You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:13:30 UTC
[sling-org-apache-sling-security] annotated tag
org.apache.sling.security-1.0.12 created (now a5082ed)
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git.
at a5082ed (tag)
tagging 2f067664d07102ea970adda08c56c0587a2b6479 (commit)
by Antonio Sanso
on Thu Aug 20 07:49:34 2015 +0000
- Log -----------------------------------------------------------------
org.apache.sling.security-1.0.12
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new 039593a SLING-2141 - Add a way to check the referrer for modification requests
new 6b5f16b Ignore target
new 78f00c6 SLING-2141 - Add a way to check the referrer for modification requests
new ac5acb3 SLING-2141 - Add a way to check the referrer for modification requests
new 8256705 SLING-2141 - Add a way to check the referrer for modification requests
new 2e74bb2 SLING-2141 - Add a way to check the referrer for modification requests
new a493d9f SLING-2150 : Update plugins to use the latest available versions
new 2989f95 SLING-2141 : Update localhost and server handling
new bb90451 Update to recent snapshot
new 3f3a1c3 Allow empty referrers by default
new ea48c8c Update default list
new e782ad3 Using latest released parent pom
new 04c948c SLING-2664 : Use global filter instead of Sling filter
new dfbcc57 Use latest Commons OSGi and return 403 instead of 500
new d87917c SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes)
new 23166c5 SLING-2200 - adding a configuration printer to the referrer filter
new 01f70f8 Remove duplicate entry
new 7a45910 SLING-2279 : ReferrerFilter should not reverse lookup the IPs of interfaces. Apply patch from Tobias Bocanegra
new ceda7a9 [maven-release-plugin] prepare release org.apache.sling.security-1.0.0
new d431bfd [maven-release-plugin] prepare for next development iteration
new 37a4ee1 Use latest parent pom in all projects
new 9962937 Use latest parent pom everywhere
new c537035 Set svn:ignore
new b9b53a5 SLING-2694 : Only check referrer header if request is from a browser
new fa7665e [maven-release-plugin] prepare release org.apache.sling.security-1.0.2
new 38c657b [maven-release-plugin] prepare for next development iteration
new 64faf10 Use latest releases and update to new parent pom
new 0f149ec Update to latest parent pom and use latest releases in launchpad
new fbfc8e8 SLING-2836 : Missing @(De)Activate annotations in ReferrerFilter#(de)activate() methods cause Sling Referrer Filter Tab clones
new 4c40987 [maven-release-plugin] prepare release org.apache.sling.security-1.0.4
new 6c3a2d5 [maven-release-plugin] prepare for next development iteration
new fc2c9e5 Correct reactor pom and update to parent pom 16
new 45dec5c FELIX-2870 : Support allowed hosts patterns in ReferrerFilter . Apply patch from Timothee Maret
new 604b0b7 [maven-release-plugin] prepare release org.apache.sling.security-1.0.6
new 6bd5364 [maven-release-plugin] prepare for next development iteration
new a456ca7 SLING-4019 - ReferrerFilter should have DEFAULT_ALLOW_EMPTY set to false
new daac5d7 SLING-4019 - ReferrerFilter should have DEFAULT_ALLOW_EMPTY set to false
new 16d9866 [maven-release-plugin] prepare release org.apache.sling.security-1.0.8
new a04352b [maven-release-plugin] prepare for next development iteration
new bd06fa0 SLING-3829 - Add support for Content-Disposition attachment
new 5621fdb [maven-release-plugin] prepare release org.apache.sling.security-1.0.10
new 1bbc61c [maven-release-plugin] prepare for next development iteration
new b53e819 Remove duplicate dependency
new 66f4cf3 Use latest parent pom
new 19340b9 Update contrib modules to Parent 23
new 9f722df set parent version to 24 and add empty relativePath where missing
new bdc9688 SLING-4604 - Multiple Content-Disposition headers added
new 11ae6ca SLING-4604 - Multiple Content-Disposition headers added
new 5137124 SLING-4883 - Extend content disposition filter protection to jcr:data
new e9d32c8 SLING-4883 - Extend content disposition filter protection to jcr:data
new 0ff3107 SLING-4883 - Extend content disposition filter protection to jcr:data
new 19b2034 SLING-4883 - Extend content disposition filter protection to jcr:data
new 25c5733 SLING-4883 - Extend content disposition filter protection to jcr:data
new ffbe306 SLING-4883 - Extend content disposition filter protection to jcr:data
new 982486c [maven-release-plugin] prepare release org.apache.sling.security-1.0.12
new 2f06766 [maven-release-plugin] copy for tag org.apache.sling.security-1.0.12
The 56 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-security] 09/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit e9d32c81f974d3eada419ea17829165100303ca0
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Mon Jul 20 12:13:30 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
* unit tests
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1691919 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ContentDispositionFilterTest.java | 40 ++++++++++++++++++----
1 file changed, 34 insertions(+), 6 deletions(-)
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 2bde7d4..17614aa 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -424,18 +424,20 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
- will(returnValue("/content/usergenerated"));
+ will(returnValue("/content/usergenerated/"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
}
});
rewriterResponse.setContentType("text/html");
- //Assert.assertEquals(1, counter.intValue());
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -562,7 +564,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -579,6 +586,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("image/jpeg");
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -705,7 +713,13 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
context.checking(new Expectations() {
{
@@ -722,6 +736,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("image/jpeg");
+ Assert.assertEquals(1, counter.intValue());
}
/**
@@ -746,7 +761,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -766,6 +786,7 @@ public class ContentDispositionFilterTest {
});
rewriterResponse.setContentType("text/html");
rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(1, counter.intValue());
}
/**
* Test repeated setContentType calls don't add multiple headers, case 2 changing mime type
@@ -789,7 +810,13 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
context.checking(new Expectations() {
{
@@ -813,5 +840,6 @@ public class ContentDispositionFilterTest {
});
rewriterResponse.setContentType("text/html");
rewriterResponse.setContentType("text/xml");
+ Assert.assertEquals(1, counter.intValue());
}
}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 15/15: [maven-release-plugin]
copy for tag org.apache.sling.security-1.0.12
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 2f067664d07102ea970adda08c56c0587a2b6479
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Thu Aug 20 07:49:34 2015 +0000
[maven-release-plugin] copy for tag org.apache.sling.security-1.0.12
git-svn-id: https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.security-1.0.12@1696718 13f79535-47bb-0310-9956-ffa450edef68
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 10/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 0ff3107b5bd6732b537f4f143d22f7558eb30e28
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Tue Jul 28 07:49:17 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1693013 13f79535-47bb-0310-9956-ffa450edef68
---
.../java/org/apache/sling/security/impl/ContentDispositionFilter.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 93aa4c7..8da627a 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -199,7 +199,7 @@ public class ContentDispositionFilter implements Filter {
if (contentDispositionPaths.contains(pathInfo)) {
if (contentTypesMapping.containsKey(pathInfo)) {
- Set exceptions = contentTypesMapping.get(pathInfo);
+ Set <String> exceptions = contentTypesMapping.get(pathInfo);
if (!exceptions.contains(type)) {
setContentDisposition();
}
@@ -211,7 +211,7 @@ public class ContentDispositionFilter implements Filter {
for (String path : contentDispositionPathsPfx) {
if (request.getPathInfo().startsWith(path)) {
if (contentTypesMapping.containsKey(path)) {
- Set exceptions = contentTypesMapping.get(path);
+ Set <String> exceptions = contentTypesMapping.get(path);
if (!exceptions.contains(type)) {
setContentDisposition();
break;
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 06/15: SLING-4604 - Multiple
Content-Disposition headers added
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit bdc96884cd9694180f0e239b68cc5ce06af00170
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Tue Jul 14 12:17:17 2015 +0000
SLING-4604 - Multiple Content-Disposition headers added
* added patch from Rob Ryan (thanks)
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1690911 13f79535-47bb-0310-9956-ffa450edef68
---
.../security/impl/ContentDispositionFilter.java | 13 +-
.../impl/ContentDispositionFilterTest.java | 150 ++++++++++++++++++++-
2 files changed, 159 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index aae95dc..9c0999d 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -173,6 +173,9 @@ public class ContentDispositionFilter implements Filter {
private static final String CONTENT_DISPOSTION_ATTACHMENT = "attachment";
+ static final String ATTRIBUTE_NAME =
+ "org.apache.sling.security.impl.ContentDispositionFilter.RewriterResponse.contentType";
+
/** The current request. */
private final SlingHttpServletRequest request;
@@ -185,8 +188,14 @@ public class ContentDispositionFilter implements Filter {
* @see javax.servlet.ServletResponseWrapper#setContentType(java.lang.String)
*/
public void setContentType(String type) {
- String pathInfo = request.getPathInfo();
+ String previousContentType = (String) request.getAttribute(ATTRIBUTE_NAME);
+
+ if (previousContentType != null && previousContentType.equals(type)) {
+ return;
+ }
+ request.setAttribute(ATTRIBUTE_NAME, type);
+ String pathInfo = request.getPathInfo();
if (contentDispositionPaths.contains(pathInfo)) {
if (contentTypesMapping.containsKey(pathInfo)) {
@@ -218,7 +227,9 @@ public class ContentDispositionFilter implements Filter {
}
private void setContentDisposition() {
+ if (!this.containsHeader(CONTENT_DISPOSTION)) {
this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
}
}
}
+}
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 91d26b1..7c989e7 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -20,9 +20,12 @@ import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
+
import junitx.util.PrivateAccessor;
+
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
+import org.apache.sling.security.impl.ContentDispositionFilter.RewriterResponse;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.integration.junit4.JUnit4Mockery;
@@ -221,6 +224,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
@@ -254,6 +260,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
@@ -282,10 +291,15 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated"));
allowing(response).setContentType("text/html");
@@ -318,6 +332,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
@@ -347,10 +364,15 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
@@ -383,6 +405,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated"));
allowing(response).setContentType("text/html");
@@ -415,6 +440,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
@@ -448,6 +476,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
@@ -480,6 +511,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated"));
allowing(response).setContentType("text/html");
@@ -508,10 +542,15 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "image/jpeg");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated"));
allowing(response).setContentType("image/jpeg");
@@ -544,6 +583,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
@@ -577,6 +619,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
@@ -609,6 +654,9 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
@@ -641,6 +689,11 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "image/jpeg");
allowing(request).getPathInfo();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("image/jpeg");
@@ -650,4 +703,95 @@ public class ContentDispositionFilterTest {
});
rewriterResponse.setContentType("image/jpeg");
}
+
+ /**
+ * Test repeated setContentType calls don't add multiple headers, case 1 resetting the same mimetype
+ * @throws Throwable
+ */
+ @Test
+ public void test_doFilter15() throws Throwable{
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ contentDispositionFilter = new ContentDispositionFilter();
+
+ final ComponentContext ctx = context.mock(ComponentContext.class);
+ final Dictionary props = new Hashtable<String, String[]>();
+ props.put("sling.content.disposition.paths", new String []{"/content/usergenerated"});
+
+ context.checking(new Expectations() {
+ {
+ allowing(ctx).getProperties();
+ will(returnValue(props));
+
}
+ });
+ PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ context.checking(new Expectations() {
+ {
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue("text/html"));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
+ allowing(request).getPathInfo();
+ will(returnValue("/content/usergenerated"));
+ allowing(response).setContentType("text/html");
+ //CONTENT DISPOSITION IS SET
+ exactly(1).of(response).addHeader("Content-Disposition", "attachment");
+ }
+ });
+ rewriterResponse.setContentType("text/html");
+ rewriterResponse.setContentType("text/html");
+ }
+ /**
+ * Test repeated setContentType calls don't add multiple headers, case 2 changing mime type
+ * @throws Throwable
+ */
+ @Test
+ public void test_doFilter16() throws Throwable{
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ contentDispositionFilter = new ContentDispositionFilter();
+
+ final ComponentContext ctx = context.mock(ComponentContext.class);
+ final Dictionary props = new Hashtable<String, String[]>();
+ props.put("sling.content.disposition.paths", new String []{"/content/usergenerated"});
+
+ context.checking(new Expectations() {
+ {
+ allowing(ctx).getProperties();
+ will(returnValue(props));
+
+ }
+ });
+ PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ context.checking(new Expectations() {
+ {
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(true));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue("text/html"));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/xml");
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
+ allowing(request).getPathInfo();
+ will(returnValue("/content/usergenerated"));
+ allowing(response).setContentType("text/html");
+ allowing(response).setContentType("text/xml");
+ //CONTENT DISPOSITION IS SET
+ exactly(1).of(response).addHeader("Content-Disposition", "attachment");
+ }
+ });
+ rewriterResponse.setContentType("text/html");
+ rewriterResponse.setContentType("text/xml");
+ }
+}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 08/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 51371244a22f83a05c40342b9666c0fb9d26a560
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Mon Jul 20 12:05:31 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
* unit tests
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1691917 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ContentDispositionFilterTest.java | 28 ++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 7c989e7..2bde7d4 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -20,6 +20,7 @@ import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
import junitx.util.PrivateAccessor;
@@ -291,7 +292,13 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -307,7 +314,8 @@ public class ContentDispositionFilterTest {
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
}
});
- rewriterResponse.setContentType("text/html");
+ rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -364,7 +372,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -381,6 +394,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -401,7 +415,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -416,6 +435,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("text/html");
+ //Assert.assertEquals(1, counter.intValue());
}
@Test
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 14/15: [maven-release-plugin]
prepare release org.apache.sling.security-1.0.12
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 982486c72cf278221e91a675b3b26e7e397e7e3a
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Thu Aug 20 07:49:20 2015 +0000
[maven-release-plugin] prepare release org.apache.sling.security-1.0.12
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1696717 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/pom.xml b/pom.xml
index d13f6ed..d3c8954 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,11 +24,11 @@
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
<version>24</version>
- <relativePath/>
+ <relativePath />
</parent>
<artifactId>org.apache.sling.security</artifactId>
- <version>1.0.11-SNAPSHOT</version>
+ <version>1.0.12</version>
<packaging>bundle</packaging>
<name>Apache Sling Security</name>
@@ -37,9 +37,9 @@
</description>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.security-1.0.12</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.security-1.0.12</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.security-1.0.12</url>
</scm>
<build>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 03/15: Use latest parent pom
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 66f4cf3957241ebb7529e0fa1e8d16146b2771fb
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Mon Apr 27 16:34:19 2015 +0000
Use latest parent pom
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1676331 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 613de9e..a20e9bb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>16</version>
+ <version>22</version>
</parent>
<artifactId>org.apache.sling.security</artifactId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 01/15: [maven-release-plugin]
prepare for next development iteration
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 1bbc61c60244af1650d9d0f3d6bdd2ed94fc03cb
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Thu Apr 2 10:02:56 2015 +0000
[maven-release-plugin] prepare for next development iteration
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1670874 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index df89ee7..bc766b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
</parent>
<artifactId>org.apache.sling.security</artifactId>
- <version>1.0.10</version>
+ <version>1.0.11-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>Apache Sling Security</name>
@@ -36,9 +36,9 @@
</description>
<scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/sling/tags/org.apache.sling.security-1.0.10</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/tags/org.apache.sling.security-1.0.10</developerConnection>
- <url>http://svn.apache.org/viewvc/sling/tags/org.apache.sling.security-1.0.10</url>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security</developerConnection>
+ <url>http://svn.apache.org/viewvc/sling/trunk/contrib/extensions/security</url>
</scm>
<build>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 02/15: Remove duplicate dependency
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit b53e8197b38c7013972b908fdb0768e2868a78bb
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Fri Apr 24 06:53:58 2015 +0000
Remove duplicate dependency
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1675796 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 4 ----
1 file changed, 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index bc766b6..613de9e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,10 +104,6 @@
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</dependency>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 13/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit ffbe306a1a48ced6908346f791c37cc5efa72ebc
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Wed Jul 29 10:09:42 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1693233 13f79535-47bb-0310-9956-ffa450edef68
---
.../security/impl/ContentDispositionFilter.java | 67 +++++++----
.../impl/ContentDispositionFilterTest.java | 123 ++++++++++++++++++++-
2 files changed, 166 insertions(+), 24 deletions(-)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 9eccb06..985d263 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -67,6 +67,13 @@ public class ContentDispositionFilter implements Filter {
"Invalid entries are logged and ignored."
, unbounded = PropertyUnbounded.ARRAY, value = { "" })
private static final String PROP_CONTENT_DISPOSTION_PATHS = "sling.content.disposition.paths";
+
+ private static final boolean DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS = false;
+ @Property(boolValue = DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS ,
+ label = "Enable Content Disposition for all paths",
+ description ="This flag controls whether to enable" +
+ " Content Disposition for all paths.")
+ private static final String PROP_ENABLE_CONTENT_DISPOSTION_ALL_PATHS = "sling.content.disposition.all.paths";
/**
* Set of paths
@@ -80,6 +87,8 @@ public class ContentDispositionFilter implements Filter {
private Map<String, Set<String>> contentTypesMapping;
+ private boolean enableContentDispositionAllPaths;
+
@Activate
private void activate(final ComponentContext ctx) {
final Dictionary props = ctx.getProperties();
@@ -131,8 +140,10 @@ public class ContentDispositionFilter implements Filter {
contentDispositionPathsPfx = pfxs.toArray(new String[pfxs.size()]);
contentTypesMapping = contentTypesMap.isEmpty()?Collections.<String, Set<String>>emptyMap(): contentTypesMap;
- logger.info("Initialized. content disposition paths: {}, content disposition paths-pfx {}", new Object[]{
- contentDispositionPaths, contentDispositionPathsPfx}
+ enableContentDispositionAllPaths = PropertiesUtil.toBoolean(props.get(PROP_ENABLE_CONTENT_DISPOSTION_ALL_PATHS),DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS);
+
+ logger.info("Initialized. content disposition paths: {}, content disposition paths-pfx {}. Enable Content Disposition for all paths is set to {}", new Object[]{
+ contentDispositionPaths, contentDispositionPathsPfx, enableContentDispositionAllPaths}
);
}
@@ -203,33 +214,40 @@ public class ContentDispositionFilter implements Filter {
}
request.setAttribute(ATTRIBUTE_NAME, type);
Resource resource = request.getResource();
- String resourcePath = resource.getPath();
- if (contentDispositionPaths.contains(resourcePath)) {
+ if (enableContentDispositionAllPaths) {
+ setContentDisposition(resource);
+ } else {
+ String resourcePath = resource.getPath();
- if (contentTypesMapping.containsKey(resourcePath)) {
- Set <String> exceptions = contentTypesMapping.get(resourcePath);
- if (!exceptions.contains(type)) {
- setContentDisposition(resource);
- }
- } else {
- setContentDisposition(resource);
- }
- }
-
- for (String path : contentDispositionPathsPfx) {
- if (resourcePath.startsWith(path)) {
- if (contentTypesMapping.containsKey(path)) {
- Set <String> exceptions = contentTypesMapping.get(path);
+ boolean contentDispositionAdded = false;
+ if (contentDispositionPaths.contains(resourcePath)) {
+
+ if (contentTypesMapping.containsKey(resourcePath)) {
+ Set <String> exceptions = contentTypesMapping.get(resourcePath);
if (!exceptions.contains(type)) {
- setContentDisposition(resource);
- break;
+ contentDispositionAdded = setContentDisposition(resource);
}
} else {
- setContentDisposition(resource);
- break;
+ contentDispositionAdded = setContentDisposition(resource);
}
+ }
+ if (!contentDispositionAdded) {
+ for (String path : contentDispositionPathsPfx) {
+ if (resourcePath.startsWith(path)) {
+ if (contentTypesMapping.containsKey(path)) {
+ Set <String> exceptions = contentTypesMapping.get(path);
+ if (!exceptions.contains(type)) {
+ setContentDisposition(resource);
+ break;
+ }
+ } else {
+ setContentDisposition(resource);
+ break;
+ }
+ }
+ }
}
}
super.setContentType(type);
@@ -237,10 +255,13 @@ public class ContentDispositionFilter implements Filter {
//---------- PRIVATE METHODS ---------
- private void setContentDisposition(Resource resource) {
+ private boolean setContentDisposition(Resource resource) {
+ boolean contentDispositionAdded = false;
if (!this.containsHeader(CONTENT_DISPOSTION) && this.isJcrData(resource)) {
this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
+ contentDispositionAdded = true;
}
+ return contentDispositionAdded;
}
private boolean isJcrData(Resource resource){
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index abc2c4f..aaf9ddb 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -869,7 +869,8 @@ public class ContentDispositionFilterTest {
rewriterResponse.setContentType("text/html");
rewriterResponse.setContentType("text/html");
Assert.assertEquals(1, counter.intValue());
- }
+ }
+
/**
* Test repeated setContentType calls don't add multiple headers, case 2 changing mime type
* @throws Throwable
@@ -933,6 +934,126 @@ public class ContentDispositionFilterTest {
Assert.assertEquals(1, counter.intValue());
}
+
+ @Test
+ public void test_doFilter17() throws Throwable{
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
+ contentDispositionFilter = new ContentDispositionFilter();
+
+ final ComponentContext ctx = context.mock(ComponentContext.class);
+ final Dictionary props = new Hashtable<String, String[]>();
+ props.put("sling.content.disposition.paths", new String []{"/content/usergenerated"});
+ props.put("sling.content.disposition.all.paths", false);
+
+ context.checking(new Expectations() {
+ {
+ allowing(ctx).getProperties();
+ will(returnValue(props));
+
+ }
+ });
+ PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
+
+ context.checking(new Expectations() {
+ {
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(true));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue("text/html"));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/xml");
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
+ will(returnValue("/content/other"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
+ allowing(response).setContentType("text/html");
+ allowing(response).setContentType("text/xml");
+ //CONTENT DISPOSITION IS NOT SET
+ never(response).addHeader("Content-Disposition", "attachment");
+ }
+ });
+ rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(0, counter.intValue());
+ }
+
+
+ @Test
+ public void test_doFilter18() throws Throwable{
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
+ contentDispositionFilter = new ContentDispositionFilter();
+
+ final ComponentContext ctx = context.mock(ComponentContext.class);
+ final Dictionary props = new Hashtable<String, String[]>();
+ props.put("sling.content.disposition.paths", new String []{"/content/usergenerated"});
+ props.put("sling.content.disposition.all.paths", true);
+
+ context.checking(new Expectations() {
+ {
+ allowing(ctx).getProperties();
+ will(returnValue(props));
+
+ }
+ });
+ PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
+
+ context.checking(new Expectations() {
+ {
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
+ exactly(1).of(response).containsHeader("Content-Disposition");
+ will(returnValue(true));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue(null));
+ exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
+ will(returnValue("text/html"));
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/xml");
+ allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
+ will(returnValue("/content/other"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
+ allowing(response).setContentType("text/html");
+ allowing(response).setContentType("text/xml");
+ //CONTENT DISPOSITION IS SET
+ exactly(1).of(response).addHeader("Content-Disposition", "attachment");
+ }
+ });
+ rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(1, counter.intValue());
+ }
+
@Test
public void test_isJcrData1() throws Throwable {
contentDispositionFilter = new ContentDispositionFilter();
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 11/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 19b203401a46340ad875988197003aa4f13295b4
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Tue Jul 28 08:23:40 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1693028 13f79535-47bb-0310-9956-ffa450edef68
---
.../security/impl/ContentDispositionFilter.java | 29 +++++
.../impl/ContentDispositionFilterTest.java | 137 +++++++++++++++++++++
2 files changed, 166 insertions(+)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 8da627a..9b72674 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -25,12 +25,14 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.PropertyUnbounded;
@@ -39,6 +41,8 @@ import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.wrappers.SlingHttpServletResponseWrapper;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.service.component.ComponentContext;
@@ -173,6 +177,10 @@ public class ContentDispositionFilter implements Filter {
private static final String CONTENT_DISPOSTION_ATTACHMENT = "attachment";
+ private static final String PROP_JCR_DATA = "jcr:data";
+
+ private static final String JCR_CONTENT_LEAF = "jcr:content";
+
static final String ATTRIBUTE_NAME =
"org.apache.sling.security.impl.ContentDispositionFilter.RewriterResponse.contentType";
@@ -226,10 +234,31 @@ public class ContentDispositionFilter implements Filter {
super.setContentType(type);
}
+ //---------- PRIVATE METHODS ---------
+
private void setContentDisposition() {
if (!this.containsHeader(CONTENT_DISPOSTION)) {
this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
}
}
+
+ private boolean isJcrData(Resource resource){
+ boolean jcrData = false;
+ if (resource!= null) {
+ ValueMap props = resource.adaptTo(ValueMap.class);
+ if (props.containsKey(PROP_JCR_DATA) ) {
+ jcrData = true;
+ } else {
+ Resource jcrContent = resource.getChild(JCR_CONTENT_LEAF);
+ if (jcrContent!= null) {
+ props = jcrContent.adaptTo(ValueMap.class);
+ if (props.containsKey(PROP_JCR_DATA) ) {
+ jcrData = true;
+ }
+ }
+ }
+ }
+ return jcrData;
+ }
}
}
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 17614aa..51b6477 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -26,6 +26,8 @@ import junitx.util.PrivateAccessor;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.security.impl.ContentDispositionFilter.RewriterResponse;
import org.jmock.Expectations;
import org.jmock.Mockery;
@@ -38,6 +40,10 @@ public class ContentDispositionFilterTest {
private ContentDispositionFilter contentDispositionFilter;
private final Mockery context = new JUnit4Mockery();
+
+ private static final String PROP_JCR_DATA = "jcr:data";
+
+ private static final String JCR_CONTENT_LEAF = "jcr:content";
@Test
public void test_activator1() throws Throwable{
@@ -842,4 +848,135 @@ public class ContentDispositionFilterTest {
rewriterResponse.setContentType("text/xml");
Assert.assertEquals(1, counter.intValue());
}
+
+ @Test
+ public void test_isJcrData1() throws Throwable {
+ contentDispositionFilter = new ContentDispositionFilter();
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = null;
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData", new Class[]{Resource.class},new Object[]{resource});
+
+ Assert.assertFalse(result);
+ }
+
+ @Test
+ public void test_isJcrData2() throws Throwable {
+ contentDispositionFilter = new ContentDispositionFilter();
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+
+ final Resource resource = context.mock(Resource.class);
+ final ValueMap properties = context.mock(ValueMap.class);
+
+ context.checking(new Expectations() {
+ {
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
+ }
+ });
+
+ Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData", new Class[]{Resource.class},new Object[]{resource});
+
+ Assert.assertTrue(result);
+ }
+
+ @Test
+ public void test_isJcrData3() throws Throwable {
+ contentDispositionFilter = new ContentDispositionFilter();
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+
+ final Resource resource = context.mock(Resource.class);
+ final ValueMap properties = context.mock(ValueMap.class);
+
+ context.checking(new Expectations() {
+ {
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(false));
+ allowing(resource).getChild(JCR_CONTENT_LEAF);
+ will(returnValue(null));
+ }
+ });
+
+ Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData", new Class[]{Resource.class},new Object[]{resource});
+
+ Assert.assertFalse(result);
+ }
+
+ @Test
+ public void test_isJcrData4() throws Throwable {
+ contentDispositionFilter = new ContentDispositionFilter();
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ final Resource child = context.mock(Resource.class, "child");
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
+ final ValueMap childPropoerties = context.mock(ValueMap.class, "childPropoerties");
+
+
+ context.checking(new Expectations() {
+ {
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(false));
+ allowing(resource).getChild(JCR_CONTENT_LEAF);
+ will(returnValue(child));
+ allowing(child).adaptTo(ValueMap.class);
+ will(returnValue(childPropoerties));
+ allowing(childPropoerties).containsKey(PROP_JCR_DATA);
+ will(returnValue(false));
+ }
+ });
+
+ Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData", new Class[]{Resource.class},new Object[]{resource});
+
+ Assert.assertFalse(result);
+ }
+
+ @Test
+ public void test_isJcrData5() throws Throwable {
+ contentDispositionFilter = new ContentDispositionFilter();
+ final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+ final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+
+ final Resource child = context.mock(Resource.class, "child");
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
+ final ValueMap childPropoerties = context.mock(ValueMap.class, "childPropoerties");
+
+
+ context.checking(new Expectations() {
+ {
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(false));
+ allowing(resource).getChild(JCR_CONTENT_LEAF);
+ will(returnValue(child));
+ allowing(child).adaptTo(ValueMap.class);
+ will(returnValue(childPropoerties));
+ allowing(childPropoerties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
+ }
+ });
+
+ Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData", new Class[]{Resource.class},new Object[]{resource});
+
+ Assert.assertTrue(result);
+ }
}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 04/15: Update contrib modules to
Parent 23
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 19340b95dae04c9808da1977ff08065b2b38c432
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Thu Jun 25 13:10:59 2015 +0000
Update contrib modules to Parent 23
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1687503 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a20e9bb..80acd38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>22</version>
+ <version>23</version>
</parent>
<artifactId>org.apache.sling.security</artifactId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 05/15: set parent version to 24
and add empty relativePath where missing
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 9f722df8f732ba09f634fbb9c8440d5c4380e80e
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Tue Jul 7 07:36:29 2015 +0000
set parent version to 24 and add empty relativePath where missing
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1689588 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 80acd38..d13f6ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,8 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>23</version>
+ <version>24</version>
+ <relativePath/>
</parent>
<artifactId>org.apache.sling.security</artifactId>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 07/15: SLING-4604 - Multiple
Content-Disposition headers added
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 11ae6ca90d90dffadd135f45c74e111790cc1e79
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Mon Jul 20 08:34:23 2015 +0000
SLING-4604 - Multiple Content-Disposition headers added
* formatting
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1691886 13f79535-47bb-0310-9956-ffa450edef68
---
.../java/org/apache/sling/security/impl/ContentDispositionFilter.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 9c0999d..93aa4c7 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -228,8 +228,8 @@ public class ContentDispositionFilter implements Filter {
private void setContentDisposition() {
if (!this.containsHeader(CONTENT_DISPOSTION)) {
- this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
+ this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
+ }
}
}
}
-}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-security] 12/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 25c57332507f918b153897cab7d9b7c9929c0d18
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Tue Jul 28 09:22:19 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1693046 13f79535-47bb-0310-9956-ffa450edef68
---
.../security/impl/ContentDispositionFilter.java | 25 ++---
.../impl/ContentDispositionFilterTest.java | 118 ++++++++++++++++++---
2 files changed, 114 insertions(+), 29 deletions(-)
diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 9b72674..9eccb06 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -202,30 +202,31 @@ public class ContentDispositionFilter implements Filter {
return;
}
request.setAttribute(ATTRIBUTE_NAME, type);
+ Resource resource = request.getResource();
+ String resourcePath = resource.getPath();
+
+ if (contentDispositionPaths.contains(resourcePath)) {
- String pathInfo = request.getPathInfo();
- if (contentDispositionPaths.contains(pathInfo)) {
-
- if (contentTypesMapping.containsKey(pathInfo)) {
- Set <String> exceptions = contentTypesMapping.get(pathInfo);
+ if (contentTypesMapping.containsKey(resourcePath)) {
+ Set <String> exceptions = contentTypesMapping.get(resourcePath);
if (!exceptions.contains(type)) {
- setContentDisposition();
+ setContentDisposition(resource);
}
} else {
- setContentDisposition();
+ setContentDisposition(resource);
}
}
for (String path : contentDispositionPathsPfx) {
- if (request.getPathInfo().startsWith(path)) {
+ if (resourcePath.startsWith(path)) {
if (contentTypesMapping.containsKey(path)) {
Set <String> exceptions = contentTypesMapping.get(path);
if (!exceptions.contains(type)) {
- setContentDisposition();
+ setContentDisposition(resource);
break;
}
} else {
- setContentDisposition();
+ setContentDisposition(resource);
break;
}
@@ -236,8 +237,8 @@ public class ContentDispositionFilter implements Filter {
//---------- PRIVATE METHODS ---------
- private void setContentDisposition() {
- if (!this.containsHeader(CONTENT_DISPOSTION)) {
+ private void setContentDisposition(Resource resource) {
+ if (!this.containsHeader(CONTENT_DISPOSTION) && this.isJcrData(resource)) {
this.addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
}
}
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 51b6477..abc2c4f 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -213,6 +213,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter1() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -234,7 +236,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -249,6 +253,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter2() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -270,7 +275,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -284,6 +291,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter3() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -303,7 +312,7 @@ public class ContentDispositionFilterTest {
final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
public void addHeader(String name, String value) {
counter.incrementAndGet();
- }
+ }
};
context.checking(new Expectations() {
@@ -313,8 +322,14 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -328,6 +343,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter4() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -349,7 +365,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -364,6 +382,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter5() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -392,8 +412,14 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -407,6 +433,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter6() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -435,8 +463,14 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -450,6 +484,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter7() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -471,7 +506,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -486,6 +523,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter8() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -507,7 +545,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -521,6 +561,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter9() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -542,7 +583,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -556,6 +599,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter10() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -584,8 +629,14 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "image/jpeg");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("image/jpeg");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -599,6 +650,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter11() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -620,7 +672,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/libs"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -635,6 +689,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter12() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -656,7 +711,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -670,6 +727,7 @@ public class ContentDispositionFilterTest {
public void test_doFilter13() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -691,7 +749,9 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION MUST NOT SET
@@ -705,6 +765,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter14() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -734,8 +796,14 @@ public class ContentDispositionFilterTest {
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "image/jpeg");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated/author"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("image/jpeg");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -753,6 +821,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter15() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -783,8 +853,14 @@ public class ContentDispositionFilterTest {
exactly(1).of(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue("text/html"));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
@@ -802,6 +878,8 @@ public class ContentDispositionFilterTest {
public void test_doFilter16() throws Throwable{
final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);
+ final Resource resource = context.mock(Resource.class, "resource" );
+ final ValueMap properties = context.mock(ValueMap.class);
contentDispositionFilter = new ContentDispositionFilter();
final ComponentContext ctx = context.mock(ComponentContext.class);
@@ -836,8 +914,14 @@ public class ContentDispositionFilterTest {
will(returnValue("text/html"));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/xml");
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
- allowing(request).getPathInfo();
+ allowing(request).getResource();
+ will(returnValue(resource));
+ allowing(resource).getPath();
will(returnValue("/content/usergenerated"));
+ allowing(resource).adaptTo(ValueMap.class);
+ will(returnValue(properties));
+ allowing(properties).containsKey(PROP_JCR_DATA);
+ will(returnValue(true));
allowing(response).setContentType("text/html");
allowing(response).setContentType("text/xml");
//CONTENT DISPOSITION IS SET
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.