getResponse("/appdata/john.doe/@self/app", "DELETE", extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     assertCount(null);
   }
@@ -160,13 +168,15 @@
     Map<String, String> extraParams = Maps.newHashMap();
     extraParams.put("fields", "count");
     String postData = "{count : 5}";
-    getResponse("/appdata/john.doe/@self/app", "POST", extraParams, postData, 
null, "application/json");
+    getResponse("/appdata/john.doe/@self/app", "POST", extraParams, postData, 
null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
 
     assertCount("5");
   }
 
   private void assertCount(String expectedCount) throws Exception {
-    String resp = getResponse("/appdata/john.doe/@self/app", "GET", null, 
"application/json");
+    String resp = getResponse("/appdata/john.doe/@self/app", "GET", null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject data = getJson(resp).getJSONObject("entry");
     assertEquals(1, data.length());
 
@@ -182,4 +192,4 @@
 
   // TODO: support for indexBy??
 
-}
\ No newline at end of file
+}

Modified: 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonPeopleTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonPeopleTest.java?rev=758104&r1=758103&r2=758104&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonPeopleTest.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/dataservice/integration/RestfulJsonPeopleTest.java
 Wed Mar 25 00:36:11 2009
@@ -17,6 +17,10 @@
  */
 package org.apache.shindig.social.dataservice.integration;
 
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+
+import org.apache.shindig.protocol.ContentTypes;
 import org.apache.shindig.protocol.model.Enum;
 import org.apache.shindig.protocol.model.EnumImpl;
 import org.apache.shindig.social.core.model.AddressImpl;
@@ -37,9 +41,6 @@
 import org.apache.shindig.social.opensocial.model.Person;
 import org.apache.shindig.social.opensocial.model.Smoker;
 import org.apache.shindig.social.opensocial.model.Url;
-
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -219,7 +220,8 @@
     extraParams.put("fields", allFieldsParam);
 
     // Currently, for Shindig {pid}/@all/{uid} == {uid}/@self
-    String resp = getResponse("/people/canonical/@self", "GET", extraParams, 
null, "application/json");
+    String resp = getResponse("/people/canonical/@self", "GET", extraParams, 
null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp).getJSONObject("entry");
 
     assertStringField(result, canonical.getAboutMe(), Person.Field.ABOUT_ME);
@@ -459,7 +461,8 @@
     extraParams.put("fields", null);
 
     // Currently, for Shindig @all == @friends
-    String resp = getResponse("/people/john.doe/@friends", "GET", extraParams, 
null, "application/json");
+    String resp = getResponse("/people/john.doe/@friends", "GET", extraParams, 
null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
 
     assertEquals(3, result.getInt("totalResults"));
@@ -482,7 +485,8 @@
     extraParams.put("count", "1");
     extraParams.put("fields", null);
 
-    String resp = getResponse("/people/john.doe/@friends", "GET", extraParams, 
null, "application/json");
+    String resp = getResponse("/people/john.doe/@friends", "GET", extraParams, 
null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     JSONObject result = getJson(resp);
 
     assertEquals(3, result.getInt("totalResults"));
@@ -493,7 +497,8 @@
 
     // Get the second page
     extraParams.put("startIndex", "1");
-    resp = getResponse("/people/john.doe/@friends", "GET", extraParams, null, 
"application/json");
+    resp = getResponse("/people/john.doe/@friends", "GET", extraParams, null,
+        ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
     result = getJson(resp);
 
     assertEquals(3, result.getInt("totalResults"));

Reply via email to