/**
* Set header, if still possible
*
* @throws lang.IllegalStateException
*/
public function setHeader($name, $value)
{
if ($this->headersSent()) {
throw new IllegalStateException('Cannot set headers when headers have already been sent!');
}
parent::setHeader($name, $value);
}
/**
* Process the response (setting status code, adding XML data to
* response body, ...)
*
*/
public function process()
{
parent::process();
if ($this->tree !== NULL) {
$this->setHeader('Content-Type', 'text/xml; charset="' . $this->tree->getEncoding() . '"');
$this->setContent($body = $this->tree->getDeclaration() . "\n" . $this->tree->getSource(0));
$this->setHeader('Content-length', strlen($body));
}
}
/**
* This method is called to process any request and dispatches
* it to on of the do* -methods of the scriptlet. It will also
* call the <pre>doCreateSession()</pre> method if necessary.
*
* @param scriptlet.HttpScriptletRequest request
* @param scriptlet.HttpScriptletResponse response
* @throws scriptlet.ScriptletException indicating fatal errors
*/
public function service(HttpScriptletRequest $request, HttpScriptletResponse $response)
{
$host = $request->getHeader('X-Forwarded-Host', $request->getEnvValue('HTTP_HOST'));
$request->setURL($this->_url(('on' == $request->getEnvValue('HTTPS') ? 'https' : 'http') . '://' . substr($host, 0, strcspn($host, ',')) . $request->getEnvValue('REQUEST_URI')));
// Check if this method can be handled. In case it can't, throw a
// ScriptletException with the HTTP status code 501 ("Method not
// implemented"). The request object will already have all headers
// and the request method set when this method is called.
if (!($method = $this->handleMethod($request))) {
throw new ScriptletException('HTTP method "' . $request->method . '" not supported', HttpConstants::STATUS_METHOD_NOT_IMPLEMENTED);
}
// Call the request's initialization method
$request->initialize();
// Create response object. Answer with the same protocol version that the
// user agent sends us with the request. The only versions we should be
// getting are 1.0 (some proxies or do this) or 1.1 (any current browser).
// Answer with a "HTTP Version Not Supported" statuscode (#505) for any
// other protocol version.
$response->setURI($request->getURL());
if (2 != sscanf($proto = $request->getEnvValue('SERVER_PROTOCOL'), 'HTTP/%*[1].%[01]', $minor)) {
throw new ScriptletException('Unsupported HTTP protocol version "' . $proto . '" - expected HTTP/1.0 or HTTP/1.1', HttpConstants::STATUS_HTTP_VERSION_NOT_SUPPORTED);
}
$response->version = '1.' . $minor;
// Check if a session is present. This is either the case when a session
// is already in the URL or if the scriptlet explicetly states it needs
// one (by returning TRUE from needsSession()).
if ($this->needsSession($request) || $request->getSessionId()) {
$request->setSession($this->_session());
$valid = FALSE;
try {
$this->handleSessionInitialization($request);
$valid = $request->session->isValid();
} catch (XPException $e) {
// Check if session initialization errors can be handled gracefully
// (default: no). If not, throw a HttpSessionInvalidException with
// the HTTP status code 503 ("Service temporarily unavailable").
if (!$this->handleSessionInitializationError($request, $response)) {
throw new HttpSessionInvalidException('Session initialization failed: ' . $e->getMessage(), HttpConstants::STATUS_SERVICE_TEMPORARILY_UNAVAILABLE, $e);
}
// Fall through, otherwise
}
// Check if invalid sessions can be handled gracefully (default: no).
// If not, throw a HttpSessionInvalidException with the HTTP status
// code 400 ("Bad request").
if (!$valid) {
if (!$this->handleInvalidSession($request, $response)) {
throw new HttpSessionInvalidException('Session is invalid', HttpConstants::STATUS_BAD_REQUEST);
}
// Fall through, otherwise
}
// Call doCreateSession() in case the session is new
if ($request->session->isNew()) {
$method = 'doCreateSession';
}
}
// If this scriptlet has an authenticator, run its authenticate()
// method. This method may return FALSE to indicate no further
// processing is to be done (e.g., in case it redirects to a login
// site). Exceptions thrown are wrapped in a ScriptletException
// with status code 403 ("Forbidden").
if ($auth = $this->getAuthenticator($request)) {
try {
$r = $auth->authenticate($request, $response, NULL);
} catch (ScriptletException $e) {
throw $e;
} catch (XPException $e) {
throw new ScriptletException('Authentication failed: ' . $e->getMessage(), HttpConstants::STATUS_FORBIDDEN, $e);
}
if (FALSE === $r) {
return;
}
}
// Call method handler and, in case the method handler returns anything
// else than FALSE, the response processor. Exceptions thrown from any of
// the two methods will result in a ScriptletException with the HTTP
// status code 500 ("Internal Server Error") being thrown.
try {
$r = call_user_func(array($this, $method), $request, $response);
if (FALSE !== $r && !is(NULL, $r)) {
$response->process();
}
} catch (ScriptletException $e) {
throw $e;
} catch (XPException $e) {
throw new ScriptletException('Request processing failed [' . $method . ']: ' . $e->getMessage(), HttpConstants::STATUS_INTERNAL_SERVER_ERROR, $e);
}
}
/**
* Overwritten method from parent class
*
* @param string content Content
* @throws lang.IllegalAccessException
*/
public function setContent($content)
{
if ($this->_processed) {
throw new IllegalAccessException('Cannot write directly');
}
parent::setContent($content);
}
/**
* Handle exception from scriptlet
*
* @param lang.Throwable t
* @param int status
* @param bool trace whether to show stacktrace
* @return scriptlet.HttpScriptletResponse
*/
protected function fail(Throwable $t, $status, $trace)
{
$package = create(new XPClass(__CLASS__))->getPackage();
$errorPage = $package->providesResource('error' . $status . '.html') ? $package->getResource('error' . $status . '.html') : $package->getResource('error500.html');
$response = new HttpScriptletResponse();
$response->setStatus($status);
$response->setContent(str_replace('<xp:value-of select="reason"/>', $trace ? $t->toString() : $t->getMessage(), $errorPage));
return $response;
}