You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by jo...@apache.org on 2010/03/17 00:39:34 UTC
svn commit: r924054 - in /shindig/trunk/java: common/conf/
gadgets/src/main/java/org/apache/shindig/gadgets/uri/
gadgets/src/test/java/org/apache/shindig/gadgets/uri/
Author: johnh
Date: Tue Mar 16 23:39:34 2010
New Revision: 924054
URL: http://svn.apache.org/viewvc?rev=924054&view=rev
Log:
Relaxes host and path checks in concat and proxy URI parsing.
Modified:
shindig/trunk/java/common/conf/shindig.properties
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManager.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManager.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManagerTest.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManagerTest.java
Modified: shindig/trunk/java/common/conf/shindig.properties
URL: http://svn.apache.org/viewvc/shindig/trunk/java/common/conf/shindig.properties?rev=924054&r1=924053&r2=924054&view=diff
==============================================================================
--- shindig/trunk/java/common/conf/shindig.properties (original)
+++ shindig/trunk/java/common/conf/shindig.properties Tue Mar 16 23:39:34 2010
@@ -121,3 +121,12 @@ shindig.http.client.max-object-size-byte
# true to force strict content type checking for requests made to API endpoints.
# E.g. require application/json for JSON-RPC
shindig.api.disallow-unknown-content-types=true
+
+# Strict-mode parsing for proxy and concat URIs ensures that the authority/host and path
+# for the URIs match precisely what is found in the container config for it. This is
+# useful where statistics and traffic routing patterns, typically in large installations,
+# key on hostname (and occasionally path). Enforcing this does come at the cost that
+# mismatches break, which in turn mandates that URI generation always happen in consistent
+# fashion, ie. by the class itself or tightly controlled code.
+shindig.uri.proxy.use-strict-parsing=false
+shindig.uri.concat.use-strict-parsing=false
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManager.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManager.java?rev=924054&r1=924053&r2=924054&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManager.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManager.java Tue Mar 16 23:39:34 2010
@@ -22,6 +22,7 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.internal.Nullable;
+import com.google.inject.name.Named;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.shindig.common.uri.Uri;
@@ -45,12 +46,19 @@ public class DefaultConcatUriManager imp
private final ContainerConfig config;
private final Versioner versioner;
+ private boolean strictParsing;
@Inject
public DefaultConcatUriManager(ContainerConfig config, @Nullable Versioner versioner) {
this.config = config;
this.versioner = versioner;
}
+
+ @Inject(optional = true)
+ public void setUseStrictParsing(
+ @Named("shindig.uri.concat.use-strict-parsing") String useStrict) {
+ this.strictParsing = Boolean.parseBoolean(useStrict);
+ }
public List<ConcatData> make(List<ConcatUri> resourceUris,
boolean isAdjacent) {
@@ -149,15 +157,17 @@ public class DefaultConcatUriManager imp
public ConcatUri process(Uri uri) {
String container = uri.getQueryParameter(Param.CONTAINER.getKey());
- if (container == null) {
+ if (strictParsing && container == null) {
return BAD_URI;
}
- String concatHost = getReqVal(container, CONCAT_HOST_PARAM);
- String concatPath = getReqVal(container, CONCAT_PATH_PARAM);
- if (!uri.getAuthority().equalsIgnoreCase(concatHost) ||
- !uri.getPath().equals(concatPath)) {
- return BAD_URI;
+ if (strictParsing) {
+ String concatHost = getReqVal(container, CONCAT_HOST_PARAM);
+ String concatPath = getReqVal(container, CONCAT_PATH_PARAM);
+ if (!uri.getAuthority().equalsIgnoreCase(concatHost) ||
+ !uri.getPath().equals(concatPath)) {
+ return BAD_URI;
+ }
}
// At this point the Uri is at least concat.
Modified: shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManager.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManager.java?rev=924054&r1=924053&r2=924054&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManager.java (original)
+++ shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManager.java Tue Mar 16 23:39:34 2010
@@ -22,6 +22,7 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.internal.Nullable;
+import com.google.inject.name.Named;
import org.apache.commons.lang.StringUtils;
import org.apache.shindig.config.ContainerConfig;
@@ -66,6 +67,7 @@ public class DefaultProxyUriManager impl
private final ContainerConfig config;
private final Versioner versioner;
+ private boolean strictParsing = false;
@Inject
public DefaultProxyUriManager(ContainerConfig config,
@@ -74,6 +76,11 @@ public class DefaultProxyUriManager impl
this.versioner = versioner;
}
+ @Inject(optional = true)
+ public void setUseStrictParsing(@Named("shindig.uri.proxy.use-strict-parsing") String useStrict) {
+ this.strictParsing = Boolean.parseBoolean(useStrict);
+ }
+
public List<Uri> make(List<ProxyUri> resources, Integer forcedRefresh) {
List<Uri> result = Lists.newArrayListWithCapacity(resources.size());
@@ -198,6 +205,12 @@ public class DefaultProxyUriManager impl
}
}
}
+
+ if (!strictParsing && container != null && StringUtils.isEmpty(uriStr)) {
+ // Query-style despite the container being configured for chained style.
+ uriStr = uriIn.getQueryParameter(Param.URL.getKey());
+ queryUri = uriIn;
+ }
// Parameter validation.
if (StringUtils.isEmpty(uriStr) || StringUtils.isEmpty(container)) {
@@ -210,7 +223,7 @@ public class DefaultProxyUriManager impl
String queryHost = config.getString(container, PROXY_HOST_PARAM);
if (queryHost == null ||
- !queryHost.equalsIgnoreCase(uriIn.getAuthority())) {
+ (strictParsing && !queryHost.equalsIgnoreCase(uriIn.getAuthority()))) {
throw new GadgetException(GadgetException.Code.INVALID_PATH, "Invalid proxy host",
HttpResponse.SC_BAD_REQUEST);
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManagerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManagerTest.java?rev=924054&r1=924053&r2=924054&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManagerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultConcatUriManagerTest.java Tue Mar 16 23:39:34 2010
@@ -202,6 +202,15 @@ public class DefaultConcatUriManagerTest
}
@Test
+ public void validateNoContainerStrict() {
+ DefaultConcatUriManager manager = makeManager("host.com", "/path", null, null);
+ manager.setUseStrictParsing("true");
+ ConcatUriManager.ConcatUri validated =
+ manager.process(Uri.parse("http://host.com/path?q=f"));
+ assertEquals(UriStatus.BAD_URI, validated.getStatus());
+ }
+
+ @Test
public void validateNoContainer() {
DefaultConcatUriManager manager = makeManager("host.com", "/path", null, null);
ConcatUriManager.ConcatUri validated =
@@ -210,20 +219,22 @@ public class DefaultConcatUriManagerTest
}
@Test
- public void validateHostMismatch() {
+ public void validateHostMismatchStrict() {
DefaultConcatUriManager manager = makeManager("host.com", "/path", null, null);
+ manager.setUseStrictParsing("true");
ConcatUriManager.ConcatUri validated =
manager.process(Uri.parse("http://another.com/path?" +
- Param.CONTAINER.getKey() + "=" + CONTAINER));
+ Param.CONTAINER.getKey() + "=" + CONTAINER + "&type=css"));
assertEquals(UriStatus.BAD_URI, validated.getStatus());
}
@Test
- public void validatePathMismatch() {
+ public void validatePathMismatchStrict() {
DefaultConcatUriManager manager = makeManager("host.com", "/path", null, null);
+ manager.setUseStrictParsing("true");
ConcatUriManager.ConcatUri validated =
manager.process(Uri.parse("http://host.com/another?" +
- Param.CONTAINER.getKey() + "=" + CONTAINER));
+ Param.CONTAINER.getKey() + "=" + CONTAINER + "&type=css"));
assertEquals(UriStatus.BAD_URI, validated.getStatus());
}
Modified: shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManagerTest.java
URL: http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManagerTest.java?rev=924054&r1=924053&r2=924054&view=diff
==============================================================================
--- shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManagerTest.java (original)
+++ shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/uri/DefaultProxyUriManagerTest.java Tue Mar 16 23:39:34 2010
@@ -174,6 +174,28 @@ public class DefaultProxyUriManagerTest
}
@Test(expected = GadgetException.class)
+ public void mismatchedHostStrict() throws Exception {
+ String host = "host.com";
+ String path = "/proxy/path";
+ DefaultProxyUriManager manager = makeManager("foo" + host, path, null);
+ manager.setUseStrictParsing("true");
+ Uri testUri = new UriBuilder().setAuthority(host).setPath(path)
+ .addQueryParameter(Param.URL.getKey(), "http://foo.com").toUri();
+ manager.process(testUri);
+ }
+
+ @Test
+ public void mismatchedHostNonStrict() throws Exception {
+ String host = "host.com";
+ String path = "/proxy/path";
+ DefaultProxyUriManager manager = makeManager("foo" + host, path, null);
+ Uri testUri = new UriBuilder().setAuthority(host).setPath(path)
+ .addQueryParameter(Param.URL.getKey(), "http://foo.com")
+ .addQueryParameter(Param.CONTAINER.getKey(), CONTAINER).toUri();
+ manager.process(testUri);
+ }
+
+ @Test(expected = GadgetException.class)
public void missingContainerParamQuery() throws Exception {
String host = "host.com";
String path = "/proxy/path";