关联漏洞
介绍
[](https://travis-ci.org/perwendel/spark)
[](./LICENSE)
[](http://mvnrepository.com/artifact/com.sparkjava/spark-core)
Spark - a tiny web framework for Java 8
==============================================
**Spark 2.9.4 is out!!**
```xml
<dependency>
<groupId>com.sparkjava</groupId>
<artifactId>spark-core</artifactId>
<version>2.9.4</version>
</dependency>
```
Sponsor the project here https://github.com/sponsors/perwendel
For documentation please go to: http://sparkjava.com/documentation
For usage questions, please use [stack overflow with the “spark-java” tag](http://stackoverflow.com/questions/tagged/spark-java)
Javadoc: http://javadoc.io/doc/com.sparkjava/spark-core
When committing to the project please use Spark format configured in https://github.com/perwendel/spark/blob/master/config/spark_formatter_intellij.xml
Getting started
---------------
```xml
<dependency>
<groupId>com.sparkjava</groupId>
<artifactId>spark-core</artifactId>
<version>2.9.4</version>
</dependency>
```
```java
import static spark.Spark.*;
public class HelloWorld {
public static void main(String[] arg){
get("/hello", (request, response) -> "Hello World!");
}
}
```
View at: http://localhost:4567/hello
Check out and try the examples in the source code.
You can also check out the javadoc. After getting the source from
[github](https://github.com/perwendel/spark) run:
mvn javadoc:javadoc
The result is put in /target/site/apidocs
Examples
---------
Simple example showing some basic functionality
```java
import static spark.Spark.*;
/**
* A simple example just showing some basic functionality
*/
public class SimpleExample {
public static void main(String[] args) {
// port(5678); <- Uncomment this if you want spark to listen to port 5678 instead of the default 4567
get("/hello", (request, response) -> "Hello World!");
post("/hello", (request, response) ->
"Hello World: " + request.body()
);
get("/private", (request, response) -> {
response.status(401);
return "Go Away!!!";
});
get("/users/:name", (request, response) -> "Selected user: " + request.params(":name"));
get("/news/:section", (request, response) -> {
response.type("text/xml");
return "<?xml version=\"1.0\" encoding=\"UTF-8\"?><news>" + request.params("section") + "</news>";
});
get("/protected", (request, response) -> {
halt(403, "I don't think so!!!");
return null;
});
get("/redirect", (request, response) -> {
response.redirect("/news/world");
return null;
});
get("/", (request, response) -> "root");
}
}
```
-------------------------------
A simple CRUD example showing how to create, get, update and delete book resources
```java
import static spark.Spark.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
/**
* A simple CRUD example showing how to create, get, update and delete book resources.
*/
public class Books {
/**
* Map holding the books
*/
private static Map<String, Book> books = new HashMap<String, Book>();
public static void main(String[] args) {
final Random random = new Random();
// Creates a new book resource, will return the ID to the created resource
// author and title are sent in the post body as x-www-urlencoded values e.g. author=Foo&title=Bar
// you get them by using request.queryParams("valuename")
post("/books", (request, response) -> {
String author = request.queryParams("author");
String title = request.queryParams("title");
Book book = new Book(author, title);
int id = random.nextInt(Integer.MAX_VALUE);
books.put(String.valueOf(id), book);
response.status(201); // 201 Created
return id;
});
// Gets the book resource for the provided id
get("/books/:id", (request, response) -> {
Book book = books.get(request.params(":id"));
if (book != null) {
return "Title: " + book.getTitle() + ", Author: " + book.getAuthor();
} else {
response.status(404); // 404 Not found
return "Book not found";
}
});
// Updates the book resource for the provided id with new information
// author and title are sent in the request body as x-www-urlencoded values e.g. author=Foo&title=Bar
// you get them by using request.queryParams("valuename")
put("/books/:id", (request, response) -> {
String id = request.params(":id");
Book book = books.get(id);
if (book != null) {
String newAuthor = request.queryParams("author");
String newTitle = request.queryParams("title");
if (newAuthor != null) {
book.setAuthor(newAuthor);
}
if (newTitle != null) {
book.setTitle(newTitle);
}
return "Book with id '" + id + "' updated";
} else {
response.status(404); // 404 Not found
return "Book not found";
}
});
// Deletes the book resource for the provided id
delete("/books/:id", (request, response) -> {
String id = request.params(":id");
Book book = books.remove(id);
if (book != null) {
return "Book with id '" + id + "' deleted";
} else {
response.status(404); // 404 Not found
return "Book not found";
}
});
// Gets all available book resources (ids)
get("/books", (request, response) -> {
String ids = "";
for (String id : books.keySet()) {
ids += id + " ";
}
return ids;
});
}
public static class Book {
public String author, title;
public Book(String author, String title) {
this.author = author;
this.title = title;
}
public String getAuthor() {
return author;
}
public void setAuthor(String author) {
this.author = author;
}
public String getTitle() {
return title;
}
public void setTitle(String title) {
this.title = title;
}
}
}
```
---------------------------------
Example showing a very simple (and stupid) authentication filter that is executed before all other resources
```java
import static spark.Spark.*;
import java.util.HashMap;
import java.util.Map;
/**
* Example showing a very simple (and stupid) authentication filter that is
* executed before all other resources.
*
* When requesting the resource with e.g.
* http://localhost:4567/hello?user=some&password=guy
* the filter will stop the execution and the client will get a 401 UNAUTHORIZED with the content 'You are not welcome here'
*
* When requesting the resource with e.g.
* http://localhost:4567/hello?user=foo&password=bar
* the filter will accept the request and the request will continue to the /hello route.
*
* Note: There is a second "before filter" that adds a header to the response
* Note: There is also an "after filter" that adds a header to the response
*/
public class FilterExample {
private static Map<String, String> usernamePasswords = new HashMap<String, String>();
public static void main(String[] args) {
usernamePasswords.put("foo", "bar");
usernamePasswords.put("admin", "admin");
before((request, response) -> {
String user = request.queryParams("user");
String password = request.queryParams("password");
String dbPassword = usernamePasswords.get(user);
if (!(password != null && password.equals(dbPassword))) {
halt(401, "You are not welcome here!!!");
}
});
before("/hello", (request, response) -> response.header("Foo", "Set by second before filter"));
get("/hello", (request, response) -> "Hello World!");
after("/hello", (request, response) -> response.header("spark", "added by after-filter"));
afterAfter("/hello", (request, response) -> response.header("finally", "executed even if exception is throw"));
afterAfter((request, response) -> response.header("finally", "executed after any route even if exception is throw"));
}
}
```
---------------------------------
Example showing how to use attributes
```java
import static spark.Spark.after;
import static spark.Spark.get;
/**
* Example showing the use of attributes
*/
public class FilterExampleAttributes {
public static void main(String[] args) {
get("/hi", (request, response) -> {
request.attribute("foo", "bar");
return null;
});
after("/hi", (request, response) -> {
for (String attr : request.attributes()) {
System.out.println("attr: " + attr);
}
});
after("/hi", (request, response) -> {
Object foo = request.attribute("foo");
response.body(asXml("foo", foo));
});
}
private static String asXml(String name, Object value) {
return "<?xml version=\"1.0\" encoding=\"UTF-8\"?><" + name +">" + value + "</"+ name + ">";
}
}
```
---------------------------------
Example showing how to serve static resources
```java
import static spark.Spark.*;
public class StaticResources {
public static void main(String[] args) {
// Will serve all static file are under "/public" in classpath if the route isn't consumed by others routes.
// When using Maven, the "/public" folder is assumed to be in "/main/resources"
staticFileLocation("/public");
get("/hello", (request, response) -> "Hello World!");
}
}
```
---------------------------------
Example showing how to define content depending on accept type
```java
import static spark.Spark.*;
public class JsonAcceptTypeExample {
public static void main(String args[]) {
//Running curl -i -H "Accept: application/json" http://localhost:4567/hello json message is read.
//Running curl -i -H "Accept: text/html" http://localhost:4567/hello HTTP 404 error is thrown.
get("/hello", "application/json", (request, response) -> "{\"message\": \"Hello World\"}");
}
}
```
---------------------------------
Example showing how to render a view from a template. Note that we are using `ModelAndView` class for setting the object and name/location of template.
First of all we define a class which handles and renders output depending on template engine used. In this case [FreeMarker](http://freemarker.incubator.apache.org/).
```java
public class FreeMarkerTemplateEngine extends TemplateEngine {
private Configuration configuration;
protected FreeMarkerTemplateEngine() {
this.configuration = createFreemarkerConfiguration();
}
@Override
public String render(ModelAndView modelAndView) {
try {
StringWriter stringWriter = new StringWriter();
Template template = configuration.getTemplate(modelAndView.getViewName());
template.process(modelAndView.getModel(), stringWriter);
return stringWriter.toString();
} catch (IOException e) {
throw new IllegalArgumentException(e);
} catch (TemplateException e) {
throw new IllegalArgumentException(e);
}
}
private Configuration createFreemarkerConfiguration() {
Configuration retVal = new Configuration();
retVal.setClassForTemplateLoading(FreeMarkerTemplateEngine.class, "freemarker");
return retVal;
}
}
```
Then we can use it to generate our content. Note how we are setting model data and view name. Because we are using FreeMarker, in this case a `Map` and the name of the template is required:
```java
public class FreeMarkerExample {
public static void main(String args[]) {
get("/hello", (request, response) -> {
Map<String, Object> attributes = new HashMap<>();
attributes.put("message", "Hello FreeMarker World");
// The hello.ftl file is located in directory:
// src/test/resources/spark/examples/templateview/freemarker
return modelAndView(attributes, "hello.ftl");
}, new FreeMarkerTemplateEngine());
}
}
```
---------------------------------
Example of using Transformer.
First of all we define the transformer class, in this case a class which transforms an object to JSON format using gson API.
```java
public class JsonTransformer implements ResponseTransformer {
private Gson gson = new Gson();
@Override
public String render(Object model) {
return gson.toJson(model);
}
}
```
And then the code which return a simple POJO to be transformed to JSON:
```java
public class TransformerExample {
public static void main(String args[]) {
get("/hello", "application/json", (request, response) -> {
return new MyMessage("Hello World");
}, new JsonTransformer());
}
}
```
Debugging
------------------
See [Spark-debug-tools](https://github.com/perwendel/spark-debug-tools) as a separate module.
文件快照
[4.0K] /data/pocs/5e5ee66175b3bb4d0a4be0bc8ebedb75c2318a87
├── [4.0K] changeset
│ ├── [ 951] 2.9.3-changeset.md
│ └── [ 527] 2.9.4-changeset.md
├── [4.0K] config
│ └── [1.9K] spark_formatter_intellij.xml
├── [ 11K] LICENSE
├── [8.9K] mvnw
├── [5.8K] mvnw.cmd
├── [5.0K] NOTICE
├── [7.3K] pom.xml
├── [ 13K] README.md
└── [4.0K] src
├── [4.0K] main
│ └── [4.0K] java
│ └── [4.0K] spark
│ ├── [ 961] Access.java
│ ├── [1.7K] Base64.java
│ ├── [4.2K] CustomErrorPages.java
│ ├── [4.0K] embeddedserver
│ │ ├── [1.5K] EmbeddedServerFactory.java
│ │ ├── [2.7K] EmbeddedServer.java
│ │ ├── [3.2K] EmbeddedServers.java
│ │ ├── [4.0K] jetty
│ │ │ ├── [2.6K] EmbeddedJettyFactory.java
│ │ │ ├── [6.5K] EmbeddedJettyServer.java
│ │ │ ├── [3.2K] HttpRequestWrapper.java
│ │ │ ├── [1.6K] JettyHandler.java
│ │ │ ├── [ 652] JettyServerFactory.java
│ │ │ ├── [1.9K] JettyServer.java
│ │ │ ├── [4.5K] SocketConnectorFactory.java
│ │ │ └── [4.0K] websocket
│ │ │ ├── [2.0K] WebSocketCreatorFactory.java
│ │ │ ├── [ 768] WebSocketHandlerClassWrapper.java
│ │ │ ├── [ 545] WebSocketHandlerInstanceWrapper.java
│ │ │ ├── [ 851] WebSocketHandlerWrapper.java
│ │ │ └── [3.3K] WebSocketServletContextHandlerFactory.java
│ │ └── [1.3K] NotSupportedException.java
│ ├── [2.0K] ExceptionHandlerImpl.java
│ ├── [ 572] ExceptionHandler.java
│ ├── [3.8K] ExceptionMapper.java
│ ├── [1.1K] Experimental.java
│ ├── [3.2K] FilterImpl.java
│ ├── [ 530] Filter.java
│ ├── [4.0K] globalstate
│ │ └── [1.3K] ServletFlag.java
│ ├── [1.8K] HaltException.java
│ ├── [4.0K] http
│ │ └── [4.0K] matching
│ │ ├── [2.3K] AfterAfterFilters.java
│ │ ├── [2.2K] AfterFilters.java
│ │ ├── [1.9K] BeforeFilters.java
│ │ ├── [2.1K] Body.java
│ │ ├── [2.4K] GeneralError.java
│ │ ├── [1.3K] Halt.java
│ │ ├── [7.4K] MatcherFilter.java
│ │ ├── [5.0K] RequestWrapper.java
│ │ ├── [3.7K] ResponseWrapper.java
│ │ ├── [3.1K] RouteContext.java
│ │ └── [2.7K] Routes.java
│ ├── [1.4K] ModelAndView.java
│ ├── [7.0K] QueryParamsMap.java
│ ├── [5.0K] Redirect.java
│ ├── [ 17K] Request.java
│ ├── [1.2K] RequestResponseFactory.java
│ ├── [4.0K] resource
│ │ ├── [6.2K] AbstractFileResolvingResource.java
│ │ ├── [4.2K] AbstractResourceHandler.java
│ │ ├── [6.5K] AbstractResource.java
│ │ ├── [3.3K] ClassPathResourceHandler.java
│ │ ├── [8.7K] ClassPathResource.java
│ │ ├── [3.3K] ExternalResourceHandler.java
│ │ ├── [2.5K] ExternalResource.java
│ │ ├── [2.1K] InputStreamResource.java
│ │ ├── [4.6K] Resource.java
│ │ └── [5.1K] UriPath.java
│ ├── [9.2K] Response.java
│ ├── [1.0K] ResponseTransformer.java
│ ├── [2.4K] ResponseTransformerRouteImpl.java
│ ├── [ 26K] Routable.java
│ ├── [4.0K] route
│ │ ├── [1.5K] HttpMethod.java
│ │ ├── [4.3K] RouteEntry.java
│ │ ├── [10.0K] Routes.java
│ │ ├── [ 956] ServletRoutes.java
│ │ └── [2.4K] SimpleRouteMatcher.java
│ ├── [ 90] RouteGroup.java
│ ├── [4.4K] RouteImpl.java
│ ├── [ 610] Route.java
│ ├── [4.0K] routematch
│ │ └── [1.9K] RouteMatch.java
│ ├── [4.0K] serialization
│ │ ├── [1.3K] BytesSerializer.java
│ │ ├── [1.2K] DefaultSerializer.java
│ │ ├── [1.2K] InputStreamSerializer.java
│ │ ├── [1.6K] SerializerChain.java
│ │ └── [2.2K] Serializer.java
│ ├── [ 30K] Service.java
│ ├── [4.0K] servlet
│ │ ├── [2.4K] FilterTools.java
│ │ ├── [ 942] SparkApplication.java
│ │ └── [7.3K] SparkFilter.java
│ ├── [3.9K] Session.java
│ ├── [ 43K] Spark.java
│ ├── [4.0K] ssl
│ │ └── [4.0K] SslStores.java
│ ├── [4.0K] staticfiles
│ │ ├── [1.4K] DirectoryTraversal.java
│ │ ├── [5.5K] MimeType.java
│ │ ├── [6.7K] StaticFilesConfiguration.java
│ │ └── [1.1K] StaticFilesFolder.java
│ ├── [1.4K] TemplateEngine.java
│ ├── [3.6K] TemplateViewRouteImpl.java
│ ├── [1.5K] TemplateViewRoute.java
│ └── [4.0K] utils
│ ├── [5.0K] Assert.java
│ ├── [ 11K] ClassUtils.java
│ ├── [1.7K] CollectionUtils.java
│ ├── [3.4K] GzipUtils.java
│ ├── [9.8K] IOUtils.java
│ ├── [6.8K] MimeParse.java
│ ├── [1.3K] ObjectUtils.java
│ ├── [ 14K] ResourceUtils.java
│ ├── [1.3K] SparkUtils.java
│ ├── [ 15K] StringUtils.java
│ ├── [4.0K] urldecoding
│ │ ├── [ 10K] TypeUtil.java
│ │ ├── [5.9K] UrlDecode.java
│ │ ├── [7.7K] Utf8Appendable.java
│ │ └── [1.8K] Utf8StringBuilder.java
│ └── [ 124] Wrapper.java
└── [4.0K] test
├── [4.0K] java
│ └── [4.0K] spark
│ ├── [ 684] Base64Test.java
│ ├── [2.1K] BodyAvailabilityTest.java
│ ├── [5.5K] BooksIntegrationTest.java
│ ├── [4.5K] CookiesIntegrationTest.java
│ ├── [4.0K] customerrorpages
│ │ └── [2.6K] CustomErrorPagesTest.java
│ ├── [4.0K] embeddedserver
│ │ ├── [2.8K] EmbeddedServersTest.java
│ │ └── [4.0K] jetty
│ │ ├── [4.7K] EmbeddedJettyFactoryTest.java
│ │ ├── [2.2K] JettyServerTest.java
│ │ ├── [5.4K] SocketConnectorFactoryTest.java
│ │ └── [4.0K] websocket
│ │ ├── [2.3K] WebSocketCreatorFactoryTest.java
│ │ ├── [6.3K] WebSocketServletContextHandlerFactoryTest.java
│ │ ├── [1.1K] WebSocketTestClient.java
│ │ └── [ 973] WebSocketTestHandler.java
│ ├── [4.0K] examples
│ │ ├── [4.0K] accept
│ │ │ └── [ 499] JsonAcceptTypeExample.java
│ │ ├── [4.0K] books
│ │ │ ├── [1.3K] Book.java
│ │ │ └── [3.7K] Books.java
│ │ ├── [4.0K] exception
│ │ │ ├── [ 144] BaseException.java
│ │ │ ├── [ 315] JWGmeligMeylingException.java
│ │ │ ├── [ 149] NotFoundException.java
│ │ │ └── [ 151] SubclassOfBaseException.java
│ │ ├── [4.0K] filter
│ │ │ ├── [1.1K] DummyFilter.java
│ │ │ ├── [1.6K] FilterExampleAttributes.java
│ │ │ ├── [2.6K] FilterExample.java
│ │ │ └── [ 938] FilterExampleWildcard.java
│ │ ├── [4.0K] gzip
│ │ │ ├── [ 898] GzipClient.java
│ │ │ └── [1.8K] GzipExample.java
│ │ ├── [4.0K] hello
│ │ │ ├── [ 416] HelloSecureWorld.java
│ │ │ └── [ 811] HelloWorld.java
│ │ ├── [4.0K] multiple
│ │ │ └── [1.5K] MultipleServices.java
│ │ ├── [4.0K] session
│ │ │ └── [1.1K] SessionExample.java
│ │ ├── [4.0K] simple
│ │ │ ├── [1.8K] SimpleExample.java
│ │ │ └── [2.2K] SimpleSecureExample.java
│ │ ├── [4.0K] staticresources
│ │ │ └── [1.1K] StaticResources.java
│ │ ├── [4.0K] sugar
│ │ │ ├── [ 973] http.java
│ │ │ └── [ 882] SugarExample.java
│ │ ├── [4.0K] templateview
│ │ │ ├── [ 657] FreeMarkerExample.java
│ │ │ └── [1.3K] FreeMarkerTemplateEngine.java
│ │ ├── [4.0K] transformer
│ │ │ ├── [ 663] DefaultTransformerExample.java
│ │ │ ├── [ 283] JsonTransformer.java
│ │ │ ├── [ 283] MyMessage.java
│ │ │ └── [ 309] TransformerExample.java
│ │ └── [4.0K] websocket
│ │ ├── [1.4K] EchoWebSocket.java
│ │ ├── [1.5K] PingWebSocket.java
│ │ └── [ 909] WebSocketExample.java
│ ├── [1.1K] ExceptionMapperTest.java
│ ├── [1.9K] FilterImplTest.java
│ ├── [ 983] FilterTest.java
│ ├── [ 20K] GenericIntegrationTest.java
│ ├── [5.4K] GenericSecureIntegrationTest.java
│ ├── [4.0K] globalstate
│ │ └── [1.6K] ServletFlagTest.java
│ ├── [2.1K] GzipTest.java
│ ├── [ 877] InitExceptionHandlerTest.java
│ ├── [2.1K] MultipleFiltersTest.java
│ ├── [4.8K] MultipleServicesTest.java
│ ├── [4.4K] QueryParamsMapTest.java
│ ├── [6.0K] RedirectTest.java
│ ├── [ 15K] RequestTest.java
│ ├── [4.0K] resource
│ │ └── [1.9K] UriPathTest.java
│ ├── [3.8K] ResponseBodyTest.java
│ ├── [ 11K] ResponseTest.java
│ ├── [1.8K] ResponseWrapperDelegationTest.java
│ ├── [4.0K] route
│ │ ├── [1.1K] HttpMethodTest.java
│ │ ├── [3.8K] RouteEntryTest.java
│ │ └── [ 843] Util.java
│ ├── [2.5K] RouteImplTest.java
│ ├── [4.0K] serialization
│ │ └── [1.2K] InputStreamSerializerTest.java
│ ├── [1.2K] ServicePortIntegrationTest.java
│ ├── [ 11K] ServiceTest.java
│ ├── [4.0K] servlet
│ │ ├── [1.2K] FilterConfigWrapper.java
│ │ ├── [1.8K] MyApp.java
│ │ └── [5.4K] ServletTest.java
│ ├── [4.1K] SessionTest.java
│ ├── [4.0K] staticfiles
│ │ ├── [3.5K] DisableMimeGuessingTest.java
│ │ ├── [4.3K] StaticFilesTestExternal.java
│ │ └── [6.1K] StaticFilesTest.java
│ ├── [3.1K] StaticFilesFromArchiveTest.java
│ ├── [5.9K] StaticFilesMemberTest.java
│ ├── [1.2K] UnmapTest.java
│ ├── [4.0K] util
│ │ ├── [1.8K] ResourceUtilsTest.java
│ │ └── [ 12K] SparkTestUtil.java
│ └── [4.0K] utils
│ ├── [1.8K] CollectionUtilsTest.java
│ ├── [1.3K] MimeParseTest.java
│ ├── [ 501] ObjectUtilsTest.java
│ └── [1.5K] SparkUtilsTest.java
├── [4.0K] resources
│ ├── [2.1K] keystore.jks
│ ├── [4.0K] public
│ │ ├── [4.0K] css
│ │ │ └── [ 19] style.css
│ │ ├── [4.0K] img
│ │ │ ├── [ 0] file.cxt
│ │ │ ├── [ 18K] sparklogo.png
│ │ │ ├── [ 18K] sparklogoPng
│ │ │ ├── [3.6K] sparklogo.svg
│ │ │ └── [3.6K] sparklogoSvg
│ │ ├── [4.0K] js
│ │ │ ├── [ 70] module.mjs
│ │ │ └── [ 33] scripts.js
│ │ ├── [ 51] page.html
│ │ └── [4.0K] pages
│ │ └── [ 45] index.html
│ ├── [ 525] public-jar.zip
│ └── [4.0K] spark
│ └── [4.0K] examples
│ └── [4.0K] templateview
│ └── [4.0K] freemarker
│ └── [ 19] hello.ftl
└── [4.0K] webapp
└── [4.0K] WEB-INF
└── [ 794] web.xml
63 directories, 207 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。