You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2013/08/16 16:01:48 UTC
svn commit: r1514717 - in /myfaces/tobago/trunk/tobago-core/src:
main/java/org/apache/myfaces/tobago/internal/config/
test/java/org/apache/myfaces/tobago/internal/config/ test/resources/
Author: lofwyr
Date: Fri Aug 16 14:01:48 2013
New Revision: 1514717
URL: http://svn.apache.org/r1514717
Log:
TOBAGO-1296: Problem with config value preventFrameAttacks when cascading
Added:
myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
- copied, changed from r1513140, myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorterUnitTest.java
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml
myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml
Modified:
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigBuilder.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigBuilder.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigBuilder.java?rev=1514717&r1=1514716&r2=1514717&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigBuilder.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigBuilder.java Fri Aug 16 14:01:48 2013
@@ -51,7 +51,9 @@ public class TobagoConfigBuilder {
list = new ArrayList<TobagoConfigFragment>();
configFromClasspath();
configFromWebInf(servletContext);
- final TobagoConfigImpl tobagoConfig = mergeList();
+ final TobagoConfigSorter sorter = new TobagoConfigSorter(list);
+ sorter.sort();
+ final TobagoConfigImpl tobagoConfig = sorter.merge();
// todo: cleanup, use one central TobagoConfig, no singleton ResourceManager
// resources
@@ -85,64 +87,6 @@ public class TobagoConfigBuilder {
}
}
- private TobagoConfigImpl mergeList() {
-// todo
- LOG.warn("Merge implementation in progress...)");
-
- TobagoConfigSorter sorter = new TobagoConfigSorter(list);
- sorter.sort();
- TobagoConfigImpl result = new TobagoConfigImpl();
-
- for (TobagoConfigFragment fragment : list) {
- // default theme
- final String defaultTheme = fragment.getDefaultThemeName();
- if (defaultTheme != null) {
- result.setDefaultThemeName(defaultTheme);
- }
-
- // supported themes
- for (String supported : fragment.getSupportedThemeNames()) {
- result.addSupportedThemeName(supported);
- }
-
- // resource dirs
- for (String dir : fragment.getResourceDirs()) {
- result.addResourceDir(dir);
- }
-
- // renderers config
- // TODO: merging not implemented yet!!!
- result.setRenderersConfig(fragment.getRenderersConfig());
-
- // session secret
- if (fragment.getCreateSessionSecret() != null) {
- result.setCreateSessionSecret(fragment.getCreateSessionSecret());
- }
- if (fragment.getCheckSessionSecret() != null) {
- result.setCheckSessionSecret(fragment.getCheckSessionSecret());
- }
-
- result.setPreventFrameAttacks(fragment.isPreventFrameAttacks());
-
- for(String directive : fragment.getContentSecurityPolicy()) {
- result.addContentSecurityPolicy(directive);
- }
-
- // theme definition
- // todo
-/*
- for (Theme theme : fragment.getThemeDefinitions()) {
- result.addThemeDefinition(theme);
- }
-*/
-
- // url
- // todo???
-
- }
- return result;
- }
-
private void configFromClasspath() throws ServletException {
ThemeParser parser = new ThemeParser();
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java?rev=1514717&r1=1514716&r2=1514717&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java Fri Aug 16 14:01:48 2013
@@ -42,7 +42,7 @@ public class TobagoConfigFragment {
private RenderersConfig renderersConfig;
private Boolean createSessionSecret;
private Boolean checkSessionSecret;
- private boolean preventFrameAttacks = true;
+ private Boolean preventFrameAttacks;
private List<String> contentSecurityPolicy;
// todo
private List<ThemeImpl> themeDefinitions;
@@ -148,11 +148,11 @@ public class TobagoConfigFragment {
this.checkSessionSecret = Boolean.valueOf(checkSessionSecret);
}
- public boolean isPreventFrameAttacks() {
+ public Boolean getPreventFrameAttacks() {
return preventFrameAttacks;
}
- public void setPreventFrameAttacks(boolean preventFrameAttacks) {
+ public void setPreventFrameAttacks(Boolean preventFrameAttacks) {
this.preventFrameAttacks = preventFrameAttacks;
}
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java?rev=1514717&r1=1514716&r2=1514717&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java Fri Aug 16 14:01:48 2013
@@ -58,7 +58,7 @@ public class TobagoConfigImpl extends To
private ProjectStage projectStage;
private boolean createSessionSecret;
private boolean checkSessionSecret;
- private boolean preventFrameAttacks = true;
+ private boolean preventFrameAttacks;
private List<String> contentSecurityPolicy;
private URL url;
private Map<String, String> defaultValidatorInfo;
@@ -69,6 +69,7 @@ public class TobagoConfigImpl extends To
resourceDirs = new ArrayList<String>();
createSessionSecret = true;
checkSessionSecret = true;
+ preventFrameAttacks = true;
contentSecurityPolicy = new ArrayList<String>();
}
Modified: myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java?rev=1514717&r1=1514716&r2=1514717&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java Fri Aug 16 14:01:48 2013
@@ -62,7 +62,64 @@ public class TobagoConfigSorter implemen
LOG.info("name=" + name + " url='" + fragment.getUrl() + "'");
}
}
+ }
+
+ public TobagoConfigImpl merge() {
+// todo
+ LOG.warn("Merge implementation in progress...)");
+
+ TobagoConfigImpl result = new TobagoConfigImpl();
+ for (TobagoConfigFragment fragment : list) {
+ // default theme
+ final String defaultTheme = fragment.getDefaultThemeName();
+ if (defaultTheme != null) {
+ result.setDefaultThemeName(defaultTheme);
+ }
+
+ // supported themes
+ for (String supported : fragment.getSupportedThemeNames()) {
+ result.addSupportedThemeName(supported);
+ }
+
+ // resource dirs
+ for (String dir : fragment.getResourceDirs()) {
+ result.addResourceDir(dir);
+ }
+
+ // renderers config
+ // TODO: merging not implemented yet!!!
+ result.setRenderersConfig(fragment.getRenderersConfig());
+
+ // session secret
+ if (fragment.getCreateSessionSecret() != null) {
+ result.setCreateSessionSecret(fragment.getCreateSessionSecret());
+ }
+ if (fragment.getCheckSessionSecret() != null) {
+ result.setCheckSessionSecret(fragment.getCheckSessionSecret());
+ }
+
+ if (fragment.getPreventFrameAttacks() != null) {
+ result.setPreventFrameAttacks(fragment.getPreventFrameAttacks());
+ }
+
+ for(String directive : fragment.getContentSecurityPolicy()) {
+ result.addContentSecurityPolicy(directive);
+ }
+
+ // theme definition
+ // todo
+/*
+ for (Theme theme : fragment.getThemeDefinitions()) {
+ result.addThemeDefinition(theme);
+ }
+*/
+
+ // url
+ // todo???
+
+ }
+ return result;
}
protected void makeTransitive() {
Copied: myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java (from r1513140, myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorterUnitTest.java)
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java?p2=myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java&p1=myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorterUnitTest.java&r1=1513140&r2=1514717&rev=1514717&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorterUnitTest.java (original)
+++ myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java Fri Aug 16 14:01:48 2013
@@ -21,177 +21,55 @@ package org.apache.myfaces.tobago.intern
import org.junit.Assert;
import org.junit.Test;
+import org.xml.sax.SAXException;
+import java.io.IOException;
+import java.net.URL;
import java.util.ArrayList;
import java.util.List;
-public class TobagoConfigSorterUnitTest {
+public class TobagoConfigMergingUnitTest {
@Test
- public void testCompare() {
+ public void testPreventFrameAttacksCascadingDefault() throws IOException, SAXException {
- // config + names
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-0.xml",
+ "tobago-config-1.xml");
- TobagoConfigFragment a = new TobagoConfigFragment();
- a.setName("a");
-
- TobagoConfigFragment b = new TobagoConfigFragment();
- b.setName("b");
-
- TobagoConfigFragment c = new TobagoConfigFragment();
- c.setName("c");
-
- TobagoConfigFragment d = new TobagoConfigFragment();
- d.setName("d");
-
- TobagoConfigFragment e = new TobagoConfigFragment();
- e.setName("e");
-
- TobagoConfigFragment f = new TobagoConfigFragment();
- f.setName("f");
-
- TobagoConfigFragment m = new TobagoConfigFragment();
- m.setName("m");
-
- TobagoConfigFragment n = new TobagoConfigFragment();
- n.setName("n");
-
- // unnamed
- TobagoConfigFragment u1 = new TobagoConfigFragment();
- TobagoConfigFragment u2 = new TobagoConfigFragment();
- TobagoConfigFragment u3 = new TobagoConfigFragment();
-
- // before
- a.getBefore().add("b");
- b.getBefore().add("c");
-
- u1.getBefore().add("d");
- u2.getBefore().add("d");
-
- u2.getBefore().add("y"); // not relevant
-
- // after
- e.getAfter().add("d");
- f.getAfter().add("e");
-
- u1.getAfter().add("c");
- u2.getAfter().add("c");
-
- u2.getAfter().add("z"); // not relevant
-
- n.getAfter().add("m");
-
- List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
- list.add(a);
- list.add(b);
- list.add(c);
- list.add(d);
- list.add(e);
- list.add(f);
- list.add(u1);
- list.add(u2);
- list.add(u3);
- list.add(m);
- list.add(n);
-
- TobagoConfigSorter sorter = new TobagoConfigSorter(list);
- sorter.createRelevantPairs();
-
- Assert.assertEquals(9, sorter.getPairs().size()); // all but these with "z" and "y"
-
- sorter.makeTransitive();
-
- Assert.assertEquals(28, sorter.getPairs().size());
-
- sorter.ensureIrreflexive();
-
- sorter.ensureAntiSymmetric();
-
- sorter.sort0();
-
- Assert.assertEquals(a, list.get(0));
- Assert.assertEquals(b, list.get(1));
- Assert.assertEquals(c, list.get(2));
- Assert.assertEquals(u1, list.get(3));
- Assert.assertEquals(u2, list.get(4));
- Assert.assertEquals(d, list.get(5));
- Assert.assertEquals(e, list.get(6));
- Assert.assertEquals(f, list.get(7));
- Assert.assertEquals(u3, list.get(8));
- Assert.assertEquals(m, list.get(9));
- Assert.assertEquals(n, list.get(10));
+ Assert.assertFalse(config.isPreventFrameAttacks());
}
@Test
- public void testCycle() {
-
- // config + names
-
- TobagoConfigFragment a = new TobagoConfigFragment();
- a.setName("a");
-
- TobagoConfigFragment b = new TobagoConfigFragment();
- b.setName("b");
-
- // before
- a.getBefore().add("b");
- b.getBefore().add("a");
-
- List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
- list.add(a);
- list.add(b);
-
- TobagoConfigSorter sorter = new TobagoConfigSorter(list);
- sorter.createRelevantPairs();
+ public void testPreventFrameAttacks() throws IOException, SAXException {
- Assert.assertEquals(2, sorter.getPairs().size()); // all but these with "z" and "y"
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-0.xml");
- sorter.makeTransitive();
-
- try {
- sorter.ensureIrreflexive();
- sorter.ensureAntiSymmetric();
-
- Assert.fail("Cycle was not found");
- } catch (RuntimeException e) {
- // must find the cycle
- }
+ Assert.assertFalse(config.isPreventFrameAttacks());
}
@Test
- public void testCycle2() {
-
- // config + names
-
- TobagoConfigFragment a = new TobagoConfigFragment();
- a.setName("a");
+ public void testPreventFrameAttacksDefault() throws IOException, SAXException {
- TobagoConfigFragment b = new TobagoConfigFragment();
- b.setName("b");
+ final TobagoConfigImpl config = loadAndMerge(
+ "tobago-config-1.xml");
- // before
- a.getBefore().add("b");
- // after
- a.getAfter().add("b");
-
- List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
- list.add(a);
- list.add(b);
-
- TobagoConfigSorter sorter = new TobagoConfigSorter(list);
- sorter.createRelevantPairs();
-
- Assert.assertEquals(2, sorter.getPairs().size()); // all but these with "z" and "y"
+ Assert.assertTrue(config.isPreventFrameAttacks());
+ }
- sorter.makeTransitive();
+ private TobagoConfigImpl loadAndMerge(String... names) throws IOException, SAXException {
- try {
- sorter.ensureIrreflexive();
- sorter.ensureAntiSymmetric();
+ final List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
- Assert.fail("Cycle was not found");
- } catch (RuntimeException e) {
- // must find the cycle
+ for (String name : names) {
+ final URL url = getClass().getClassLoader().getResource(name);
+ final TobagoConfigParser parser = new TobagoConfigParser();
+ list.add(parser.parse(url));
}
+
+ final TobagoConfigSorter sorter = new TobagoConfigSorter(list);
+ sorter.sort();
+ return sorter.merge();
}
}
Added: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml?rev=1514717&view=auto
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml (added)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-0.xml Fri Aug 16 14:01:48 2013
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+-->
+
+<tobago-config
+ xmlns="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-2.0.xsd"
+ version="2.0">
+
+ <name>name-0</name>
+
+ <prevent-frame-attacks>false</prevent-frame-attacks>
+
+</tobago-config>
Added: myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml?rev=1514717&view=auto
==============================================================================
--- myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml (added)
+++ myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-1.xml Fri Aug 16 14:01:48 2013
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+-->
+
+<tobago-config
+ xmlns="http://myfaces.apache.org/tobago/tobago-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://myfaces.apache.org/tobago/tobago-config http://myfaces.apache.org/tobago/tobago-config-2.0.xsd"
+ version="2.0">
+
+ <name>name-1</name>
+
+ <ordering>
+ <after>
+ <name>name-0</name>
+ </after>
+ </ordering>
+
+</tobago-config>