javax.servlet-api 4.0.1

Updating javax.servlet-api to latest version.
Updating classes with best-attempt implementations to account for new
methods.

Test scope functions were stubbed to throw
UnsupportedOperationExceptions (replicating class behaviors)

Adding a transitive exclude to javax.servlet.jsp-api to prefer the
upgraded reference declared.

Author: jeremiahjstacey

pom.xml

@@ -145,15 +145,20 @@
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
-            <!-- Note: v3.1.0+ causes compilation errors. So would have to fix to upgrade. -->
-            <version>3.0.1</version>
+            <version>4.0.1</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>javax.servlet.jsp</groupId>
             <artifactId>javax.servlet.jsp-api</artifactId>
             <version>2.3.3</version>
             <scope>provided</scope>
+            <exclusions>
+	            <exclusion>
+		            <groupId>javax.servlet</groupId>
+		            <artifactId>javax.servlet-api</artifactId>		           
+	            </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.io7m.xom</groupId>

src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java

@@ -24,6 +24,7 @@
 import java.util.Enumeration;
 import java.util.Vector;
 
+import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
@@ -171,18 +172,43 @@ public Enumeration getDictionaryParameterNames() {
 	private class RAFInputStream extends ServletInputStream {
 
 		RandomAccessFile raf;
+		boolean isDone = false;
+		
 
 		public RAFInputStream(RandomAccessFile raf) throws IOException {
 			this.raf = raf;
 			this.raf.seek(0);
 		}
 
 		public int read() throws IOException {
-			return raf.read();
+			int rval = raf.read();
+			
+			if (rval == -1) {
+				isDone = true;
+			}
+			
+			return rval;
 		}
 
 		public synchronized void reset() throws IOException {
 			raf.seek(0);
+			isDone = false;
+		}
+
+		@Override
+		public boolean isFinished() {
+			return isDone;
+		}
+
+		@Override
+		public boolean isReady() {
+			// No way to verify that the next read would be non-blocking.
+			return false;
+		}
+
+		@Override
+		public void setReadListener(ReadListener readListener) {
+			//NO-OP. Unused in this scope.
 		}
 	}
 

src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java

@@ -21,6 +21,7 @@
 import java.io.RandomAccessFile;
 
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 
 /**
  * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
@@ -161,4 +162,13 @@ public void close() throws IOException {
 
     }
 
+	@Override
+	public boolean isReady() {
+		return os.isReady();
+	}
+
+	@Override
+	public void setWriteListener(WriteListener writeListener) {
+		os.setWriteListener(writeListener);
+	}
 }

src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java

@@ -46,6 +46,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpUpgradeHandler;
 import javax.servlet.http.Part;
 
 /**
@@ -737,4 +738,19 @@ public DispatcherType getDispatcherType() {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
 
+	@Override
+	public long getContentLengthLong() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public String changeSessionId() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
 }

src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java

@@ -24,6 +24,7 @@
 import java.util.Locale;
 
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
@@ -279,6 +280,16 @@ public ServletOutputStream getOutputStream() throws IOException {
 			public void write(int b) throws IOException {
 				body.append((char)b);
 			}
+
+			@Override
+			public boolean isReady() {
+				return false;
+			}
+
+			@Override
+			public void setWriteListener(WriteListener writeListener) {
+				// NO OP
+			}
 		};
 	}
 
@@ -369,5 +380,10 @@ public void dump() {
     public Collection<String> getHeaders(String string) {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
+
+	@Override
+	public void setContentLengthLong(long len) {
+		//Emulating setContentLenth method.  NO OP
+	}
 
 }

src/test/java/org/owasp/esapi/http/MockServletContext.java

@@ -31,6 +31,7 @@
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRegistration;
+import javax.servlet.ServletRegistration.Dynamic;
 import javax.servlet.SessionCookieConfig;
 import javax.servlet.SessionTrackingMode;
 import javax.servlet.descriptor.JspConfigDescriptor;
@@ -693,4 +694,44 @@ public ClassLoader getClassLoader() {
     public void declareRoles(String... strings) {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
+
+	@Override
+	public Dynamic addJspFile(String servletName, String jspFile) {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public String getVirtualServerName() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public int getSessionTimeout() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public void setSessionTimeout(int sessionTimeout) {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public String getRequestCharacterEncoding() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public void setRequestCharacterEncoding(String encoding) {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public String getResponseCharacterEncoding() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public void setResponseCharacterEncoding(String encoding) {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
 }

src/test/java/org/owasp/esapi/http/MockServletInputStream.java

@@ -15,6 +15,7 @@
  */
 package org.owasp.esapi.http;
 
+import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import java.io.IOException;
 
@@ -27,6 +28,8 @@ public class MockServletInputStream extends ServletInputStream {
     private byte[] body;
 
     private int next;
+    
+    private boolean isDone = false;
 
     /**
      * constructor
@@ -45,7 +48,23 @@ public int read() throws IOException {
         if (next < body.length) {
             return body[next++];
         } else {
+        	isDone = true;
             return -1;
         }
     }
+
+	@Override
+	public boolean isFinished() {
+	return isDone;
+	}
+
+	@Override
+	public boolean isReady() {
+		return false;
+	}
+
+	@Override
+	public void setReadListener(ReadListener readListener) {
+		//NO OP
+	}
 }