[REPO-1607] Replace custom reading Implementation-* from MANIFEST.MF by java.lang.Package methods - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.2.0
Component/s: None
Labels:
None

Sprint:
Platform Sprint 145, Platform Sprint 147

Description

There are some that have been reading Implementation-* attributes from the MANIFEST.MF resource manually by manipulating relative URL path using ../../../../, which doesn't seem to be very safe, as explained in ~~HSTTWO-3890~~.

I'd like to propose changes in the following:

org.hippoecm.repository.impl.RepositoryDecorator#getDescriptor(String) reads Implementation-Version manually.
This should be replaced by getClass().getPackage().getImplementationVersion() simply.
org.hippoecm.repository.StatusServlet uses RepoUtils.getManifestURL(getClass()) to read MANIFEST.MF input stream and reads Implementation-Version and Implementation-Build manually, as a fallback if there's no custom overriding MANIFEST.MF in the classpath.
This uses RepoUtils#getManifestURL().
As a conservative approach, we should use StatusServlet.class.getPackage().getImplementationVersion() if the implementation version is not found from MANIFEST.MF in any cases.

Attachments

Issue Links

relates to

HSTTWO-3890 HstServices#getImplementationVersion() might not work in non-Tomcat or jar-non-exploded envs

Closed

CMS-10557 Replace custom reading Implementation-* from MANIFEST.MF by java.lang.Package methods

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Woonsan Ko (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Dec/16 8:29 PM

Updated:: 05/Jan/17 1:35 PM

Resolved:: 05/Jan/17 1:35 PM