sblim-commit

[Dave B. <bla...@us...>]

Update of /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/internal/wbem/indications
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv20677/src/org/sblim/cimclient/internal/wbem/indications

Modified Files:
      Tag: Experimental
	CIMIndicationHandler.java 
Log Message:
2724 Listener should verify XML media type

Index: CIMIndicationHandler.java
===================================================================
RCS file: /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/internal/wbem/indications/CIMIndicationHandler.java,v
retrieving revision 1.10.2.27
retrieving revision 1.10.2.28
diff -u -d -r1.10.2.27 -r1.10.2.28
--- CIMIndicationHandler.java	23 Jan 2013 20:53:46 -0000	1.10.2.27
+++ CIMIndicationHandler.java	18 Feb 2014 17:02:25 -0000	1.10.2.28
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2005, 2013
+ * (C) Copyright IBM Corp. 2005, 2014
  *
  * THIS FILE IS PROVIDED UNDER THE TERMS OF THE ECLIPSE PUBLIC LICENSE 
  * ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THIS FILE 
@@ -44,6 +44,7 @@
  * 3553858    2012-08-06  blaschke-oss Append duplicate HTTP header fields instead of replace
  * 3554738    2012-08-16  blaschke-oss dump CIM xml by LogAndTraceBroker.trace()
  * 3601894    2013-01-23  blaschke-oss Enhance HTTP and CIM-XML tracing
+ *    2724    2014-02-18  blaschke-oss Listener should verify XML media type
  */
 
 package org.sblim.cimclient.internal.wbem.indications;
@@ -453,9 +454,21 @@
 			throws HttpException {
 
 		HttpHeader header = processHttpExtensions(pHeader);
+		String contentType = header.getField("Content-Type");
 		String cimExport = header.getField("CIMExport");
 		String cimOperation = header.getField("CIMOperation");
 
+		if (contentType == null) {
+			pWriter.getHeader().addField("CIMError", "request-not-valid");
+			throw new HttpException(415, "Unsupported Media Type");
+		}
+
+		contentType = contentType.toLowerCase();
+		if (!contentType.contains("application/xml") && !contentType.contains("text/xml")) {
+			pWriter.getHeader().addField("CIMError", "request-not-valid");
+			throw new HttpException(415, "Unsupported Media Type");
+		}
+
 		if (cimOperation != null && !"METHODCALL".equalsIgnoreCase(cimOperation)) {
 			pWriter.getHeader().addField("CIMError", "unsupported-operation");
 			throw new HttpException(400, "Bad Request");