shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject [2/4] shiro git commit: Added fix to adjust how the servlet context path is handled
Date Mon, 26 Sep 2016 14:30:55 GMT
Added fix to adjust how the servlet context path is handled

Based on a thread from the Servlet Expert Group


Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/9caeeab0
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/9caeeab0
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/9caeeab0

Branch: refs/heads/master
Commit: 9caeeab0a60ae1f05f2b045e5bbfa8eff7106e20
Parents: baaf4f5
Author: Brian Demers <bdemers@apache.org>
Authored: Fri Sep 9 16:26:57 2016 -0400
Committer: Brian Demers <bdemers@apache.org>
Committed: Mon Sep 26 10:23:21 2016 -0400

----------------------------------------------------------------------
 .../org/apache/shiro/web/util/WebUtils.java     |   5 +-
 .../apache/shiro/web/util/WebUtilsTest.groovy   | 158 +++++++++++++++++++
 2 files changed, 161 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/shiro/blob/9caeeab0/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
index 561dae9..3f3f750 100644
--- a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
+++ b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
@@ -248,11 +248,12 @@ public class WebUtils {
         if (contextPath == null) {
             contextPath = request.getContextPath();
         }
+        contextPath = normalize(decodeRequestString(request, contextPath));
         if ("/".equals(contextPath)) {
-            // Invalid case, but happens for includes on Jetty: silently adapt it.
+            // the normalize method will return a "/" and includes on Jetty, will also be
a "/".
             contextPath = "";
         }
-        return decodeRequestString(request, contextPath);
+        return contextPath;
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/shiro/blob/9caeeab0/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
----------------------------------------------------------------------
diff --git a/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
new file mode 100644
index 0000000..08cfce9
--- /dev/null
+++ b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
@@ -0,0 +1,158 @@
+package org.apache.shiro.web.util
+
+import org.junit.Assert
+import org.junit.Test
+
+import javax.servlet.http.HttpServletRequest
+
+import static org.easymock.EasyMock.*
+import static org.junit.Assert.*
+
+/**
+ * Tests for {@link WebUtils}.
+ */
+public class WebUtilsTest {
+
+    @Test
+    void testGetContextPathIncludes() {
+        def request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/context-path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context-path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("//context-path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context-path", WebUtils.getContextPath(request)
+        verify request
+    }
+
+    @Test
+    void testGetContextPath() {
+
+        def request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/context-path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context-path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("//context-path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context-path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/context%20path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/c%6Fntext%20path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/context path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context path", WebUtils.getContextPath(request)
+        verify request
+
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/context%2525path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        assertEquals "/context%25path", WebUtils.getContextPath(request)
+        verify request
+
+        // non visible character's are NOT normalized, such as a backspace
+        request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+        expect(request.getContextPath()).andReturn("/context-%08path")
+        expect(request.getCharacterEncoding()).andReturn("UTF-8")
+        replay request
+        def expected = "/context-" + (char) 0x08 + "path"
+        assertEquals expected, WebUtils.getContextPath(request)
+        verify request
+
+    }
+
+
+    @Test
+    void testGetPathWithinApplication() {
+
+        doTestGetPathWithinApplication("/", "/foobar", "/foobar");
+        doTestGetPathWithinApplication("", "/foobar", "/foobar");
+        doTestGetPathWithinApplication("", "foobar", "/foobar");
+        doTestGetPathWithinApplication("/", "foobar", "/foobar");
+        doTestGetPathWithinApplication("//", "foobar", "/foobar");
+        doTestGetPathWithinApplication("//", "//foobar", "/foobar");
+        doTestGetPathWithinApplication("/context-path", "/context-path/foobar", "/foobar");
+        doTestGetPathWithinApplication("/context-path", "/context-path/foobar/", "/foobar/");
+        doTestGetPathWithinApplication("//context-path", "//context-path/foobar", "/foobar");
+        doTestGetPathWithinApplication("//context-path", "//context-path//foobar", "/foobar");
+        doTestGetPathWithinApplication("//context-path", "//context-path/remove-one/remove-two/../../././/foobar",
"/foobar");
+        doTestGetPathWithinApplication("//context-path", "//context-path//../../././/foobar",
null);
+        doTestGetPathWithinApplication("/context%2525path", "/context%2525path/foobar", "/foobar");
+        doTestGetPathWithinApplication("/c%6Fntext%20path", "/c%6Fntext%20path/foobar", "/foobar");
+        doTestGetPathWithinApplication("/context path", "/context path/foobar", "/foobar");
+
+    }
+
+    void doTestGetPathWithinApplication(String contextPath, String requestUri, String expectedValue)
{
+
+        def request = createMock(HttpServletRequest)
+        expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(contextPath)
+        expect(request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE)).andReturn(requestUri)
+        expect(request.getCharacterEncoding()).andReturn("UTF-8").times(2)
+        replay request
+        assertEquals expectedValue, WebUtils.getPathWithinApplication(request)
+        verify request
+    }
+}


Mime
View raw message