OWASP O2 Platform Blog

Using jQuery to consume an ASP.NET Ashx from JSON in two files

Here is a basic asp.net based JSON based ‘webservice’ which can be implemented with two files and requires no compilation

Javascript code (DataHandler.js):

function CallHandler() {
$.ajax({
url: "DataHandler.ashx",
contentType: "application/json; charset=utf-8",
dataType: "json",
data: { 'page': '100AAAAAf00' },
responseType: "json",
success: OnComplete,
error: OnFail
});
return false;
}

function OnComplete(result) {
alert(JSON.stringify(result));
}
function OnFail(result) {
alert('Request Failed');
}

CallHandler();

Server side code (DataHandler.ashx):

<%@ WebHandler Language="C#" %></pre>
&nbsp;

using System.Text;
using System.Web;
using System.Web.Script.Serialization;

public class test
{
public string var1 {get;set;}
public string var2 {get;set;}
public string page {get;set;}
public test()
{
var1 = "aaaa";
var2 = "bbb";
}
}

public class GetDataHandler : IHttpHandler
{
public HttpContext context;
public HttpRequest request;
public HttpResponse response;

public void handleRequest()
{
//writeRaw("this is a message");
writeJson(new test() { page = request["page"] });
}

public bool IsReusable
{
get { return false; }
}

public void ProcessRequest (HttpContext _context)
{
context = _context;
request = _context.Request;
response = _context.Response;
context.Response.ContentType = "application/json";
context.Response.ContentEncoding = Encoding.UTF8;

handleRequest();

}

public void writeJson(object _object)
{
JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
string jsondata = javaScriptSerializer.Serialize(_object);
writeRaw(jsondata);
}


public void writeRaw(string text)
{
context.Response.Write(text);
}
}

result

{"var1":"aaaa","var2":"bbb","page":"100AAAAAf00"}

references

based on source code samples from:

July 12, 2011 Posted by | IE Automation, jQuery | 1 Comment

O2 Script: ‘Spring MVC Util – View Controllers’

This Script creates a view for the Spring MVC mapping objects created by the SpringMvcMappings_v2 API.

This is a very important script since it provides a very clear view of a Spring MVC application URLs, Controllers and CommandClass

The Command Class view can be quite spectacular since it is common to find massive AutoBinded POJOs (some even with recursion)

Here is a video showing this script in action:

Here is the code:

var topPanel = O2Gui.open&amp;lt;Panel&amp;gt;(&amp;quot;Spring MVC Util - View Controllers&amp;quot;,1000,400);
//var topPanel = panel.clear().add_Panel();&amp;lt;/pre&amp;gt;
&amp;amp;nbsp;
var baseDir = PublicDI.CurrentScript.directoryName();

var xmlFile = baseDir.pathCombine(@&amp;quot;sourceCode\war\WEB-INF\petstore-servlet.xml&amp;quot;);
var mcvMappingsFile = &amp;quot;{0}.mvcMappings.xml&amp;quot;.format(xmlFile);
var webAppClassFiles = baseDir.pathCombine(&amp;quot;jPetStore.classes.zip.xml&amp;quot;);

var coreClassFiles = baseDir.pathCombine(&amp;quot;jPetStore.classes.zip.xml&amp;quot;);

Func&amp;lt;string,string,string&amp;gt; resolveGetterReturnType =
(methodName, returnType) =&amp;gt; {
&amp;quot;in resolveGetterReturnType: {0}  -    {1}&amp;quot;.debug(methodName, returnType);
if (methodName ==&amp;quot;getLineItems&amp;quot;)
return &amp;quot;org.springframework.samples.jpetstore.domain.LineItem&amp;quot;;
return returnType;
};

var mvcMappings = (mcvMappingsFile.fileExists())
? mcvMappingsFile.load&amp;lt;SpringMvcMappings&amp;gt;()
: xmlFile.springMvcMappings()
.mapCommandClass_using_XRefs(webAppClassFiles);

var xRefs = coreClassFiles.javaMetadata().map_JavaMetadata_XRefs();

var byCommandClass = mvcMappings.controllers_by_CommandClass();

var treeView = topPanel.add_TreeView_with_PropertyGrid(true).sort();
var codeViewer = topPanel.insert_Right().add_SourceCodeViewer();
Action&amp;lt;string&amp;gt; onClassSelected =
(@class) =&amp;gt; {
if (xRefs.Classes_by_Signature.hasKey(@class))
codeViewer.open(xRefs.Classes_by_Signature[@class].file());
};
var _treeView = codeViewer.insert_Above().add_TreeView_For_CommandClasses_Visualization(xRefs, onClassSelected, resolveGetterReturnType);

treeView.afterSelect&amp;lt;String&amp;gt;(
(javaClass)=&amp;gt;{
if (javaClass.valid() &amp;amp;&amp;amp; javaClass !=&amp;quot;[no commandName]&amp;quot;)
{
var file = &amp;quot;{0}.java&amp;quot;.format(javaClass.replace(&amp;quot;.&amp;quot;,&amp;quot;\\&amp;quot;));
_treeView.clear();
_treeView.add_Node(javaClass, javaClass,true);
codeViewer.open(file);
}
else
codeViewer.set_Text(&amp;quot;&amp;quot;);
});

treeView.afterSelect&amp;lt;SpringMvcController&amp;gt;(
(mvcController)=&amp;gt;{
if (mvcController.FileName.valid())
codeViewer.open(mvcController.FileName);
_treeView.clear();
if (mvcController.CommandClass.valid())
_treeView.add_Node(mvcController.CommandClass, mvcController.CommandClass,true);
});

var byCommandClassNode = treeView.add_Node(&amp;quot;by CommandClass&amp;quot;);
foreach(var mapping in     byCommandClass)
byCommandClassNode.add_Node(mapping.Key,mapping.Key)
.add_Nodes(mapping.Value);

var byJavaClassNode = treeView.add_Node(&amp;quot;by JavaClass&amp;quot;);
foreach(var mapping in  mvcMappings.controllers_by_JavaClass())
byJavaClassNode.add_Node(mapping.Key,mapping.Value);

var byUrlNode = treeView.add_Node(&amp;quot;by Url&amp;quot;);
foreach(var controller in  mvcMappings.Controllers)
byUrlNode.add_Node(controller.HttpRequestUrl,controller);

treeView.focus();
return &amp;quot;ok&amp;quot;;
//using O2.XRules.Database.Languages_and_Frameworks.J2EE
//using O2.XRules.Database.APIs.IKVM
//O2File:spring-servlet-2.0.xsd.cs
//O2File:SpringMvcMappings_v2.0.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll

July 12, 2011 Posted by | JPetStore, Spring MVC, videos | Leave a comment

O2 Script for “Spring MVC JPetStore – Start Servers” (start/stop apache and hsqldb)

Part of the Spring MVC O2 demos, this script will:

  • Create a Gui to allow easy start and stop of the JPetStore servers (web and db)
  • Shows how to start an apache server and hsqldb directly (i.e. without using *.bat files)
  • Provide links to the other jPetStore Spring MVC *.h2 scripts

Here is a video of this script in action:

This script is included in the jPetStore O2 Demo Pack which can be downloaded from here (includes JPetStore and Apache):

Here is the script:

var topPanel = O2Gui.open<Panel>("JPetStore - Start Servers",1000,400);
//var topPanel = panel.clear().add_Panel();
Process hsqldbProcess = null;
Process apacheProcess = null;
var actionPanel = topPanel.insert_Above(20);
topPanel.add_LogViewer();
var ie = topPanel.insert_Right().add_IE();</pre>
&nbsp;

//Processes.getProcessesCalled("java").stop();
var currentFolder = PublicDI.CurrentScript.directoryName();

Action startServers =
()=>{
"Starting Db and Web servers".debug();
// start db server (hsqldb)
hsqldbProcess = Processes.startProcessAndRedirectIO("java",
@"-classpath .\hsqldb.jar org.hsqldb.Server -database jpetstore",
currentFolder.pathCombine("hsqldb"),
PublicDI.log.info);

//start web server (apache)
var tomcatFolder = currentFolder.pathCombine("apache-tomcat-7.0.16");
var apacheBinDirectory =  tomcatFolder.pathCombine("bin");

var apacheStartParameters = ("-Djava.util.logging.config.file=\"{0}\\conf\\logging.properties\" " +
"-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager   " +
"-Djava.endorsed.dirs=\"{0}\\endorsed\" " +
"-classpath \"{0}\\bin\\bootstrap.jar;{0}\\bin\\tomcat-juli.jar\" " +
"-Dcatalina.base=\"{0}\" -Dcatalina.home=\"{0}\" " +
"-Djava.io.tmpdir=\"{0}\\temp\" org.apache.catalina.startup.Bootstrap  start"
).format(tomcatFolder) ;

apacheProcess = Processes.startProcessAndRedirectIO("java",
apacheStartParameters,
currentFolder.pathCombine("hsqldb"),
PublicDI.log.info);
};

Action stopServers =
()=>{
"Stopping Db and Web servers".debug();
apacheProcess.stop();
hsqldbProcess.stop();
};
Action openJPetStore =
()=>{
ie.open("http://localhost:8080/jpetstore");
ie.link("Enter the Store").click();
ie.links().where((link)=> link.url().contains("FISH"))[0].click();
};
actionPanel.add_Link("Start Servers",0,0,()=>startServers())
.append_Link("Stop Servers",()=>stopServers())
.append_Link("Enter JPetStore and open a Page", ()=> openJPetStore())
.append_Link("JpetStore - BlackBox Exploits.h2" ,()=> "JpetStore - BlackBox Exploits.h2".local().executeH2Script() )
.append_Link("JPetStore - View Controllers.h2"  ,()=> currentFolder.pathCombine("JPetStore - View Controllers.h2").executeH2Script() );   ;


return "ok";

//using System.Diagnostics
//O2File:WatiN_IE_ExtensionMethods.cs
//using O2.XRules.Database.Utils.O2
//O2Ref:WatiN.Core.1x.dll

July 12, 2011 Posted by | JPetStore, Spring MVC, videos, WatiN | Leave a comment