You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2012/12/05 14:33:12 UTC
svn commit: r1417415 - in
/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal:
SlingServletResolver.java helper/AbstractResourceCollector.java
helper/NamedScriptResourceCollector.java
Author: fmeschbe
Date: Wed Dec 5 13:33:11 2012
New Revision: 1417415
URL: http://svn.apache.org/viewvc?rev=1417415&view=rev
Log:
Add JavaDoc on isPathAllowed method and normalize paths before checking whether they are allowed
Modified:
sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java
sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java
sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java
Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java?rev=1417415&r1=1417414&r2=1417415&view=diff
==============================================================================
--- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java (original)
+++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java Wed Dec 5 13:33:11 2012
@@ -364,8 +364,9 @@ public class SlingServletResolver
// first check whether the type of a resource is the absolute
// path of a servlet (or script)
if (scriptName.charAt(0) == '/') {
- if ( this.isPathAllowed(scriptName) ) {
- final Resource res = resolver.getResource(scriptName);
+ final String scriptPath = ResourceUtil.normalize(scriptName);
+ if ( this.isPathAllowed(scriptPath) ) {
+ final Resource res = resolver.getResource(scriptPath);
if (res != null) {
servlet = res.adaptTo(Servlet.class);
}
@@ -399,8 +400,9 @@ public class SlingServletResolver
SlingScript script = null;
if (name.startsWith("/")) {
- if ( this.isPathAllowed(name) ) {
- final Resource resource = resourceResolver.getResource(name);
+ final String path = ResourceUtil.normalize(name);
+ if ( this.isPathAllowed(path) ) {
+ final Resource resource = resourceResolver.getResource(path);
if (resource != null) {
script = resource.adaptTo(SlingScript.class);
}
@@ -410,7 +412,7 @@ public class SlingServletResolver
// relative script resolution against search path
final String[] path = resourceResolver.getSearchPath();
for (int i = 0; script == null && i < path.length; i++) {
- final String scriptPath = path[i] + name;
+ final String scriptPath = ResourceUtil.normalize(path[i] + name);
if ( this.isPathAllowed(scriptPath) ) {
final Resource resource = resourceResolver.getResource(scriptPath);
if (resource != null) {
@@ -579,12 +581,12 @@ public class SlingServletResolver
// first check whether the type of a resource is the absolute
// path of a servlet (or script)
if (type.charAt(0) == '/') {
- if ( this.isPathAllowed(type) ) {
- String path = type;
+ String scriptPath = ResourceUtil.normalize(type);
+ if ( this.isPathAllowed(scriptPath) ) {
if ( workspaceName != null ) {
- path = workspaceName + ':' + type;
+ scriptPath = workspaceName + ':' + type;
}
- final Resource res = resolver.getResource(path);
+ final Resource res = resolver.getResource(scriptPath);
if (res != null) {
servlet = res.adaptTo(Servlet.class);
}
Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java?rev=1417415&r1=1417414&r2=1417415&view=diff
==============================================================================
--- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java (original)
+++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java Wed Dec 5 13:33:11 2012
@@ -191,23 +191,46 @@ public abstract class AbstractResourceCo
/**
* This method checks whether a path is allowed to be executed.
+ *
+ * @param path The path to check (must not be {@code null} or empty)
+ * @param executionPaths The path to check against
+ * @return {@code true} if the executionPaths is {@code null} or empty or if
+ * the path equals one entry or one of the executionPaths entries is
+ * a prefix to the path. Otherwise or if path is {@code null}
+ * {@code false} is returned.
*/
public static boolean isPathAllowed(final String path, final String[] executionPaths) {
- if ( executionPaths == null ) {
+ if (executionPaths == null || executionPaths.length == 0) {
+ SlingServletResolver.LOGGER.debug("Accepting servlet at '{}' as there are no configured execution paths.",
+ path);
return true;
}
- for(final String config : executionPaths ) {
- if ( config.endsWith("/") ) {
- if ( path.startsWith(config) ) {
+
+ if (path == null || path.length() == 0) {
+ SlingServletResolver.LOGGER.debug("Ignoring servlet with empty path.");
+ return false;
+ }
+
+ for (final String config : executionPaths) {
+ if (config.endsWith("/")) {
+ if (path.startsWith(config)) {
+ SlingServletResolver.LOGGER.debug(
+ "Accepting servlet at '{}' as the path is prefixed with configured execution path '{}'.", path,
+ config);
return true;
}
- } else if ( path.equals(config) ) {
+ } else if (path.equals(config)) {
+ SlingServletResolver.LOGGER.debug(
+ "Accepting servlet at '{}' as the path equals configured execution path '{}'.", path, config);
return true;
}
}
- if ( SlingServletResolver.LOGGER.isDebugEnabled() ) {
- SlingServletResolver.LOGGER.debug("Ignoring servlet at '{}' as the path is not in the configured execution paths.", path);
+
+ if (SlingServletResolver.LOGGER.isDebugEnabled()) {
+ SlingServletResolver.LOGGER.debug(
+ "Ignoring servlet at '{}' as the path is not in the configured execution paths.", path);
}
+
return false;
}
Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java?rev=1417415&r1=1417414&r2=1417415&view=diff
==============================================================================
--- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java (original)
+++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java Wed Dec 5 13:33:11 2012
@@ -88,7 +88,7 @@ public class NamedScriptResourceCollecto
final ResourceResolver resolver = location.getResourceResolver();
// if extension is set, we first check for an exact script match
if ( this.extension != null ) {
- final String path = location.getPath() + '/' + this.scriptName;
+ final String path = ResourceUtil.normalize(location.getPath() + '/' + this.scriptName);
if ( this.isPathAllowed(path) ) {
final Resource current = resolver.getResource(path);
if ( current != null ) {