Class SearchHandler

java.lang.Object
org.codelibs.fess.api.v2.handlers.SearchHandler

public class SearchHandler extends Object
Handles the /api/v2/search endpoint.

Mirrors v1's SearchApiManager#processSearchRequest (the original 180-line method) but emits the v2 envelope through V2EnvelopeWriter instead of hand-rolling JSON via StringBuilder. Wire-level field names are preserved (snake_case) so existing v1 clients can upgrade with minimal changes; the only structural difference is the outer envelope shape.

This class is intentionally stateless so the manager can hold a single instance and dispatch concurrent requests through it without locking.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Default constructor.
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Processes one /api/v2/search request.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • SearchHandler

      public SearchHandler()
      Default constructor. The handler is stateless and intended to be instantiated once by the API manager and shared across concurrent requests.
  • Method Details

    • handle

      public void handle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Processes one /api/v2/search request.

      Rejects non-GET methods with V2ErrorCode.METHOD_NOT_ALLOWED. InvalidQueryException and ResultOffsetExceededException surface as invalid_request (400) so client SDKs can distinguish user errors from internal_error (500) — matching v1's split between SC_BAD_REQUEST and SC_INTERNAL_SERVER_ERROR.

      Referer allowlist (MJ-21): v1's SearchApiManager enforced isAcceptedSearchReferer (~line 262/860) as a browser-driven scraping defence. v2 omits this check deliberately: state-changing endpoints are protected by the CSRF token enforced by CsrfRequirement, and idempotent GETs carry no side-effects that require Referer gating. If the deployment needs Referer-based rate-limiting, add it in a filter or gateway layer rather than in the handler.

      Parameters:
      request - the incoming HTTP request
      response - the HTTP response to write to
      Throws:
      IOException - if writing the envelope fails