You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by sv...@apache.org on 2013/08/21 23:17:13 UTC
git commit: WICKET-5319 do not encrypt full urls
Updated Branches:
refs/heads/master 6759a5b45 -> c863b032e
WICKET-5319 do not encrypt full urls
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/c863b032
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/c863b032
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/c863b032
Branch: refs/heads/master
Commit: c863b032e03754334bdc380a1943d9b3b91895fc
Parents: 6759a5b
Author: svenmeier <sv...@meiers.net>
Authored: Wed Aug 21 23:15:48 2013 +0200
Committer: svenmeier <sv...@meiers.net>
Committed: Wed Aug 21 23:15:48 2013 +0200
----------------------------------------------------------------------
.../core/request/mapper/CryptoMapper.java | 36 +++++++++++---------
.../core/request/mapper/CryptoMapperTest.java | 23 ++++++++++---
2 files changed, 38 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/c863b032/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
index 58e704e..91708a3 100755
--- a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
@@ -42,8 +42,7 @@ import org.slf4j.LoggerFactory;
* in the encrypted URL. If the segment does not match the expected checksum, then the segment is
* deemed a plain text sibling of the corresponding segment in the encrypted URL, and all subsequent
* segments are considered plain text children of the current segment.
- *
- *
+ *
* @author igor.vaynberg
* @author Jesse Long
* @author svenmeier
@@ -57,7 +56,7 @@ public class CryptoMapper implements IRequestMapper
/**
* Construct.
- *
+ *
* @param wrappedMapper
* the non-crypted request mapper
* @param application
@@ -70,7 +69,7 @@ public class CryptoMapper implements IRequestMapper
/**
* Construct.
- *
+ *
* @param wrappedMapper
* the non-crypted request mapper
* @param cryptProvider
@@ -98,6 +97,12 @@ public class CryptoMapper implements IRequestMapper
return null;
}
+ if (url.isFull())
+ {
+ // do not encrypt full urls
+ return url;
+ }
+
return encryptUrl(url);
}
@@ -117,7 +122,7 @@ public class CryptoMapper implements IRequestMapper
if (handler != null)
{
- handler = new RequestSettingRequestHandler(decryptedRequest, handler);
+ handler = new RequestSettingRequestHandler(decryptedRequest, handler);
}
return handler;
@@ -163,8 +168,8 @@ public class CryptoMapper implements IRequestMapper
protected Url decryptUrl(final Request request, final Url encryptedUrl)
{
/*
- * If the encrypted URL has no segments it is the home page URL,
- * and does not need decrypting.
+ * If the encrypted URL has no segments it is the home page URL, and does not need
+ * decrypting.
*/
if (encryptedUrl.getSegments().isEmpty())
{
@@ -177,8 +182,8 @@ public class CryptoMapper implements IRequestMapper
try
{
/*
- * The first encrypted segment contains an encrypted version of the
- * entire plain text url.
+ * The first encrypted segment contains an encrypted version of the entire plain text
+ * url.
*/
String encryptedUrlString = encryptedSegments.get(0);
if (Strings.isEmpty(encryptedUrlString))
@@ -210,17 +215,16 @@ public class CryptoMapper implements IRequestMapper
if (!next.equals(encryptedSegment))
{
/*
- * This segment received from the browser is not the same as the
- * expected segment generated by the HashSegmentGenerator. Hence it,
- * and all subsequent segments are considered plain text siblings of the
- * original encrypted url.
+ * This segment received from the browser is not the same as the expected
+ * segment generated by the HashSegmentGenerator. Hence it, and all subsequent
+ * segments are considered plain text siblings of the original encrypted url.
*/
break;
}
/*
- * This segments matches the expected checksum, so we add the corresponding
- * segment from the original URL.
+ * This segments matches the expected checksum, so we add the corresponding segment
+ * from the original URL.
*/
url.getSegments().add(originalUrl.getSegments().get(segNo - 1));
}
@@ -278,7 +282,7 @@ public class CryptoMapper implements IRequestMapper
/**
* Generate the next segment
- *
+ *
* @return segment
*/
public String next()
http://git-wip-us.apache.org/repos/asf/wicket/blob/c863b032/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java b/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
index 2c0577c..1a9129b 100644
--- a/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
@@ -27,10 +27,12 @@ import org.apache.wicket.protocol.http.WebApplication;
import org.apache.wicket.request.IRequestHandler;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.Url;
+import org.apache.wicket.request.Url.StringMode;
import org.apache.wicket.request.component.IRequestableComponent;
import org.apache.wicket.request.handler.resource.ResourceReferenceRequestHandler;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.request.resource.PackageResourceReference;
+import org.apache.wicket.request.resource.UrlResourceReference;
import org.apache.wicket.util.string.StringValue;
import org.apache.wicket.util.tester.DummyHomePage;
import org.apache.wicket.util.tester.WicketTester;
@@ -159,7 +161,7 @@ public class CryptoMapperTest extends AbstractMapperTest
RenderPageRequestHandler renderPageRequestHandler = new RenderPageRequestHandler(
new PageProvider(DummyHomePage.class, expectedParameters));
Url url = mapper.mapHandler(renderPageRequestHandler);
-// System.err.println(url.toString());
+ // System.err.println(url.toString());
assertEquals(expectedEncrypted, url.toString());
Request request = getRequest(url);
@@ -203,6 +205,19 @@ public class CryptoMapperTest extends AbstractMapperTest
}
/**
+ * UrlResourceReferences, WICKET-5319
+ */
+ @Test
+ public void urlResourceReference()
+ {
+ UrlResourceReference resource = new UrlResourceReference(
+ Url.parse("http://wicket.apache.org/"));
+ Url url = mapper.mapHandler(new ResourceReferenceRequestHandler(resource));
+
+ assertEquals("http://wicket.apache.org/", url.toString(StringMode.FULL));
+ }
+
+ /**
* Relative ResourceReferences, WICKET-3514
*/
@Test
@@ -323,9 +338,7 @@ public class CryptoMapperTest extends AbstractMapperTest
assertTrue(requestHandler instanceof RequestSettingRequestHandler);
- assertEquals("foo", ((RequestSettingRequestHandler)requestHandler).getRequest()
- .getUrl()
- .getQueryParameterValue("q")
- .toString());
+ assertEquals("foo", ((RequestSettingRequestHandler)requestHandler).getRequest().getUrl()
+ .getQueryParameterValue("q").toString());
}
}
\ No newline at end of file