前回、jersey-freemarkerモジュールでデフォルトエンコーディングが指定されていないため、文字化けおよび例外が発生することを確認しました。では修正してみましょう。
とりあえず公開ソースを見る限りGPLまたはCDDLのデュアルライセンスなので改変はOKと。
- クラスの作成
デフォルトエンコーディングおよびURLエンコーディング方式を明記したexamlpe.viewprocessor.FreemarkerViewProcessorクラスのソース。
(エンコードベタ書きはちょっとかっこ悪いため、後でServletのinit-paramから読み込むよう改変予定)
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2012 ka-ka-xyz (kakaxyz.kakaxyz at-mark gmail dot com) * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development * and Distribution License("CDDL") (collectively, the "License"). You * may not use this file except in compliance with the License. You can * obtain a copy of the License at * http://glassfish.java.net/public/CDDL+GPL_1_1.html * or packager/legal/LICENSE.txt. See the License for the specific * language governing permissions and limitations under the License. * * When distributing the software, include this License Header Notice in each * file and include the License file at packager/legal/LICENSE.txt. * * GPL Classpath Exception: * Oracle designates this particular file as subject to the "Classpath" * exception as provided by Oracle in the GPL Version 2 section of the License * file that accompanied this code. * * Modifications: * If applicable, add the following below the License Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyright [year] [name of copyright owner]" * * Contributor(s): * If you wish your version of this file to be governed by only the CDDL or * only the GPL Version 2, indicate your decision by adding "[Contributor] * elects to include this software in this distribution under the [CDDL or GPL * Version 2] license." If you don't indicate a single choice of license, a * recipient has the option to distribute your version of this file under * either the CDDL, the GPL Version 2 or to extend the choice of license to * its licensees as provided above. However, if you add GPL Version 2 code * and therefore, elected the GPL Version 2 license, then the option applies * only if the new code is made subject to such option by the copyright * holder. */ package example.viewprocessor; import com.sun.jersey.api.container.ContainerException; import com.sun.jersey.api.core.ResourceConfig; import com.sun.jersey.api.view.Viewable; import com.sun.jersey.spi.template.ViewProcessor; import freemarker.template.Configuration; import freemarker.template.DefaultObjectWrapper; import freemarker.template.Template; import freemarker.template.TemplateException; import javax.ws.rs.core.Context; import javax.ws.rs.core.UriInfo; import java.io.IOException; import java.io.OutputStream; import java.io.OutputStreamWriter; /** * @author pavel.bucek@oracle.com */ public class FreemarkerViewProcessor implements ViewProcessor<String> { /** * Freemarker templates base path. * * Mandatory parameter, it has to be set if you plan to use freemarker * to generate your views. */ public final static String FREEMARKER_TEMPLATES_BASE_PATH = "com.sun.jersey.freemarker.templateBasePath"; private final Configuration configuration; private @Context UriInfo uriInfo; private String basePath; public FreemarkerViewProcessor(@Context ResourceConfig resourceConfig) { configuration = new Configuration(); configuration.setObjectWrapper(new DefaultObjectWrapper()); configuration.setDefaultEncoding("UTF-8"); configuration.setOutputEncoding("UTF-8"); configuration.setURLEscapingCharset("UTF-8"); String path = (String)resourceConfig.getProperties().get( FREEMARKER_TEMPLATES_BASE_PATH); if (path == null) this.basePath = ""; else if (path.charAt(0) == '/') { this.basePath = path; } else { this.basePath = "/" + path; } } @Override public String resolve(String path) { if (basePath != "") path = basePath + path; if (uriInfo.getMatchedResources().get(0).getClass().getResource(path) != null) { return path; } if (!path.endsWith(".ftl")) { path = path + ".ftl"; if (uriInfo.getMatchedResources().get(0).getClass().getResource(path) != null) { return path; } } return null; } @Override public void writeTo(String resolvedPath, Viewable viewable, OutputStream out) throws IOException { // Commit the status and headers to the HttpServletResponse out.flush(); configuration.setClassForTemplateLoading(uriInfo.getMatchedResources().get(0).getClass(), "/"); final Template template = configuration.getTemplate(resolvedPath); try { template.process(viewable.getModel(), new OutputStreamWriter(out, "UTF-8")); } catch(TemplateException te) { throw new ContainerException(te); } } }
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>example</groupId> <artifactId>JerseyFreemarkerExample</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <dependencies> <dependency> <groupId>com.sun.jersey</groupId> <artifactId>jersey-server</artifactId> <version>1.13</version> </dependency> <dependency> <groupId>com.sun.jersey</groupId> <artifactId>jersey-json</artifactId> <version>1.13</version> </dependency> <dependency> <groupId>com.sun.jersey</groupId> <artifactId>jersey-servlet</artifactId> <version>1.14</version> </dependency> <dependency> <groupId>com.sun.jersey.contribs</groupId> <artifactId>jersey-freemarker</artifactId> <version>1.14</version> </dependency> <dependency> <groupId>servletapi</groupId> <artifactId>servletapi</artifactId> <version>2.4</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>2.0.2</version> <configuration> <source>1.6</source> <target>1.6</target> <encoding>UTF-8</encoding> </configuration> </plugin> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> <configuration> <contextPath>/Sample</contextPath> <scanIntervalSeconds>10</scanIntervalSeconds> <connectors> <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector"> <port>8080</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> </plugins> <finalName>Sample</finalName> </build> </project>
- ServiceLocatorの設定
ファイルの配置場所: src/main/resources/META-INF/services
ファイル名: com.sun.jersey.spi.template.ViewProcessor
内容: examlpe.viewprocessor.FreemarkerViewProcessor
上記ファイルをWebアプリケーションの"WEB_APP_ROOT/WEB-INF/classes/META-INF/services/com.sun.jersey.spi.template.ViewProcessor"へ配置すると、Java ServiceLocatorによってViewProcessor実装として上記ファイルで指定したFreemarkerViewProcessorクラスがロードされます。
出力結果
http://localhost:8080/Sample/person/list.htmlへのアクセスした結果がこちら。
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Language" content="ja" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Welcome!</title> </head> <body> <table> <tr> <th>名前</th> <th>メモ</th> </tr> <tr> <td>100000001</td> <!-- null値が入っているとExceptionとなるのでチェック--> <td>ニュー速・デ・やる夫</td> <!-- null値が入っているとExceptionとなるのでチェック--> </tr> <tr> <td>100000002</td> <!-- null値が入っているとExceptionとなるのでチェック--> <td>VIP・デ・やらない夫</td> <!-- null値が入っているとExceptionとなるのでチェック--> <td>メモ<script>alert('今時XSS脆弱性とかあり得ないだろ常考')</script><td>タグ埋め込み</td><td>メモ</td> </tr> </table> </body> </html>
文字化け無く、上記htmlが出力されます。
