You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by jo...@apache.org on 2010/08/05 00:34:48 UTC
svn commit: r982425 - in /shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/servlet/
main/java/org/apache/shindig/gadgets/uri/
test/java/org/apache/shindig/gadgets/servlet/
Author: johnh
Date: Wed Aug 4 22:34:48 2010
New Revision: 982425
URL: http://svn.apache.org/viewvc?rev=982425&view=rev
Log:
Finishes pulling out HTTP-specific request logic from ProxyHandler, and moves it
to ProxyServlet. In doing so, this CL replaces HttpRequest with
ProxyUriManager.ProxyUri as the request object to the ProxyHandler.fetch(...)
method.
Additional details:
* Locked-domain sanity-checking pulled into ProxyServlet.
* NOTE: X-Forwarded-For header logic has been REMOVED due to this CL. I'm
unaware of a specific use for this header, and equivalent functionality can (and
perhaps should, for consistency) be placed in RequestPipeline implementations.
Even so, this is mostly an educated guess on my part. Please speak up if you
feel it important in any way.
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java Wed Aug 4 22:34:48 2010
@@ -25,7 +25,6 @@ import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
-import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
@@ -38,65 +37,40 @@ import org.apache.shindig.gadgets.uri.Ur
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.util.logging.Logger;
/**
* Handles open proxy requests.
*/
@Singleton
public class ProxyHandler {
- private static final Logger LOG = Logger.getLogger(ProxyHandler.class.getName());
-
// TODO: parameterize these.
static final Integer LONG_LIVED_REFRESH = (365 * 24 * 60 * 60); // 1 year
static final Integer DEFAULT_REFRESH = (60 * 60); // 1 hour
private final RequestPipeline requestPipeline;
- private final LockedDomainService lockedDomainService;
private final ResponseRewriterRegistry contentRewriterRegistry;
- private final ProxyUriManager proxyUriManager;
@Inject
public ProxyHandler(RequestPipeline requestPipeline,
- LockedDomainService lockedDomainService,
- ResponseRewriterRegistry contentRewriterRegistry,
- ProxyUriManager proxyUriManager) {
+ ResponseRewriterRegistry contentRewriterRegistry) {
this.requestPipeline = requestPipeline;
- this.lockedDomainService = lockedDomainService;
this.contentRewriterRegistry = contentRewriterRegistry;
- this.proxyUriManager = proxyUriManager;
}
/**
* Generate a remote content request based on the parameters sent from the client.
*/
- private HttpRequest buildHttpRequest(HttpRequest request,
+ private HttpRequest buildHttpRequest(
ProxyUriManager.ProxyUri uriCtx, Uri tgt) throws GadgetException {
ServletUtil.validateUrl(tgt);
HttpRequest req = uriCtx.makeHttpRequest(tgt);
- ServletUtil.setXForwardedForHeader(request, req);
+ req.setRewriteMimeType(uriCtx.getRewriteMimeType());
return req;
}
- public HttpResponse fetch(HttpRequest request)
+ public HttpResponse fetch(ProxyUriManager.ProxyUri proxyUri)
throws IOException, GadgetException {
- // Parse request uri:
- ProxyUriManager.ProxyUri proxyUri = proxyUriManager.process(request.getUri());
-
- // TODO: Consider removing due to redundant logic.
- String host = request.getHeader("Host");
- if (!lockedDomainService.isSafeForOpenProxy(host)) {
- // Force embedded images and the like to their own domain to avoid XSS
- // in gadget domains.
- Uri resourceUri = proxyUri.getResource();
- String msg = "Embed request for url " +
- (resourceUri != null ? resourceUri.toString() : "n/a") + " made to wrong domain " + host;
- LOG.info(msg);
- throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg,
- HttpResponse.SC_BAD_REQUEST);
- }
-
- HttpRequest rcr = buildHttpRequest(request, proxyUri, proxyUri.getResource());
+ HttpRequest rcr = buildHttpRequest(proxyUri, proxyUri.getResource());
if (rcr == null) {
throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
"No url parameter in request", HttpResponse.SC_BAD_REQUEST);
@@ -108,7 +82,7 @@ public class ProxyHandler {
// Error: try the fallback. Particularly useful for proxied images.
Uri fallbackUri = proxyUri.getFallbackUri();
if (fallbackUri != null) {
- HttpRequest fallbackRcr = buildHttpRequest(request, proxyUri, fallbackUri);
+ HttpRequest fallbackRcr = buildHttpRequest(proxyUri, fallbackUri);
results = requestPipeline.execute(fallbackRcr);
}
}
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyServlet.java Wed Aug 4 22:34:48 2010
@@ -19,11 +19,15 @@
package org.apache.shindig.gadgets.servlet;
import org.apache.shindig.common.servlet.InjectedServlet;
+import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.gadgets.GadgetException;
-import org.apache.shindig.gadgets.http.HttpRequest;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
+import org.apache.shindig.gadgets.uri.ProxyUriManager;
import java.io.IOException;
+import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -39,22 +43,42 @@ import com.google.inject.Inject;
public class ProxyServlet extends InjectedServlet {
private static final long serialVersionUID = 9085050443492307723L;
+ private static final Logger LOG = Logger.getLogger(ProxyServlet.class.getName());
+
+ private transient ProxyUriManager proxyUriManager;
+ private transient LockedDomainService lockedDomainService;
private transient ProxyHandler proxyHandler;
private transient boolean initialized;
@Inject
public void setProxyHandler(ProxyHandler proxyHandler) {
- if (initialized) {
- throw new IllegalStateException("Servlet already initialized");
- }
+ checkInitialized();
this.proxyHandler = proxyHandler;
}
+
+ @Inject
+ public void setProxyUriManager(ProxyUriManager proxyUriManager) {
+ checkInitialized();
+ this.proxyUriManager = proxyUriManager;
+ }
+
+ @Inject
+ public void setLockedDomainService(LockedDomainService lockedDomainService) {
+ checkInitialized();
+ this.lockedDomainService = lockedDomainService;
+ }
@Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
initialized = true;
}
+
+ private void checkInitialized() {
+ if (initialized) {
+ throw new IllegalStateException("Servlet already initialized");
+ }
+ }
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse servletResponse)
@@ -63,11 +87,27 @@ public class ProxyServlet extends Inject
servletResponse.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
}
-
- HttpRequest req = ServletUtil.fromHttpServletRequest(request);
+
+ Uri reqUri = new UriBuilder(request).toUri();
HttpResponse response = null;
try {
- response = proxyHandler.fetch(req);
+ // Parse request uri:
+ ProxyUriManager.ProxyUri proxyUri = proxyUriManager.process(reqUri);
+
+ // TODO: Consider removing due to redundant logic.
+ String host = request.getHeader("Host");
+ if (!lockedDomainService.isSafeForOpenProxy(host)) {
+ // Force embedded images and the like to their own domain to avoid XSS
+ // in gadget domains.
+ Uri resourceUri = proxyUri.getResource();
+ String msg = "Embed request for url " +
+ (resourceUri != null ? resourceUri.toString() : "n/a") + " made to wrong domain " + host;
+ LOG.info(msg);
+ throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg,
+ HttpResponse.SC_BAD_REQUEST);
+ }
+
+ response = proxyHandler.fetch(proxyUri);
} catch (GadgetException e) {
response = ServletUtil.errorResponse(new GadgetException(e.getCode(), e.getMessage(),
HttpServletResponse.SC_BAD_REQUEST));
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/ProxyUriManager.java Wed Aug 4 22:34:48 2010
@@ -56,7 +56,7 @@ public interface ProxyUriManager {
public ProxyUri(Integer refresh, boolean debug, boolean noCache,
String container, String gadget, Uri resource) {
- super(null, refresh, debug, noCache, container, gadget);
+ super(UriStatus.VALID_UNVERSIONED, refresh, debug, noCache, container, gadget);
this.resource = resource;
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/GadgetsHandlerTest.java Wed Aug 4 22:34:48 2010
@@ -122,7 +122,7 @@ public class GadgetsHandlerTest extends
registerGadgetsHandler(null);
JSONObject request = makeMetadataRequest(null, null, "[moo]");
RpcHandler operation = registry.getRpcHandler(request);
- Object empty = operation.execute(emptyFormItems, token, converter).get();
+ operation.execute(emptyFormItems, token, converter).get();
}
@Test(expected = ExecutionException.class)
@@ -130,7 +130,7 @@ public class GadgetsHandlerTest extends
registerGadgetsHandler(null);
JSONObject request = makeTokenRequest("[moo]");
RpcHandler operation = registry.getRpcHandler(request);
- Object empty = operation.execute(emptyFormItems, token, converter).get();
+ operation.execute(emptyFormItems, token, converter).get();
}
@Test
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java Wed Aug 4 22:34:48 2010
@@ -27,10 +27,8 @@ import com.google.common.collect.Maps;
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.uri.Uri;
-import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.config.ContainerConfig;
import org.apache.shindig.gadgets.GadgetException;
-import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
@@ -39,12 +37,10 @@ import org.apache.shindig.gadgets.rewrit
import org.apache.shindig.gadgets.rewrite.DefaultResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.ResponseRewriter;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterRegistry;
-import org.apache.shindig.gadgets.uri.PassthruManager;
import org.apache.shindig.gadgets.uri.ProxyUriManager;
import org.apache.shindig.gadgets.uri.UriCommon.Param;
import org.easymock.Capture;
-import org.junit.Before;
import org.junit.Test;
import java.util.Arrays;
@@ -55,21 +51,14 @@ public class ProxyHandlerTest extends Ea
private final static String URL_ONE = "http://www.example.org/test.html";
private final static String DATA_ONE = "hello world";
- private final ProxyUriManager passthruManager = new PassthruManager();
- public final LockedDomainService lockedDomainService = mock(LockedDomainService.class);
public final RequestPipeline pipeline = mock(RequestPipeline.class);
public CaptureRewriter rewriter = new CaptureRewriter();
public ResponseRewriterRegistry rewriterRegistry
= new DefaultResponseRewriterRegistry(Arrays.<ResponseRewriter>asList(rewriter), null);
- private HttpRequest request;
+ private ProxyUriManager.ProxyUri request;
private final ProxyHandler proxyHandler
- = new ProxyHandler(pipeline, lockedDomainService, rewriterRegistry, passthruManager);
-
- @Before
- public void setUp() {
- request = new HttpRequest(Uri.parse(URL_ONE));
- }
+ = new ProxyHandler(pipeline, rewriterRegistry);
private void expectGetAndReturnData(String url, byte[] data) throws Exception {
HttpRequest req = new HttpRequest(Uri.parse(url));
@@ -84,36 +73,23 @@ public class ProxyHandlerTest extends Ea
expect(pipeline.execute(req)).andReturn(resp);
}
- private UriBuilder setupProxyRequestBase(String host) {
- UriBuilder builder = new UriBuilder().setScheme("http").setAuthority(host);
- request.setHeader("Host", host);
- return builder;
+ private void setupProxyRequestMock(String host, String url,
+ boolean noCache, int refresh, String rewriteMime, String fallbackUrl) throws Exception {
+ request = new ProxyUriManager.ProxyUri(
+ refresh, false, noCache, ContainerConfig.DEFAULT_CONTAINER, null, Uri.parse(url));
+ request.setFallbackUrl(fallbackUrl);
+ request.setRewriteMimeType(rewriteMime);
}
- private void setupProxyRequestMock(String host, String url, String... params)
- throws Exception {
- UriBuilder builder = setupProxyRequestBase(host);
- if (url != null) {
- builder.addQueryParameter(Param.URL.getKey(), url);
- }
- builder.addQueryParameter(Param.CONTAINER.getKey(), ContainerConfig.DEFAULT_CONTAINER);
- if (params != null && params.length > 0) {
- for (int i = 0; i < params.length; i += 2) {
- builder.addQueryParameter(params[i], params[i+1]);
- }
- }
- request.setUri(builder.toUri());
- }
-
- private void setupFailedProxyRequestMock(String host, String url) throws Exception {
- UriBuilder builder = setupProxyRequestBase(host);
- request.setUri(builder.toUri());
+ private void setupNoArgsProxyRequestMock(String host, String url) throws Exception {
+ request = new ProxyUriManager.ProxyUri(
+ -1, false, false, ContainerConfig.DEFAULT_CONTAINER, null,
+ url != null ? Uri.parse(url) : null);
}
@Test
public void testLockedDomainEmbed() throws Exception {
- setupProxyRequestMock("www.example.com", URL_ONE);
- expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(true);
+ setupNoArgsProxyRequestMock("www.example.com", URL_ONE);
expectGetAndReturnData(URL_ONE, DATA_ONE.getBytes());
replay();
@@ -126,8 +102,7 @@ public class ProxyHandlerTest extends Ea
@Test(expected=GadgetException.class)
public void testNoUrl() throws Exception {
- setupProxyRequestMock("www.example.com", null);
- expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(true);
+ setupNoArgsProxyRequestMock("www.example.com", null);
replay();
proxyHandler.fetch(request);
@@ -136,8 +111,7 @@ public class ProxyHandlerTest extends Ea
@Test
public void testHttpRequestFillsParentAndContainer() throws Exception {
- setupProxyRequestMock("www.example.com", URL_ONE);
- expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(true);
+ setupNoArgsProxyRequestMock("www.example.com", URL_ONE);
//HttpRequest req = new HttpRequest(Uri.parse(URL_ONE));
HttpResponse resp = new HttpResponseBuilder().setResponse(DATA_ONE.getBytes()).create();
@@ -156,15 +130,6 @@ public class ProxyHandlerTest extends Ea
assertTrue(rewriter.responseWasRewritten());
}
- @Test(expected=GadgetException.class)
- public void testLockedDomainFailedEmbed() throws Exception {
- setupFailedProxyRequestMock("www.example.com", URL_ONE);
- expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(false);
- replay();
-
- proxyHandler.fetch(request);
- }
-
@Test
public void testHeadersPreserved() throws Exception {
// Some headers may be blacklisted. These are OK.
@@ -176,8 +141,7 @@ public class ProxyHandlerTest extends Ea
headers.put("Content-Type", Arrays.asList(contentType));
headers.put("X-Magic-Garbage", Arrays.asList(magicGarbage));
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url);
+ setupNoArgsProxyRequestMock(domain, url);
expectGetAndReturnHeaders(url, headers);
replay();
@@ -194,8 +158,7 @@ public class ProxyHandlerTest extends Ea
String url = "http://example.org/file.evil";
String domain = "example.org";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url);
+ setupNoArgsProxyRequestMock(domain, url);
expectGetAndReturnHeaders(url, Maps.<String, List<String>>newHashMap());
replay();
@@ -215,8 +178,7 @@ public class ProxyHandlerTest extends Ea
Map<String, List<String>> headers = Maps.newHashMap();
headers.put("Content-Type", Arrays.asList("application/x-shockwave-flash"));
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url);
+ setupNoArgsProxyRequestMock(domain, url);
expectGetAndReturnHeaders(url, headers);
replay();
@@ -234,9 +196,7 @@ public class ProxyHandlerTest extends Ea
String domain = "example.org";
String fallback_url = "http://fallback.com/fallback.png";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url, Param.NO_CACHE.getKey(), "1",
- Param.FALLBACK_URL_PARAM.getKey(), fallback_url);
+ setupProxyRequestMock(domain, url, true, -1, null, fallback_url);
HttpRequest req = new HttpRequest(Uri.parse(url)).setIgnoreCache(true);
HttpResponse resp = HttpResponse.error();
@@ -254,8 +214,7 @@ public class ProxyHandlerTest extends Ea
String url = "http://example.org/file.evil";
String domain = "example.org";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url, Param.NO_CACHE.getKey(), "1");
+ setupProxyRequestMock(domain, url, true, -1, null, null);
HttpRequest req = new HttpRequest(Uri.parse(url)).setIgnoreCache(true);
HttpResponse resp = new HttpResponse("Hello");
@@ -298,9 +257,8 @@ public class ProxyHandlerTest extends Ea
String url = "http://example.org/file.evil";
String domain = "example.org";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url, Param.REFRESH.getKey(), "120");
-
+ setupProxyRequestMock(domain, url, false, 120, null, null);
+
HttpRequest req = new HttpRequestCache(Uri.parse(url)).setCacheTtl(120).setIgnoreCache(false);
HttpResponse resp = new HttpResponse("Hello");
expect(pipeline.execute(req)).andReturn(resp);
@@ -315,9 +273,8 @@ public class ProxyHandlerTest extends Ea
String url = "http://example.org/file.evil";
String domain = "example.org";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url, Param.REFRESH.getKey(), "foo");
-
+ setupProxyRequestMock(domain, url, false, -1, null, null);
+
HttpRequest req = new HttpRequestCache(Uri.parse(url)).setCacheTtl(-1).setIgnoreCache(false);
HttpResponse resp = new HttpResponse("Hello");
expect(pipeline.execute(req)).andReturn(resp);
@@ -327,36 +284,14 @@ public class ProxyHandlerTest extends Ea
verify();
}
- @Test
- public void testXForwardedFor() throws Exception {
- String url = "http://example.org/";
- String domain = "example.org";
-
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- request.setHeader("X-Forwarded-For", "127.0.0.1");
- setupProxyRequestMock(domain, url);
-
- HttpRequest req = new HttpRequest(Uri.parse(url));
- req.setHeader("X-Forwarded-For", "127.0.0.1");
-
- HttpResponse resp = new HttpResponse("Hello");
-
- expect(pipeline.execute(req)).andReturn(resp);
-
- replay();
- proxyHandler.fetch(request);
- verify();
- }
-
private void expectMime(String expectedMime, String contentMime, String outputMime)
throws Exception {
String url = "http://example.org/file.img?" + Param.REWRITE_MIME_TYPE.getKey() +
'=' + expectedMime;
String domain = "example.org";
- expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
- setupProxyRequestMock(domain, url, Param.REWRITE_MIME_TYPE.getKey(), expectedMime);
-
+ setupProxyRequestMock(domain, url, false, -1, expectedMime, null);
+
HttpRequest req = new HttpRequest(Uri.parse(url))
.setRewriteMimeType(expectedMime);
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java?rev=982425&r1=982424&r2=982425&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java Wed Aug 4 22:34:48 2010
@@ -19,55 +19,57 @@ pro * Licensed to the Apache Software Fo
package org.apache.shindig.gadgets.servlet;
import static junitx.framework.StringAssert.assertContains;
-import static org.easymock.EasyMock.capture;
import static org.easymock.EasyMock.expect;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
-import org.apache.shindig.gadgets.http.HttpRequest;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
-import org.apache.shindig.gadgets.uri.UriCommon.Param;
-import org.easymock.Capture;
+import org.apache.shindig.gadgets.uri.ProxyUriManager;
import org.junit.Before;
import org.junit.Test;
import javax.servlet.http.HttpServletResponse;
-import java.util.Vector;
-
/**
* Tests for ProxyServlet.
*
* Tests are trivial; real tests are in ProxyHandlerTest.
*/
public class ProxyServletTest extends ServletTestFixture {
- private static final String REQUEST_DOMAIN = "example.org";
private static final Uri REQUEST_URL = Uri.parse("http://example.org/file");
private static final String BASIC_SYNTAX_URL
= "http://opensocial.org/proxy?foo=bar&url=" + REQUEST_URL;
private static final String RESPONSE_BODY = "Hello, world!";
private static final String ERROR_MESSAGE = "Broken!";
+ private final ProxyUriManager proxyUriManager = mock(ProxyUriManager.class);
+ private final LockedDomainService lockedDomainService = mock(LockedDomainService.class);
private final ProxyHandler proxyHandler = mock(ProxyHandler.class);
private final ProxyServlet servlet = new ProxyServlet();
+ private final ProxyUriManager.ProxyUri proxyUri = mock(ProxyUriManager.ProxyUri.class);
@Before
public void setUp() throws Exception {
servlet.setProxyHandler(proxyHandler);
- expect(request.getParameter(Param.URL.getKey()))
- .andReturn(REQUEST_URL.toString()).anyTimes();
- expect(request.getHeader("Host")).andReturn(REQUEST_DOMAIN).anyTimes();
+ servlet.setProxyUriManager(proxyUriManager);
+ servlet.setLockedDomainService(lockedDomainService);
}
-
- private void setupRequest(String str) {
+
+ private void setupRequest(String str) throws Exception {
+ setupRequest(str, true);
+ }
+
+ private void setupRequest(String str, boolean ldSafe) throws Exception {
Uri uri = Uri.parse(str);
expect(request.getScheme()).andReturn(uri.getScheme());
expect(request.getServerName()).andReturn(uri.getAuthority());
expect(request.getServerPort()).andReturn(80);
expect(request.getRequestURI()).andReturn(uri.getPath());
expect(request.getQueryString()).andReturn(uri.getQuery());
- Vector<String> headerNames = new Vector<String>();
- expect(request.getHeaderNames()).andReturn(headerNames.elements());
+ expect(request.getHeader("Host")).andReturn(uri.getAuthority());
+ expect(proxyUriManager.process(uri)).andReturn(proxyUri);
+ expect(lockedDomainService.isSafeForOpenProxy(uri.getAuthority())).andReturn(ldSafe);
}
private void assertResponseOk(int expectedStatus, String expectedBody) {
@@ -90,36 +92,31 @@ public class ProxyServletTest extends Se
@Test
public void testDoGetNormal() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
- Capture<HttpRequest> requestCapture = new Capture<HttpRequest>();
- expect(proxyHandler.fetch(capture(requestCapture))).andReturn(new HttpResponse(RESPONSE_BODY));
+ expect(proxyHandler.fetch(proxyUri)).andReturn(new HttpResponse(RESPONSE_BODY));
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_OK, RESPONSE_BODY);
- assertEquals(BASIC_SYNTAX_URL, requestCapture.getValue().getUri().toString());
}
@Test
public void testDoGetHttpError() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
- Capture<HttpRequest> requestCapture = new Capture<HttpRequest>();
- expect(proxyHandler.fetch(capture(requestCapture))).andReturn(HttpResponse.notFound());
+ expect(proxyHandler.fetch(proxyUri)).andReturn(HttpResponse.notFound());
replay();
servlet.doGet(request, recorder);
verify();
assertResponseOk(HttpResponse.SC_NOT_FOUND, "");
- assertEquals(BASIC_SYNTAX_URL, requestCapture.getValue().getUri().toString());
}
@Test
public void testDoGetException() throws Exception {
setupRequest(BASIC_SYNTAX_URL);
- Capture<HttpRequest> requestCapture = new Capture<HttpRequest>();
- expect(proxyHandler.fetch(capture(requestCapture))).andThrow(
+ expect(proxyHandler.fetch(proxyUri)).andThrow(
new GadgetException(GadgetException.Code.FAILED_TO_RETRIEVE_CONTENT, ERROR_MESSAGE));
replay();
@@ -128,6 +125,17 @@ public class ProxyServletTest extends Se
assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
assertContains(ERROR_MESSAGE, recorder.getResponseAsString());
- assertEquals(BASIC_SYNTAX_URL, requestCapture.getValue().getUri().toString());
+ }
+
+ @Test
+ public void testDoGetNormalWithLockedDomainUnsafe() throws Exception {
+ setupRequest(BASIC_SYNTAX_URL, false);
+
+ replay();
+ servlet.doGet(request, recorder);
+ verify();
+
+ assertEquals(HttpServletResponse.SC_BAD_REQUEST, recorder.getHttpStatusCode());
+ assertContains("wrong domain", recorder.getResponseAsString());
}
}