You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:13:39 UTC
[sling-org-apache-sling-security] 09/15: SLING-4883 - Extend
content disposition filter protection to jcr:data
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.security-1.0.12
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit e9d32c81f974d3eada419ea17829165100303ca0
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Mon Jul 20 12:13:30 2015 +0000
SLING-4883 - Extend content disposition filter protection to jcr:data
* unit tests
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1691919 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ContentDispositionFilterTest.java | 40 ++++++++++++++++++----
1 file changed, 34 insertions(+), 6 deletions(-)
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index 2bde7d4..17614aa 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -424,18 +424,20 @@ public class ContentDispositionFilterTest {
context.checking(new Expectations() {
{
+ allowing(response).containsHeader("Content-Disposition");
+ will(returnValue(false));
allowing(request).getAttribute(RewriterResponse.ATTRIBUTE_NAME);
will(returnValue(null));
allowing(request).setAttribute(RewriterResponse.ATTRIBUTE_NAME, "text/html");
allowing(request).getPathInfo();
- will(returnValue("/content/usergenerated"));
+ will(returnValue("/content/usergenerated/"));
allowing(response).setContentType("text/html");
//CONTENT DISPOSITION IS SET
exactly(1).of(response).addHeader("Content-Disposition", "attachment");
}
});
rewriterResponse.setContentType("text/html");
- //Assert.assertEquals(1, counter.intValue());
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -562,7 +564,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -579,6 +586,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("image/jpeg");
+ Assert.assertEquals(1, counter.intValue());
}
@Test
@@ -705,7 +713,13 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
context.checking(new Expectations() {
{
@@ -722,6 +736,7 @@ public class ContentDispositionFilterTest {
}
});
rewriterResponse.setContentType("image/jpeg");
+ Assert.assertEquals(1, counter.intValue());
}
/**
@@ -746,7 +761,12 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
context.checking(new Expectations() {
{
@@ -766,6 +786,7 @@ public class ContentDispositionFilterTest {
});
rewriterResponse.setContentType("text/html");
rewriterResponse.setContentType("text/html");
+ Assert.assertEquals(1, counter.intValue());
}
/**
* Test repeated setContentType calls don't add multiple headers, case 2 changing mime type
@@ -789,7 +810,13 @@ public class ContentDispositionFilterTest {
}
});
PrivateAccessor.invoke(contentDispositionFilter,"activate", new Class[]{ComponentContext.class},new Object[]{ctx});
- final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+ final AtomicInteger counter = new AtomicInteger();
+ final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response) {
+ public void addHeader(String name, String value) {
+ counter.incrementAndGet();
+ }
+ };
+
context.checking(new Expectations() {
{
@@ -813,5 +840,6 @@ public class ContentDispositionFilterTest {
});
rewriterResponse.setContentType("text/html");
rewriterResponse.setContentType("text/xml");
+ Assert.assertEquals(1, counter.intValue());
}
}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.