You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2015/04/10 15:51:50 UTC
[3/6] wicket git commit: Introduced FilterCollection to hold the
AbstractProcessor filters. WebSocketSettings clears allowedDomains before
adding new domains. The connection closing code and reason moved to
ConnectionRejectedException. Javacode added/edi
Introduced FilterCollection to hold the AbstractProcessor filters.
WebSocketSettings clears allowedDomains before adding new domains.
The connection closing code and reason moved to
ConnectionRejectedException.
Javacode added/edited.
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/5311b163
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/5311b163
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/5311b163
Branch: refs/heads/master
Commit: 5311b16308dbb3d8945a18471e13611b2f40fbdb
Parents: 5c5c364
Author: admin <ge...@mail.rakuten.com>
Authored: Tue Apr 7 23:46:44 2015 +0900
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Fri Apr 10 16:51:07 2015 +0300
----------------------------------------------------------------------
.../wicket/protocol/ws/WebSocketSettings.java | 1 +
.../ws/api/AbstractWebSocketProcessor.java | 25 +++-----
.../ws/api/ConnectionRejectedException.java | 17 ++++++
.../protocol/ws/api/FilterCollection.java | 64 ++++++++++++++++++++
.../WebSocketConnectionFilterCollection.java | 18 ++++++
.../ws/api/WebSocketConnectionOriginFilter.java | 26 +++++++-
.../ws/api/event/WebSocketAbortedPayload.java | 2 +-
.../tester/WebSocketTesterProcessorTest.java | 3 +-
8 files changed, 134 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketSettings.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketSettings.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketSettings.java
index 92a4a5c..5a13374 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketSettings.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketSettings.java
@@ -203,6 +203,7 @@ public class WebSocketSettings
* The collection of domains
*/
public void setAllowedDomains(Collection<String> domains) {
+ this.allowedDomains.clear();
this.allowedDomains.addAll(domains);
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/AbstractWebSocketProcessor.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/AbstractWebSocketProcessor.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/AbstractWebSocketProcessor.java
index 1dac814..5d0e829 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/AbstractWebSocketProcessor.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/AbstractWebSocketProcessor.java
@@ -16,6 +16,8 @@
*/
package org.apache.wicket.protocol.ws.api;
+import java.util.Collection;
+
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.Application;
@@ -78,20 +80,6 @@ public abstract class AbstractWebSocketProcessor implements IWebSocketProcessor
*/
static final int NO_PAGE_ID = -1;
- /**
- * 1008 indicates that an endpoint is terminating the connection because it has received a message that violates its policy. This is a generic status code
- * that can be returned when there is no other more suitable status code (e.g., 1003 or 1009) or if there is a need to hide specific details about the
- * policy.
- * <p>
- * See <a href="https://tools.ietf.org/html/rfc6455#section-7.4.1">RFC 6455, Section 7.4.1 Defined Status Codes</a>.
- */
- static final int POLICY_VIOLATION = 1008;
-
- /**
- * Explanatory text for the client to explain why the connection is getting aborted
- */
- static final String ORIGIN_MISMATCH = "Origin mismatch";
-
private final WebRequest webRequest;
private final int pageId;
private final String resourceName;
@@ -100,7 +88,7 @@ public abstract class AbstractWebSocketProcessor implements IWebSocketProcessor
private final String sessionId;
private final WebSocketSettings webSocketSettings;
private final IWebSocketConnectionRegistry connectionRegistry;
- private final IWebSocketConnectionFilter connectionFilter;
+ private final WebSocketConnectionFilterCollection connectionFilters;
private final HttpServletRequest servletRequest;
/**
@@ -145,7 +133,8 @@ public abstract class AbstractWebSocketProcessor implements IWebSocketProcessor
this.connectionRegistry = webSocketSettings.getConnectionRegistry();
- this.connectionFilter = new WebSocketConnectionOriginFilter(webSocketSettings);
+ this.connectionFilters = new WebSocketConnectionFilterCollection();
+ connectionFilters.add(new WebSocketConnectionOriginFilter(webSocketSettings));
}
@Override
@@ -172,12 +161,12 @@ public abstract class AbstractWebSocketProcessor implements IWebSocketProcessor
IKey key = getRegistryKey();
try {
connectionRegistry.setConnection(getApplication(), getSessionId(), key, connection);
- connectionFilter.doFilter(servletRequest);
+ connectionFilters.doFilter(servletRequest);
broadcastMessage(new ConnectedMessage(getApplication(), getSessionId(), key));
} catch (ConnectionRejectedException e) {
broadcastMessage(new AbortedMessage(getApplication(), getSessionId(), key));
connectionRegistry.removeConnection(getApplication(), getSessionId(), key);
- connection.close(POLICY_VIOLATION, ORIGIN_MISMATCH);
+ connection.close(e.getCode(), e.getReason());
}
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/ConnectionRejectedException.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/ConnectionRejectedException.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/ConnectionRejectedException.java
index 15af612..16834f4 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/ConnectionRejectedException.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/ConnectionRejectedException.java
@@ -18,4 +18,21 @@ package org.apache.wicket.protocol.ws.api;
public class ConnectionRejectedException extends RuntimeException {
+ private static final long serialVersionUID = 4552012810343573564L;
+
+ private final int code;
+ private final String reason;
+
+ public ConnectionRejectedException(int code, String reason) {
+ this.code = code;
+ this.reason = reason;
+ }
+
+ public int getCode() {
+ return code;
+ }
+
+ public String getReason() {
+ return reason;
+ }
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/FilterCollection.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/FilterCollection.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/FilterCollection.java
new file mode 100644
index 0000000..2bbde0e
--- /dev/null
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/FilterCollection.java
@@ -0,0 +1,64 @@
+package org.apache.wicket.protocol.ws.api;
+
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.concurrent.CopyOnWriteArrayList;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Represents a collection of filters. Facilitates invocation of filtering on each filter.
+ *
+ * @author Gergely Nagy
+ *
+ * @param <T>
+ * type of filters
+ */
+public class FilterCollection<T> implements Serializable, Iterable<T> {
+
+ private static final long serialVersionUID = -7389583130277632264L;
+
+ /** list of listeners */
+ private final List<T> filters = new CopyOnWriteArrayList<>();
+
+ /**
+ * Adds a filter to this set of filters.
+ *
+ * @param filter
+ * The filter to add
+ * @return {@code true} if the filter was added
+ */
+ public boolean add(final T filter)
+ {
+ if (filter == null)
+ {
+ return false;
+ }
+ filters.add(filter);
+ return true;
+ }
+
+ /**
+ * Removes a filter from this set.
+ *
+ * @param filter
+ * The filter to remove
+ */
+ public void remove(final T filter)
+ {
+ filters.remove(filter);
+ }
+
+ /**
+ * Returns an iterator that can iterate the filter.
+ *
+ * @return an iterator that can iterate the filters.
+ */
+ @Override
+ public Iterator<T> iterator() {
+ return filters.iterator();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionFilterCollection.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionFilterCollection.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionFilterCollection.java
new file mode 100644
index 0000000..66622b1
--- /dev/null
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionFilterCollection.java
@@ -0,0 +1,18 @@
+package org.apache.wicket.protocol.ws.api;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class WebSocketConnectionFilterCollection extends
+ FilterCollection<IWebSocketConnectionFilter> implements
+ IWebSocketConnectionFilter {
+
+ private static final long serialVersionUID = 3953951891780895469L;
+
+ @Override
+ public void doFilter(HttpServletRequest servletRequest) {
+ for (IWebSocketConnectionFilter filter : this) {
+ filter.doFilter(servletRequest);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionOriginFilter.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionOriginFilter.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionOriginFilter.java
index 655ed30..bc08c98 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionOriginFilter.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/WebSocketConnectionOriginFilter.java
@@ -24,8 +24,32 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.protocol.ws.WebSocketSettings;
+/**
+ * This filter will reject those requests which contain 'Origin' header that does not match the origin of the
+ * application host. This kind of extended security might be necessary if the application needs to enforce the
+ * Same Origin Policy which is not provided by the HTML5 WebSocket protocol.
+ *
+ * @see <a href="http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html">http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html</a>
+ *
+ * @author Gergely Nagy
+ *
+ */
public class WebSocketConnectionOriginFilter implements IWebSocketConnectionFilter {
+ /**
+ * 1008 indicates that an endpoint is terminating the connection because it has received a message that violates its policy. This is a generic status code
+ * that can be returned when there is no other more suitable status code (e.g., 1003 or 1009) or if there is a need to hide specific details about the
+ * policy.
+ * <p>
+ * See <a href="https://tools.ietf.org/html/rfc6455#section-7.4.1">RFC 6455, Section 7.4.1 Defined Status Codes</a>.
+ */
+ public static final int POLICY_VIOLATION = 1008;
+
+ /**
+ * Explanatory text for the client to explain why the connection is getting aborted
+ */
+ public static final String ORIGIN_MISMATCH = "Origin mismatch";
+
private final WebSocketSettings webSocketSettings;
public WebSocketConnectionOriginFilter(WebSocketSettings webSocketSettings) {
@@ -37,7 +61,7 @@ public class WebSocketConnectionOriginFilter implements IWebSocketConnectionFilt
if (webSocketSettings.isHijackingProtectionEnabled()) {
String oUrl = getOriginUrl(servletRequest);
if (invalid(oUrl))
- throw new ConnectionRejectedException();
+ throw new ConnectionRejectedException(POLICY_VIOLATION, ORIGIN_MISMATCH);
}
}
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/event/WebSocketAbortedPayload.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/event/WebSocketAbortedPayload.java b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/event/WebSocketAbortedPayload.java
index 5a19ad4..f19aa95 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/event/WebSocketAbortedPayload.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/api/event/WebSocketAbortedPayload.java
@@ -20,7 +20,7 @@ import org.apache.wicket.protocol.ws.api.WebSocketRequestHandler;
import org.apache.wicket.protocol.ws.api.message.AbortedMessage;
/**
- * * Payload for event broadcasting when the server aborted a WebSocket connection
+ * Payload for event broadcasting when the server aborted a WebSocket connection
*
* @since 7.0.0-M5
*/
http://git-wip-us.apache.org/repos/asf/wicket/blob/5311b163/wicket-native-websocket/wicket-native-websocket-core/src/test/java/org/apache/wicket/protocol/ws/util/tester/WebSocketTesterProcessorTest.java
----------------------------------------------------------------------
diff --git a/wicket-native-websocket/wicket-native-websocket-core/src/test/java/org/apache/wicket/protocol/ws/util/tester/WebSocketTesterProcessorTest.java b/wicket-native-websocket/wicket-native-websocket-core/src/test/java/org/apache/wicket/protocol/ws/util/tester/WebSocketTesterProcessorTest.java
index b47b8af..cf9fa80 100644
--- a/wicket-native-websocket/wicket-native-websocket-core/src/test/java/org/apache/wicket/protocol/ws/util/tester/WebSocketTesterProcessorTest.java
+++ b/wicket-native-websocket/wicket-native-websocket-core/src/test/java/org/apache/wicket/protocol/ws/util/tester/WebSocketTesterProcessorTest.java
@@ -66,8 +66,7 @@ public class WebSocketTesterProcessorTest extends Assert {
@Before
public void before() {
tester = new WicketTester(application);
- WebApplication webApplication = tester.getApplication();
- webApplication.getWicketFilter().setFilterPath("");
+ application.getWicketFilter().setFilterPath("");
}
@After