You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by cz...@apache.org on 2023/05/13 06:59:09 UTC
[felix-dev] branch http-4.x updated: FELIX-6608 : Forward attributes should not be blocked within include
This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch http-4.x
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/http-4.x by this push:
new 4e32da4cfd FELIX-6608 : Forward attributes should not be blocked within include
4e32da4cfd is described below
commit 4e32da4cfd9eec1a586bc7a21532be539f0290c6
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Sat May 13 08:59:02 2023 +0200
FELIX-6608 : Forward attributes should not be blocked within include
---
.../internal/dispatch/ServletRequestWrapper.java | 38 +++++++++++++++++-----
.../internal/dispatch/ServletResponseWrapper.java | 2 +-
http/bridge/pom.xml | 2 +-
http/itest/pom.xml | 2 +-
http/jetty/pom.xml | 2 +-
5 files changed, 34 insertions(+), 12 deletions(-)
diff --git a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java
index 551ad880e7..0e0700981c 100644
--- a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java
+++ b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletRequestWrapper.java
@@ -39,8 +39,12 @@ import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import javax.servlet.AsyncContext;
import javax.servlet.DispatcherType;
@@ -69,10 +73,11 @@ import org.osgi.service.useradmin.Authorization;
final class ServletRequestWrapper extends HttpServletRequestWrapper
{
- private static final List<String> FORBIDDEN_ATTRIBUTES = Arrays.asList(FORWARD_CONTEXT_PATH,
- FORWARD_MAPPING, FORWARD_PATH_INFO, FORWARD_QUERY_STRING, FORWARD_REQUEST_URI, FORWARD_SERVLET_PATH,
- INCLUDE_CONTEXT_PATH, INCLUDE_MAPPING, INCLUDE_PATH_INFO, INCLUDE_QUERY_STRING, INCLUDE_REQUEST_URI,
- INCLUDE_SERVLET_PATH);
+ private static final List<String> FORWARD_ATTRIBUTES = Arrays.asList(FORWARD_CONTEXT_PATH,
+ FORWARD_MAPPING, FORWARD_PATH_INFO, FORWARD_QUERY_STRING, FORWARD_REQUEST_URI, FORWARD_SERVLET_PATH);
+
+ private static final List<String> INCLUDE_ATTRIBUTES = Arrays.asList(INCLUDE_CONTEXT_PATH,
+ INCLUDE_MAPPING, INCLUDE_PATH_INFO, INCLUDE_QUERY_STRING, INCLUDE_REQUEST_URI, INCLUDE_SERVLET_PATH);
private final DispatcherType type;
private final RequestInfo requestInfo;
@@ -133,9 +138,11 @@ final class ServletRequestWrapper extends HttpServletRequestWrapper
{
return this.requestInfo;
}
- }
- else if (isForwardingDispatcher() && !this.requestInfo.nameMatch)
- {
+ // include might be contained within a forward, allow forward attributes
+ else if (FORWARD_ATTRIBUTES.contains(name) ) {
+ return super.getAttribute(name);
+ }
+ } else if (isForwardingDispatcher() && !this.requestInfo.nameMatch) {
// The javax.servlet.forward.* attributes refer to the information of the *original* request,
// meaning that the request information comes from the *forwarded* request...
if (FORWARD_REQUEST_URI.equals(name))
@@ -163,12 +170,27 @@ final class ServletRequestWrapper extends HttpServletRequestWrapper
return super.getHttpServletMapping();
}
}
- if ( FORBIDDEN_ATTRIBUTES.contains(name) ) {
+ // block all special attributes
+ if (INCLUDE_ATTRIBUTES.contains(name) || FORWARD_ATTRIBUTES.contains(name)) {
return null;
}
return super.getAttribute(name);
}
+ @Override
+ public Enumeration<String> getAttributeNames() {
+ if ( isForwardingDispatcher() || isInclusionDispatcher() ) {
+ final Set<String> allNames = new HashSet<>(Collections.list(super.getAttributeNames()));
+ if ( isForwardingDispatcher() ) {
+ allNames.addAll(FORWARD_ATTRIBUTES);
+ } else {
+ allNames.addAll(INCLUDE_ATTRIBUTES);
+ }
+ return Collections.enumeration(allNames);
+ }
+ return super.getAttributeNames();
+ }
+
@Override
public String getAuthType()
{
diff --git a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java
index 0f93898026..b3b13d6cc6 100644
--- a/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java
+++ b/http/base/src/main/java/org/apache/felix/http/base/internal/dispatch/ServletResponseWrapper.java
@@ -124,7 +124,7 @@ final class ServletResponseWrapper extends HttpServletResponseWrapper
final ServletRequestWrapper reqWrapper = new ServletRequestWrapper(request,
errorResolution.getContext(),
requestInfo,
- null,
+ DispatcherType.ERROR,
false,
null,
null);
diff --git a/http/bridge/pom.xml b/http/bridge/pom.xml
index a40862b632..daf9be0b3f 100644
--- a/http/bridge/pom.xml
+++ b/http/bridge/pom.xml
@@ -143,7 +143,7 @@
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>4.2.6</version>
+ <version>4.2.7-SNAPSHOT</version>
</dependency>
</dependencies>
diff --git a/http/itest/pom.xml b/http/itest/pom.xml
index 00c960aa11..e4db19463e 100644
--- a/http/itest/pom.xml
+++ b/http/itest/pom.xml
@@ -35,7 +35,7 @@
<pax.exam.version>4.13.1</pax.exam.version>
<pax.url.aether.version>2.6.2</pax.url.aether.version>
<http.servlet.api.version>2.0.0</http.servlet.api.version>
- <http.jetty.version>4.2.11-SNAPSHOT</http.jetty.version>
+ <http.jetty.version>4.2.13-SNAPSHOT</http.jetty.version>
</properties>
<build>
diff --git a/http/jetty/pom.xml b/http/jetty/pom.xml
index ff34268322..55062ac8a3 100644
--- a/http/jetty/pom.xml
+++ b/http/jetty/pom.xml
@@ -401,7 +401,7 @@
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.http.base</artifactId>
- <version>4.2.6</version>
+ <version>4.2.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>