You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by mg...@apache.org on 2014/03/13 11:09:06 UTC
git commit: WICKET-5522 Failing HTTPS redirect to RequireHttps annotated pages with ONE_PASS_RENDER strategy

Repository: wicket
Updated Branches:
  refs/heads/wicket-6.x 98825c887 -> 625470588


WICKET-5522 Failing HTTPS redirect to RequireHttps annotated pages with ONE_PASS_RENDER strategy


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/62547058
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/62547058
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/62547058

Branch: refs/heads/wicket-6.x
Commit: 625470588754680d6b256473e8f218c981a0808c
Parents: 98825c8
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Thu Mar 13 12:08:35 2014 +0200
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Thu Mar 13 12:08:35 2014 +0200

----------------------------------------------------------------------
 .../request/handler/render/WebPageRenderer.java | 24 ++++++++++-
 .../handler/render/WebPageRendererTest.java     | 43 +++++++++++++++++++-
 2 files changed, 65 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/62547058/wicket-core/src/main/java/org/apache/wicket/request/handler/render/WebPageRenderer.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/request/handler/render/WebPageRenderer.java b/wicket-core/src/main/java/org/apache/wicket/request/handler/render/WebPageRenderer.java
index c641b58..75bc5d7 100644
--- a/wicket-core/src/main/java/org/apache/wicket/request/handler/render/WebPageRenderer.java
+++ b/wicket-core/src/main/java/org/apache/wicket/request/handler/render/WebPageRenderer.java
@@ -33,6 +33,7 @@ import org.apache.wicket.request.component.IRequestablePage;
 import org.apache.wicket.request.cycle.RequestCycle;
 import org.apache.wicket.request.http.WebRequest;
 import org.apache.wicket.request.http.WebResponse;
+import org.apache.wicket.util.lang.Objects;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -200,7 +201,8 @@ public class WebPageRenderer extends PageRenderer
 			// if there is saved response for this URL render it
 			bufferedResponse.writeTo((WebResponse)requestCycle.getResponse());
 		}
-		else if (isAjax == false && (//
+		else if ((isAjax == false)
+					&& (compatibleProtocols(currentUrl.getProtocol(), targetUrl.getProtocol())) && (//
 							getRedirectPolicy() == RedirectPolicy.NEVER_REDIRECT //
 						|| (isOnePassRender() && getRedirectPolicy() != RedirectPolicy.ALWAYS_REDIRECT) //
 						|| ((targetUrl.equals(currentUrl) && !getPageProvider().isNewPageInstance() && !getPage()
@@ -318,4 +320,24 @@ public class WebPageRenderer extends PageRenderer
 			}
 		}
 	}
+
+	/**
+	 * Compares the protocols of two {@link Url}s
+	 *
+	 * @param p1
+	 *      the first protocol
+	 * @param p2
+	 *      the second protocol
+	 * @return {@code false} if the protocols are both non-null and not equal,
+	 *          {@code true} - otherwise
+	 */
+	protected boolean compatibleProtocols(String p1, String p2)
+	{
+		if (p1 != null && p2 != null)
+		{
+			return Objects.equal(p1, p2);
+		}
+
+		return true;
+	}
 }

http://git-wip-us.apache.org/repos/asf/wicket/blob/62547058/wicket-core/src/test/java/org/apache/wicket/request/handler/render/WebPageRendererTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/request/handler/render/WebPageRendererTest.java b/wicket-core/src/test/java/org/apache/wicket/request/handler/render/WebPageRendererTest.java
index 3c6ce7e..2200b14 100644
--- a/wicket-core/src/test/java/org/apache/wicket/request/handler/render/WebPageRendererTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/request/handler/render/WebPageRendererTest.java
@@ -46,7 +46,7 @@ import org.junit.Test;
 /**
  * Tests for the calculation whether or not to redirect or directly render a page
  */
-public class WebPageRendererTest
+public class WebPageRendererTest extends Assert
 {
 
 	private RenderPageRequestHandler handler;
@@ -112,6 +112,47 @@ public class WebPageRendererTest
 	}
 
 	/**
+	 * Tests that when {@link IRequestCycleSettings.RenderStrategy#ONE_PASS_RENDER} is configured
+	 * there will be a redirect issued if the protocols of the current and target urls
+	 * are different
+	 *
+	 * https://issues.apache.org/jira/browse/WICKET-5522
+	 */
+	@Test
+	public void testOnePassRenderDifferentProtocols()
+	{
+		final AtomicBoolean responseBuffered = new AtomicBoolean(false);
+
+		PageRenderer renderer = new TestPageRenderer(handler)
+		{
+			@Override
+			protected boolean isOnePassRender()
+			{
+				return true;
+			}
+
+			@Override
+			protected void storeBufferedResponse(Url url, BufferedWebResponse response)
+			{
+				responseBuffered.set(true);
+			}
+		};
+
+		// uses HTTPS
+		when(urlRenderer.getBaseUrl()).thenReturn(Url.parse("https://host/base"));
+
+		when(requestCycle.mapUrlFor(eq(handler))).thenReturn(Url.parse("http://host/base/a"));
+
+		when(request.shouldPreserveClientUrl()).thenReturn(false);
+
+		renderer.respond(requestCycle);
+
+		verify(response, never()).write(any(byte[].class));
+		verify(response).sendRedirect(anyString());
+		assertTrue(responseBuffered.get());
+	}
+
+	/**
 	 * Tests that even when {@link IRequestCycleSettings.RenderStrategy#ONE_PASS_RENDER} is
 	 * configured but the {@link RedirectPolicy} says that it needs to redirect it will redirect.
 	 */