You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by sv...@apache.org on 2013/08/21 23:17:13 UTC

git commit: WICKET-5319 do not encrypt full urls

Updated Branches:
  refs/heads/master 6759a5b45 -> c863b032e


WICKET-5319 do not encrypt full urls

Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/c863b032
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/c863b032
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/c863b032

Branch: refs/heads/master
Commit: c863b032e03754334bdc380a1943d9b3b91895fc
Parents: 6759a5b
Author: svenmeier <sv...@meiers.net>
Authored: Wed Aug 21 23:15:48 2013 +0200
Committer: svenmeier <sv...@meiers.net>
Committed: Wed Aug 21 23:15:48 2013 +0200

----------------------------------------------------------------------
 .../core/request/mapper/CryptoMapper.java       | 36 +++++++++++---------
 .../core/request/mapper/CryptoMapperTest.java   | 23 ++++++++++---
 2 files changed, 38 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/c863b032/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
index 58e704e..91708a3 100755
--- a/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/request/mapper/CryptoMapper.java
@@ -42,8 +42,7 @@ import org.slf4j.LoggerFactory;
  * in the encrypted URL. If the segment does not match the expected checksum, then the segment is
  * deemed a plain text sibling of the corresponding segment in the encrypted URL, and all subsequent
  * segments are considered plain text children of the current segment.
- *
- *
+ * 
  * @author igor.vaynberg
  * @author Jesse Long
  * @author svenmeier
@@ -57,7 +56,7 @@ public class CryptoMapper implements IRequestMapper
 
 	/**
 	 * Construct.
-	 *
+	 * 
 	 * @param wrappedMapper
 	 *            the non-crypted request mapper
 	 * @param application
@@ -70,7 +69,7 @@ public class CryptoMapper implements IRequestMapper
 
 	/**
 	 * Construct.
-	 *
+	 * 
 	 * @param wrappedMapper
 	 *            the non-crypted request mapper
 	 * @param cryptProvider
@@ -98,6 +97,12 @@ public class CryptoMapper implements IRequestMapper
 			return null;
 		}
 
+		if (url.isFull())
+		{
+			// do not encrypt full urls
+			return url;
+		}
+
 		return encryptUrl(url);
 	}
 
@@ -117,7 +122,7 @@ public class CryptoMapper implements IRequestMapper
 
 		if (handler != null)
 		{
-		    handler = new RequestSettingRequestHandler(decryptedRequest, handler);
+			handler = new RequestSettingRequestHandler(decryptedRequest, handler);
 		}
 
 		return handler;
@@ -163,8 +168,8 @@ public class CryptoMapper implements IRequestMapper
 	protected Url decryptUrl(final Request request, final Url encryptedUrl)
 	{
 		/*
-		 * If the encrypted URL has no segments it is the home page URL,
-		 * and does not need decrypting.
+		 * If the encrypted URL has no segments it is the home page URL, and does not need
+		 * decrypting.
 		 */
 		if (encryptedUrl.getSegments().isEmpty())
 		{
@@ -177,8 +182,8 @@ public class CryptoMapper implements IRequestMapper
 		try
 		{
 			/*
-			 * The first encrypted segment contains an encrypted version of the
-			 * entire plain text url.
+			 * The first encrypted segment contains an encrypted version of the entire plain text
+			 * url.
 			 */
 			String encryptedUrlString = encryptedSegments.get(0);
 			if (Strings.isEmpty(encryptedUrlString))
@@ -210,17 +215,16 @@ public class CryptoMapper implements IRequestMapper
 				if (!next.equals(encryptedSegment))
 				{
 					/*
-					 * This segment received from the browser is not the same as the
-					 * expected segment generated by the HashSegmentGenerator. Hence it,
-					 * and all subsequent segments are considered plain text siblings of the
-					 * original encrypted url.
+					 * This segment received from the browser is not the same as the expected
+					 * segment generated by the HashSegmentGenerator. Hence it, and all subsequent
+					 * segments are considered plain text siblings of the original encrypted url.
 					 */
 					break;
 				}
 
 				/*
-				 * This segments matches the expected checksum, so we add the corresponding
-				 * segment from the original URL.
+				 * This segments matches the expected checksum, so we add the corresponding segment
+				 * from the original URL.
 				 */
 				url.getSegments().add(originalUrl.getSegments().get(segNo - 1));
 			}
@@ -278,7 +282,7 @@ public class CryptoMapper implements IRequestMapper
 
 		/**
 		 * Generate the next segment
-		 *
+		 * 
 		 * @return segment
 		 */
 		public String next()

http://git-wip-us.apache.org/repos/asf/wicket/blob/c863b032/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java b/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
index 2c0577c..1a9129b 100644
--- a/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/core/request/mapper/CryptoMapperTest.java
@@ -27,10 +27,12 @@ import org.apache.wicket.protocol.http.WebApplication;
 import org.apache.wicket.request.IRequestHandler;
 import org.apache.wicket.request.Request;
 import org.apache.wicket.request.Url;
+import org.apache.wicket.request.Url.StringMode;
 import org.apache.wicket.request.component.IRequestableComponent;
 import org.apache.wicket.request.handler.resource.ResourceReferenceRequestHandler;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
 import org.apache.wicket.request.resource.PackageResourceReference;
+import org.apache.wicket.request.resource.UrlResourceReference;
 import org.apache.wicket.util.string.StringValue;
 import org.apache.wicket.util.tester.DummyHomePage;
 import org.apache.wicket.util.tester.WicketTester;
@@ -159,7 +161,7 @@ public class CryptoMapperTest extends AbstractMapperTest
 		RenderPageRequestHandler renderPageRequestHandler = new RenderPageRequestHandler(
 			new PageProvider(DummyHomePage.class, expectedParameters));
 		Url url = mapper.mapHandler(renderPageRequestHandler);
-// System.err.println(url.toString());
+		// System.err.println(url.toString());
 		assertEquals(expectedEncrypted, url.toString());
 
 		Request request = getRequest(url);
@@ -203,6 +205,19 @@ public class CryptoMapperTest extends AbstractMapperTest
 	}
 
 	/**
+	 * UrlResourceReferences, WICKET-5319
+	 */
+	@Test
+	public void urlResourceReference()
+	{
+		UrlResourceReference resource = new UrlResourceReference(
+			Url.parse("http://wicket.apache.org/"));
+		Url url = mapper.mapHandler(new ResourceReferenceRequestHandler(resource));
+
+		assertEquals("http://wicket.apache.org/", url.toString(StringMode.FULL));
+	}
+
+	/**
 	 * Relative ResourceReferences, WICKET-3514
 	 */
 	@Test
@@ -323,9 +338,7 @@ public class CryptoMapperTest extends AbstractMapperTest
 
 		assertTrue(requestHandler instanceof RequestSettingRequestHandler);
 
-		assertEquals("foo", ((RequestSettingRequestHandler)requestHandler).getRequest()
-			.getUrl()
-			.getQueryParameterValue("q")
-			.toString());
+		assertEquals("foo", ((RequestSettingRequestHandler)requestHandler).getRequest().getUrl()
+			.getQueryParameterValue("q").toString());
 	}
 }
\ No newline at end of file