You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2020/09/24 02:08:30 UTC
[sling-org-apache-sling-app-cms] branch master updated: Adding
tests for the CMSSecurityConfigInstance
This is an automated email from the ASF dual-hosted git repository.
dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git
The following commit(s) were added to refs/heads/master by this push:
new bfebc49 Adding tests for the CMSSecurityConfigInstance
bfebc49 is described below
commit bfebc490bd25a6d1ba147734beefd609e9c51e41
Author: Dan Klco <dk...@apache.org>
AuthorDate: Wed Sep 23 22:07:40 2020 -0400
Adding tests for the CMSSecurityConfigInstance
---
.../filters/CMSSecurityConfigInstance.java | 27 ++---
.../core/internal/filters/CMSSecurityFilter.java | 13 +--
.../filters/CMSSecurityConfigInstanceTest.java | 118 +++++++++++++++++++++
3 files changed, 130 insertions(+), 28 deletions(-)
diff --git a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstance.java b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstance.java
index 377cf43..f073ee7 100644
--- a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstance.java
+++ b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstance.java
@@ -39,7 +39,6 @@ public class CMSSecurityConfigInstance {
@Activate
public void activate(CMSSecurityFilterConfig config) {
this.config = config;
-
if (config.allowedPatterns() != null) {
for (String p : config.allowedPatterns()) {
patterns.add(Pattern.compile(p));
@@ -53,29 +52,17 @@ public class CMSSecurityConfigInstance {
|| ArrayUtils.contains(config.hostDomains(), request.getServerName());
}
- /**
- * @return the config
- */
- public CMSSecurityFilterConfig getConfig() {
- return config;
- }
-
public String getGroupName() {
return config.group();
}
- /**
- * @param config the config to set
- */
- public void setConfig(CMSSecurityFilterConfig config) {
- this.config = config;
- }
-
- /**
- * @return the patterns
- */
- public List<Pattern> getPatterns() {
- return patterns;
+ public boolean isUriAllowed(String uri) {
+ for (Pattern p : patterns) {
+ if (p.matcher(uri).matches()) {
+ return true;
+ }
+ }
+ return false;
}
}
\ No newline at end of file
diff --git a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
index f1f87de..64dd950 100644
--- a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
+++ b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
@@ -19,7 +19,6 @@ package org.apache.sling.cms.core.internal.filters;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
-import java.util.regex.Pattern;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@@ -98,22 +97,20 @@ public class CMSSecurityFilter implements Filter {
log.trace("Filtering requests to host {}", slingRequest.getServerName());
String uri = slingRequest.getRequestURI();
boolean allowed = false;
- for (Pattern p : securityConfig.getPatterns()) {
- if (p.matcher(uri).matches()) {
- log.trace("Allowing request matching pattern {}", p);
- allowed = true;
- break;
- }
+ if (securityConfig.isUriAllowed(uri)) {
+ log.trace("Allowing request to uri {} based on allow patterns", uri);
+ allowed = true;
}
PublishableResource publishableResource = slingRequest.getResource().adaptTo(PublishableResource.class);
if (publishableResource.isPublished()) {
+ log.trace("Resource is published");
allowed = true;
}
// the uri isn't allowed automatically, so check user permissions
if (!allowed) {
- log.trace("Request to {} not allowed, checking user permissions", uri);
+ log.trace("Request to {} not public, checking user permissions", uri);
// check to see if the user is a member of the specified group
if (StringUtils.isNotBlank(securityConfig.getGroupName())) {
allowed = checkGroupMembership(securityConfig, slingRequest);
diff --git a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstanceTest.java b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstanceTest.java
new file mode 100644
index 0000000..065ba65
--- /dev/null
+++ b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityConfigInstanceTest.java
@@ -0,0 +1,118 @@
+package org.apache.sling.cms.core.internal.filters;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.lang.annotation.Annotation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class CMSSecurityConfigInstanceTest {
+
+ @Test
+ public void testNullParams() {
+ CMSSecurityConfigInstance securityConfig = new CMSSecurityConfigInstance();
+ securityConfig.activate(new CMSSecurityFilterConfig() {
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String[] hostDomains() {
+ return null;
+ }
+
+ @Override
+ public String[] allowedPatterns() {
+ return null;
+ }
+
+ @Override
+ public String group() {
+ return null;
+ }
+
+ });
+ assertTrue(securityConfig.applies(Mockito.mock(HttpServletRequest.class)));
+ assertFalse(securityConfig.isUriAllowed("/"));
+ assertNull(securityConfig.getGroupName());
+
+ }
+
+ @Test
+ public void testPatterns() {
+ CMSSecurityConfigInstance securityConfig = new CMSSecurityConfigInstance();
+ securityConfig.activate(new CMSSecurityFilterConfig() {
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String[] hostDomains() {
+ return null;
+ }
+
+ @Override
+ public String[] allowedPatterns() {
+ return new String[] { "\\/", "\\/[a-z]+" };
+ }
+
+ @Override
+ public String group() {
+ return null;
+ }
+
+ });
+
+ assertTrue(securityConfig.isUriAllowed("/"));
+ assertTrue(securityConfig.isUriAllowed("/abc"));
+ assertFalse(securityConfig.isUriAllowed("/1"));
+
+ }
+
+ @Test
+ public void testDomains() {
+ CMSSecurityConfigInstance securityConfig = new CMSSecurityConfigInstance();
+ securityConfig.activate(new CMSSecurityFilterConfig() {
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String[] hostDomains() {
+ return new String[] { "sling.apache.org", "adapt.to" };
+ }
+
+ @Override
+ public String[] allowedPatterns() {
+ return null;
+ }
+
+ @Override
+ public String group() {
+ return null;
+ }
+
+ });
+
+ HttpServletRequest validRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(validRequest.getServerName()).thenReturn("sling.apache.org");
+ assertTrue(securityConfig.applies(validRequest));
+
+ HttpServletRequest inValidRequest = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(inValidRequest.getServerName()).thenReturn("www.onion.com");
+ assertFalse(securityConfig.applies(inValidRequest));
+
+ }
+
+}