You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2015/07/19 17:21:13 UTC
[1/2] deltaspike git commit: DELTASPIKE-951 validate the content of
TestControl#startScopes
Repository: deltaspike
Updated Branches:
refs/heads/master 938e6ecb3 -> e0aabe00b
DELTASPIKE-951 validate the content of TestControl#startScopes
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/104df5f6
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/104df5f6
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/104df5f6
Branch: refs/heads/master
Commit: 104df5f6f57fad12c4fd2fbbea2cc7450f407cef
Parents: 938e6ec
Author: gpetracek <gp...@apache.org>
Authored: Fri Jul 17 13:30:03 2015 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Sun Jul 19 17:18:42 2015 +0200
----------------------------------------------------------------------
.../testcontrol/api/junit/CdiTestRunner.java | 41 ++++++-
.../testcontrol/spi/TestControlValidator.java | 32 ++++++
.../StandardContextTestControlValidator.java | 108 +++++++++++++++++++
...taspike.testcontrol.spi.TestControlValidator | 18 ++++
4 files changed, 195 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/104df5f6/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/api/junit/CdiTestRunner.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/api/junit/CdiTestRunner.java b/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/api/junit/CdiTestRunner.java
index 4ef1deb..2baf5a5 100644
--- a/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/api/junit/CdiTestRunner.java
+++ b/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/api/junit/CdiTestRunner.java
@@ -32,6 +32,7 @@ import org.apache.deltaspike.testcontrol.api.TestControl;
import org.apache.deltaspike.testcontrol.api.literal.TestControlLiteral;
import org.apache.deltaspike.testcontrol.spi.ExternalContainer;
import org.apache.deltaspike.testcontrol.spi.TestAware;
+import org.apache.deltaspike.testcontrol.spi.TestControlValidator;
import org.apache.deltaspike.testcontrol.spi.junit.TestStatementDecoratorFactory;
import org.junit.Test;
import org.junit.internal.runners.statements.FailOnTimeout;
@@ -479,7 +480,7 @@ public class CdiTestRunner extends BlockJUnit4ClassRunner
restrictedScopes.add(SessionScoped.class);
}
- startScopes(container, restrictedScopes.toArray(new Class[restrictedScopes.size()]));
+ startScopes(container, testClass, null, restrictedScopes.toArray(new Class[restrictedScopes.size()]));
}
private void bootExternalContainers(Class testClass)
@@ -584,7 +585,7 @@ public class CdiTestRunner extends BlockJUnit4ClassRunner
ProjectStageProducer.setProjectStage(this.projectStage);
setCurrentTestMethod(testMethod);
- startScopes(CdiContainerLoader.getCdiContainer());
+ startScopes(CdiContainerLoader.getCdiContainer(), testMethod.getDeclaringClass(), testMethod);
}
void applyAfterMethodConfig()
@@ -609,7 +610,10 @@ public class CdiTestRunner extends BlockJUnit4ClassRunner
CdiTestSuiteRunner.setContainerStarted(true);
}
- private void startScopes(CdiContainer container, Class<? extends Annotation>... restrictedScopes)
+ private void startScopes(CdiContainer container,
+ Class testClass,
+ Method testMethod,
+ Class<? extends Annotation>... restrictedScopes)
{
try
{
@@ -621,10 +625,39 @@ public class CdiTestRunner extends BlockJUnit4ClassRunner
Collections.addAll(scopeClasses, this.testControl.startScopes());
- if (this.testControl.startScopes().length == 0)
+ if (scopeClasses.isEmpty())
{
addScopesForDefaultBehavior(scopeClasses);
}
+ else
+ {
+ List<TestControlValidator> testControlValidatorList =
+ ServiceUtils.loadServiceImplementations(TestControlValidator.class);
+
+ for (TestControlValidator testControlValidator : testControlValidatorList)
+ {
+ if (testControlValidator instanceof TestAware)
+ {
+ if (testMethod != null)
+ {
+ ((TestAware)testControlValidator).setTestMethod(testMethod);
+ }
+ ((TestAware)testControlValidator).setTestClass(testClass);
+ }
+ try
+ {
+ testControlValidator.validate(this.testControl);
+ }
+ finally
+ {
+ if (testControlValidator instanceof TestAware)
+ {
+ ((TestAware)testControlValidator).setTestClass(null);
+ ((TestAware)testControlValidator).setTestMethod(null);
+ }
+ }
+ }
+ }
for (Class<? extends Annotation> scopeAnnotation : scopeClasses)
{
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/104df5f6/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/spi/TestControlValidator.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/spi/TestControlValidator.java b/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/spi/TestControlValidator.java
new file mode 100644
index 0000000..d581399
--- /dev/null
+++ b/deltaspike/modules/test-control/api/src/main/java/org/apache/deltaspike/testcontrol/spi/TestControlValidator.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.testcontrol.spi;
+
+import org.apache.deltaspike.core.spi.activation.Deactivatable;
+import org.apache.deltaspike.testcontrol.api.TestControl;
+
+/**
+ * Allows to provide a different validator which could
+ * allow e.g. more scope-annotations (if a custom cdi-control implementation supports that custom contexts as well).
+ * A custom validator could also validate e.g. the usage of project-stages,...
+ */
+public interface TestControlValidator extends Deactivatable
+{
+ void validate(TestControl testControl);
+}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/104df5f6/deltaspike/modules/test-control/impl/src/main/java/org/apache/deltaspike/testcontrol/impl/validation/StandardContextTestControlValidator.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/test-control/impl/src/main/java/org/apache/deltaspike/testcontrol/impl/validation/StandardContextTestControlValidator.java b/deltaspike/modules/test-control/impl/src/main/java/org/apache/deltaspike/testcontrol/impl/validation/StandardContextTestControlValidator.java
new file mode 100644
index 0000000..177a01c
--- /dev/null
+++ b/deltaspike/modules/test-control/impl/src/main/java/org/apache/deltaspike/testcontrol/impl/validation/StandardContextTestControlValidator.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.testcontrol.impl.validation;
+
+import org.apache.deltaspike.cdise.api.CdiContainerLoader;
+import org.apache.deltaspike.testcontrol.api.TestControl;
+import org.apache.deltaspike.testcontrol.spi.TestAware;
+import org.apache.deltaspike.testcontrol.spi.TestControlValidator;
+
+import javax.enterprise.inject.Typed;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+@Typed()
+public class StandardContextTestControlValidator implements TestAware, TestControlValidator
+{
+ private static Boolean customContextControlDetected;
+
+ private static ThreadLocal<Class> currentTestClass = new ThreadLocal<Class>();
+ private static ThreadLocal<Method> currentTestMethod = new ThreadLocal<Method>();
+
+ @Override
+ public void validate(TestControl testControl)
+ {
+ checkActiveContextControlImplementation();
+
+ List<Class<? extends Annotation>> scopeClasses = new ArrayList<Class<? extends Annotation>>();
+ Collections.addAll(scopeClasses, testControl.startScopes());
+
+ validateSupportedScopes(scopeClasses, currentTestClass.get(), currentTestMethod.get());
+ }
+
+ private void checkActiveContextControlImplementation()
+ {
+ if (customContextControlDetected != null)
+ {
+ return;
+ }
+
+ customContextControlDetected = !CdiContainerLoader.getCdiContainer().getContextControl()
+ .getClass().getName().startsWith("org.apache.deltaspike.");
+ }
+
+ private void validateSupportedScopes(List<Class<? extends Annotation>> scopeClasses,
+ Class<?> declaringClass,
+ Method testMethod)
+ {
+ //skip validation in case of a custom context-control implementation (it might support more scopes)
+ if (Boolean.TRUE.equals(customContextControlDetected))
+ {
+ return;
+ }
+
+ for (Class<? extends Annotation> scopeClass : scopeClasses)
+ {
+ if (!scopeClass.getName().startsWith("javax.enterprise.context."))
+ {
+ throw new IllegalStateException("Please remove " + scopeClass.getName() + " at " + declaringClass +
+ (testMethod != null ? "#" + testMethod.getName() : "") +
+ " from @" + TestControl.class.getName() + ". @" + TestControl.class.getName() +
+ " only supports standard Scope-Annotations provided by the CDI-Specification. " +
+ "Other Contexts start automatically or need to get started with a specific Management-API. " +
+ "Examples: " +
+ "@TransactionScoped gets started automatically once the @Transactional-Interceptor is used. " +
+ "Whereas @WindowScoped starts once WindowContext#activateWindow gets called.");
+ }
+ }
+ }
+
+ @Override
+ public void setTestClass(Class testClass)
+ {
+ currentTestClass.set(testClass);
+ if (testClass == null)
+ {
+ currentTestClass.remove();
+ }
+ }
+
+ @Override
+ public void setTestMethod(Method testMethod)
+ {
+ currentTestMethod.set(testMethod);
+ if (testMethod == null)
+ {
+ currentTestMethod.remove();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/104df5f6/deltaspike/modules/test-control/impl/src/main/resources/META-INF/services/org.apache.deltaspike.testcontrol.spi.TestControlValidator
----------------------------------------------------------------------
diff --git a/deltaspike/modules/test-control/impl/src/main/resources/META-INF/services/org.apache.deltaspike.testcontrol.spi.TestControlValidator b/deltaspike/modules/test-control/impl/src/main/resources/META-INF/services/org.apache.deltaspike.testcontrol.spi.TestControlValidator
new file mode 100644
index 0000000..f4c7592
--- /dev/null
+++ b/deltaspike/modules/test-control/impl/src/main/resources/META-INF/services/org.apache.deltaspike.testcontrol.spi.TestControlValidator
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+org.apache.deltaspike.testcontrol.impl.validation.StandardContextTestControlValidator
\ No newline at end of file
[2/2] deltaspike git commit: DELTASPIKE-960 use maxWindowIdCount for
window-id cookies
Posted by gp...@apache.org.
DELTASPIKE-960 use maxWindowIdCount for window-id cookies
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/e0aabe00
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/e0aabe00
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/e0aabe00
Branch: refs/heads/master
Commit: e0aabe00b3578fbe65095b34faf3533689c053c5
Parents: 104df5f
Author: gpetracek <gp...@apache.org>
Authored: Sun Jul 19 15:03:32 2015 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Sun Jul 19 17:18:43 2015 +0200
----------------------------------------------------------------------
.../component/window/WindowIdHtmlRenderer.java | 29 ++++++++++++--------
1 file changed, 17 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e0aabe00/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/component/window/WindowIdHtmlRenderer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/component/window/WindowIdHtmlRenderer.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/component/window/WindowIdHtmlRenderer.java
index 7cd2e03..6a2ea7a 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/component/window/WindowIdHtmlRenderer.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/component/window/WindowIdHtmlRenderer.java
@@ -63,16 +63,13 @@ public class WindowIdHtmlRenderer extends Renderer
ClientWindowConfig.ClientWindowRenderMode clientWindowRenderMode =
clientWindowConfig.getClientWindowRenderMode(context);
+ boolean delegatedWindowMode =
+ ClientWindowConfig.ClientWindowRenderMode.DELEGATED.equals(clientWindowRenderMode);
+
// don't cut the windowId generated from JSF
- if (!ClientWindowConfig.ClientWindowRenderMode.DELEGATED.equals(clientWindowRenderMode))
+ if (!delegatedWindowMode)
{
- //already ensured by DefaultClientWindow
- //just to ensure that we don't get a security issue in case of a customized client-window implementation
- //will never happen usually -> no real overhead
- if (windowId != null && windowId.length() > this.maxWindowIdCount)
- {
- windowId = windowId.substring(0, this.maxWindowIdCount);
- }
+ windowId = secureWindowId(windowId);
}
ResponseWriter writer = context.getResponseWriter();
@@ -84,14 +81,13 @@ public class WindowIdHtmlRenderer extends Renderer
writer.write("'storeWindowTree':'" + clientWindowConfig.isClientWindowStoreWindowTreeEnabled() + "'");
// see #729
- if (clientWindow.isInitialRedirectSupported(context))
+ if (!delegatedWindowMode && clientWindow.isInitialRedirectSupported(context))
{
Object cookie = ClientWindowHelper.getRequestWindowIdCookie(context, windowId);
if (cookie != null && cookie instanceof Cookie)
{
Cookie servletCookie = (Cookie) cookie;
- writer.write(",'initialRedirectWindowId':'" + servletCookie.getValue() + "'");
-
+ writer.write(",'initialRedirectWindowId':'" + secureWindowId(servletCookie.getValue()) + "'");
// expire/remove cookie
servletCookie.setMaxAge(0);
((HttpServletResponse) context.getExternalContext().getResponse()).addCookie(servletCookie);
@@ -103,6 +99,16 @@ public class WindowIdHtmlRenderer extends Renderer
writer.endElement("script");
}
+ protected String secureWindowId(String windowId)
+ {
+ //restrict the length to prevent script-injection
+ if (windowId != null && windowId.length() > this.maxWindowIdCount)
+ {
+ windowId = windowId.substring(0, this.maxWindowIdCount);
+ }
+ return windowId;
+ }
+
private void lazyInit()
{
if (clientWindow == null)
@@ -118,5 +124,4 @@ public class WindowIdHtmlRenderer extends Renderer
}
}
}
-
}