You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by et...@apache.org on 2008/09/26 20:33:06 UTC
svn commit: r699448 - in /incubator/shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/
main/java/org/apache/shindig/gadgets/render/
main/java/org/apache/shindig/gadgets/servlet/
test/java/org/apache/shindig/gadgets/ test/java/org/apa...
Author: etnu
Date: Fri Sep 26 11:33:06 2008
New Revision: 699448
URL: http://svn.apache.org/viewvc?rev=699448&view=rev
Log:
Re-enabled locked domain, and ensured that locked domain is properly enforced for any render against it.
Also simplified the valid hosts for open proxy. The open proxy will now be valid for any host that doesn't match a locked domain.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/GadgetContext.java Fri Sep 26 11:33:06 2008
@@ -81,6 +81,13 @@
}
/**
+ * @return The host for which the current request is being made.
+ */
+ public String getHost() {
+ return null;
+ }
+
+ /**
* @return Whether or not to show debug output.
*/
public boolean getDebug() {
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java Fri Sep 26 11:33:06 2008
@@ -19,8 +19,9 @@
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.util.Base32;
-import org.apache.shindig.gadgets.spec.Feature;
+import org.apache.shindig.gadgets.spec.GadgetSpec;
+import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.google.inject.name.Named;
@@ -28,9 +29,8 @@
import org.apache.commons.codec.digest.DigestUtils;
import java.util.Collection;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
+import java.util.logging.Logger;
/**
* Locked domain implementation based on sha1.
@@ -43,43 +43,37 @@
*/
@Singleton
public class HashLockedDomainService implements LockedDomainService {
-
- private final ContainerConfig config;
-
- private final String embedHost;
-
+ private static final Logger LOG = Logger.getLogger(HashLockedDomainService.class.getName());
private final boolean enabled;
+ private final Map<String, String> lockedSuffixes;
+ private final Map<String, Boolean> required;
- private final Set<String> suffixes;
-
- private GadgetReader gadgetReader = new GadgetReader();
-
- public static final String LOCKED_DOMAIN_REQUIRED_KEY =
- "gadgets.lockedDomainRequired";
-
- public static final String LOCKED_DOMAIN_SUFFIX_KEY =
- "gadgets.lockedDomainSuffix";
+ public static final String LOCKED_DOMAIN_REQUIRED_KEY = "gadgets.lockedDomainRequired";
+ public static final String LOCKED_DOMAIN_SUFFIX_KEY = "gadgets.lockedDomainSuffix";
/**
* Create a LockedDomainService
* @param config per-container configuration
- * @param embedHost host name to use for embedded content
* @param enabled whether this service should do anything at all.
*/
@Inject
- public HashLockedDomainService(
- ContainerConfig config,
- @Named("shindig.locked-domain.embed-host")String embedHost,
- @Named("shindig.locked-domain.enabled")boolean enabled) {
- this.config = config;
- this.embedHost = embedHost;
+ public HashLockedDomainService(ContainerConfig config,
+ @Named("shindig.locked-domain.enabled") boolean enabled) {
this.enabled = enabled;
- suffixes = new HashSet<String>();
+ lockedSuffixes = Maps.newHashMap();
+ required = Maps.newHashMap();
Collection<String> containers = config.getContainers();
if (enabled) {
for (String container : containers) {
String suffix = config.get(container, LOCKED_DOMAIN_SUFFIX_KEY);
- suffixes.add(suffix);
+ if (suffix == null) {
+ LOG.warning("No locked domain configuration for " + container);
+ } else {
+ lockedSuffixes.put(container, suffix);
+ }
+
+ String require = config.get(container, LOCKED_DOMAIN_REQUIRED_KEY);
+ required.put(container, "true".equals(require));
}
}
}
@@ -88,58 +82,53 @@
return enabled;
}
- public String getEmbedHost() {
- return embedHost;
- }
-
- public boolean embedCanRender(String host) {
- return (!enabled || host.endsWith(embedHost));
- }
-
- public boolean gadgetCanRender(String host, Gadget gadget, String container) {
- if (!enabled) {
- return true;
- }
- // Gadgets can opt-in to locked domains, or they can be enabled globally
- // for a particular container
- if (gadgetReader.gadgetWantsLockedDomain(gadget) ||
- containerWantsLockedDomain(container)) {
- String neededHost = getLockedDomainForGadget(
- gadgetReader.getGadgetUrl(gadget), container);
- return (neededHost.equals(host));
+ public boolean isSafeForOpenProxy(String host) {
+ if (enabled) {
+ return !hostRequiresLockedDomain(host);
}
- // Make sure gadgets that don't ask for locked domain aren't allowed
- // to render on one.
- return !gadgetUsingLockedDomain(host, gadget);
+ return true;
}
- // Simple class for dependency injection, so we don't need a full-fledged
- // Gadget mock for these test cases
- static class GadgetReader {
- protected boolean gadgetWantsLockedDomain(Gadget gadget) {
- Map<String, Feature> prefs =
- gadget.getSpec().getModulePrefs().getFeatures();
- return prefs.containsKey("locked-domain");
+ public boolean gadgetCanRender(String host, GadgetSpec gadget, String container) {
+ container = normalizeContainer(container);
+ if (enabled) {
+ if (gadgetWantsLockedDomain(gadget) ||
+ hostRequiresLockedDomain(host) ||
+ containerRequiresLockedDomain(container)) {
+ String neededHost = getLockedDomain(gadget, container);
+ return host.equals(neededHost);
+ }
}
+ return true;
+ }
- protected String getGadgetUrl(Gadget gadget) {
- return gadget.getContext().getUrl().toString();
+ public String getLockedDomainForGadget(GadgetSpec gadget, String container) {
+ container = normalizeContainer(container);
+ if (enabled) {
+ if (gadgetWantsLockedDomain(gadget) ||
+ containerRequiresLockedDomain(container)) {
+ return getLockedDomain(gadget, container);
+ }
}
+ return null;
}
- // For testing only
- void setSpecReader(GadgetReader gadgetReader) {
- this.gadgetReader = gadgetReader;
+ private String getLockedDomain(GadgetSpec gadget, String container) {
+ String suffix = lockedSuffixes.get(container);
+ if (suffix == null) {
+ return null;
+ }
+ byte[] sha1 = DigestUtils.sha(gadget.getUrl().toString());
+ String hash = new String(Base32.encodeBase32(sha1));
+ return hash + suffix;
}
- private boolean containerWantsLockedDomain(String container) {
- String required = config.get(
- container, LOCKED_DOMAIN_REQUIRED_KEY);
- return ("true".equals(required));
+ private boolean gadgetWantsLockedDomain(GadgetSpec gadget) {
+ return gadget.getModulePrefs().getFeatures().containsKey("locked-domain");
}
- private boolean gadgetUsingLockedDomain(String host, Gadget gadget) {
- for (String suffix : suffixes) {
+ private boolean hostRequiresLockedDomain(String host) {
+ for (String suffix : lockedSuffixes.values()) {
if (host.endsWith(suffix)) {
return true;
}
@@ -147,14 +136,14 @@
return false;
}
- public String getLockedDomainForGadget(String gadget, String container) {
- String suffix = config.get(container, LOCKED_DOMAIN_SUFFIX_KEY);
- if (suffix == null) {
- throw new IllegalStateException(
- "Cannot redirect to locked domain if it is not configured");
+ private boolean containerRequiresLockedDomain(String container) {
+ return required.get(container);
+ }
+
+ private String normalizeContainer(String container) {
+ if (required.containsKey(container)) {
+ return container;
}
- byte[] sha1 = DigestUtils.sha(gadget);
- String hash = new String(Base32.encodeBase32(sha1));
- return hash + suffix;
+ return ContainerConfig.DEFAULT_CONTAINER;
}
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/LockedDomainService.java Fri Sep 26 11:33:06 2008
@@ -18,6 +18,8 @@
*/
package org.apache.shindig.gadgets;
+import org.apache.shindig.gadgets.spec.GadgetSpec;
+
import com.google.inject.ImplementedBy;
/**
@@ -27,51 +29,33 @@
* modern web browsers implement a same origin policy that prevents pages served
* from different hosts from accessing each other's data.
*/
-
@ImplementedBy(HashLockedDomainService.class)
-
public interface LockedDomainService {
-
/**
- * Is locked domain enabled
- * @return true is locked domain is enabled
+ * @return True if the host is safe for use with the open proxy.
*/
- public boolean isEnabled();
+ boolean isSafeForOpenProxy(String host);
/**
- * Check whether embedded content (img src, for example) can render on
- * a particular host.
- *
- * @param host host name for rendered content
- * @return true if the content should be allowed to render
- */
- public boolean embedCanRender(String host);
-
- /**
- * Figure out where embedded content should render.
- *
- * @return host name for safe rendering of embedded content.
- */
- public String getEmbedHost();
-
- /**
- * Calculate the locked domain for a particular gadget on a particular
- * container.
- *
- * @param gadget URL of the gadget
- * @param container name of the container page
- * @return the host name on which the gadget should render
- */
- public String getLockedDomainForGadget(String gadget, String container);
-
- /**
* Check whether a gadget should be allowed to render on a particular
* host.
- *
+ *
* @param host host name for the content
* @param gadget URL of the gadget
* @param container container
* @return true if the gadget can render
*/
- public boolean gadgetCanRender(String host, Gadget gadget, String container);
+ boolean gadgetCanRender(String host, GadgetSpec gadget, String container);
+
+ /**
+ * Calculate the locked domain for a particular gadget on a particular
+ * container.
+ *
+ * @param gadget URL of the gadget
+ * @param container name of the container page
+ * @return the host name on which the gadget should render, or null if locked domain should not
+ * be used to render this gadget.
+ */
+ public String getLockedDomainForGadget(GadgetSpec gadget, String container);
+
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/render/Renderer.java Fri Sep 26 11:33:06 2008
@@ -22,8 +22,10 @@
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetContext;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.process.ProcessingException;
import org.apache.shindig.gadgets.process.Processor;
+import org.apache.shindig.gadgets.spec.GadgetSpec;
import org.apache.shindig.gadgets.spec.View;
import com.google.inject.Inject;
@@ -43,12 +45,17 @@
private final Processor processor;
private final HtmlRenderer renderer;
private final ContainerConfig containerConfig;
+ private final LockedDomainService lockedDomainService;
@Inject
- public Renderer(Processor processor, HtmlRenderer renderer, ContainerConfig containerConfig) {
+ public Renderer(Processor processor,
+ HtmlRenderer renderer,
+ ContainerConfig containerConfig,
+ LockedDomainService lockedDomainService) {
this.processor = processor;
this.renderer = renderer;
this.containerConfig = containerConfig;
+ this.lockedDomainService = lockedDomainService;
}
/**
@@ -63,17 +70,17 @@
return RenderingResults.error("Unsupported parent parameter. Check your container code.");
}
- // TODO: Locked domain.
-
try {
Gadget gadget = processor.process(context);
-
if (gadget.getCurrentView().getType() == View.ContentType.URL) {
- return RenderingResults.mustRedirect(getTypeUrlRedirect(gadget));
+ return RenderingResults.mustRedirect(getRedirect(gadget));
}
- // TODO: Validate locked domain.
+ GadgetSpec spec = gadget.getSpec();
+ if (!lockedDomainService.gadgetCanRender(context.getHost(), spec, context.getContainer())) {
+ return RenderingResults.mustRedirect(getRedirect(gadget));
+ }
return RenderingResults.ok(renderer.render(gadget));
} catch (RenderingException e) {
@@ -117,10 +124,14 @@
return false;
}
- private Uri getTypeUrlRedirect(Gadget gadget) {
- // TODO: This should probably just call UrlGenerator.getIframeUrl().
- return Uri.fromJavaUri(gadget.getCurrentView().getHref());
+ private Uri getRedirect(Gadget gadget) {
+ // TODO: This should probably just call UrlGenerator.getIframeUrl(), but really it should
+ // never happen.
+ View view = gadget.getCurrentView();
+ if (view.getType() == View.ContentType.URL) {
+ return Uri.fromJavaUri(gadget.getCurrentView().getHref());
+ }
+ // TODO
+ return null;
}
-
-
}
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/HttpGadgetContext.java Fri Sep 26 11:33:06 2008
@@ -80,6 +80,15 @@
}
@Override
+ public String getHost() {
+ String host = request.getHeader("Host");
+ if (host == null) {
+ return super.getHost();
+ }
+ return host;
+ }
+
+ @Override
public boolean getDebug() {
if (debug == null) {
return super.getDebug();
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyHandler.java Fri Sep 26 11:33:06 2008
@@ -18,10 +18,6 @@
*/
package org.apache.shindig.gadgets.servlet;
-import com.google.common.collect.Sets;
-import com.google.inject.Inject;
-import com.google.inject.Singleton;
-import org.apache.commons.io.IOUtils;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
@@ -30,14 +26,21 @@
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.rewrite.ContentRewriterRegistry;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import com.google.common.collect.Sets;
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+
+import org.apache.commons.io.IOUtils;
+
import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
* Handles open proxy requests.
*/
@@ -107,7 +110,7 @@
}
String host = request.getHeader("Host");
- if (!lockedDomainService.embedCanRender(host)) {
+ if (!lockedDomainService.isSafeForOpenProxy(host)) {
// Force embedded images and the like to their own domain to avoid XSS
// in gadget domains.
String msg = "Embed request for url " + getParameter(request, URL_PARAM, "") +
@@ -122,7 +125,7 @@
results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
}
- setResponseHeaders(request, response, results);
+ setResponseHeaders(request, response, results);
for (Map.Entry<String, List<String>> entry : results.getHeaders().entrySet()) {
String name = entry.getKey();
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/GadgetTestFixture.java Fri Sep 26 11:33:06 2008
@@ -20,20 +20,15 @@
package org.apache.shindig.gadgets;
import org.apache.shindig.common.ContainerConfig;
-import org.apache.shindig.common.cache.CacheProvider;
-import org.apache.shindig.common.cache.DefaultCacheProvider;
-import org.apache.shindig.common.testing.TestExecutorService;
import org.apache.shindig.common.util.FakeTimeSource;
import org.apache.shindig.gadgets.http.ContentFetcherFactory;
import org.apache.shindig.gadgets.http.HttpFetcher;
-import org.apache.shindig.gadgets.oauth.OAuthFetcher;
import org.apache.shindig.gadgets.rewrite.CaptureRewriter;
import org.apache.shindig.gadgets.rewrite.ContentRewriter;
import org.apache.shindig.gadgets.rewrite.ContentRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.DefaultContentRewriterRegistry;
import java.util.Arrays;
-import java.util.concurrent.ExecutorService;
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public abstract class GadgetTestFixture extends EasyMockTestCase {
@@ -43,10 +38,6 @@
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public final HttpFetcher fetcher = mock(HttpFetcher.class);
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
- public final OAuthFetcher oauthFetcher = mock(OAuthFetcher.class);
- // DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
- private final CacheProvider cacheProvider = new DefaultCacheProvider();
- // DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public final GadgetFeatureRegistry registry;
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public final ContainerConfig containerConfig = mock(ContainerConfig.class);
@@ -58,11 +49,6 @@
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public final FakeTimeSource timeSource = new FakeTimeSource();
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
- public final ExecutorService executor = new TestExecutorService();
- // DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
- public final GadgetSpecFactory specFactory = new BasicGadgetSpecFactory(
- fetcher, cacheProvider, executor, 0, 0L, 0L);
- // DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
public GadgetTestFixture() {
try {
// DO NOT ADD ANYTHING ELSE TO THIS CLASS. IT IS GOING AWAY SOON!!!
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/HashLockedDomainServiceTest.java Fri Sep 26 11:33:06 2008
@@ -25,62 +25,49 @@
import static org.easymock.EasyMock.isA;
import org.apache.shindig.common.ContainerConfig;
-import org.apache.shindig.gadgets.HashLockedDomainService.GadgetReader;
+import org.apache.shindig.gadgets.spec.GadgetSpec;
+import java.net.URI;
import java.util.Arrays;
public class HashLockedDomainServiceTest extends EasyMockTestCase {
-
- HashLockedDomainService domainLocker;
- Gadget gadget;
- FakeSpecReader wantsLocked = new FakeSpecReader(
- true, "http://somehost.com/somegadget.xml");
- FakeSpecReader noLocked = new FakeSpecReader(
- false, "http://somehost.com/somegadget.xml");
- ContainerConfig containerEnabledConfig;
- ContainerConfig containerRequiredConfig;
-
- /**
- * Mocked out spec reader, rather than mocking the whole
- * Gadget object.
- */
- public static class FakeSpecReader extends GadgetReader {
- private boolean wantsLockedDomain;
- private String gadgetUrl;
-
- public FakeSpecReader(boolean wantsLockedDomain, String gadgetUrl) {
- this.wantsLockedDomain = wantsLockedDomain;
- this.gadgetUrl = gadgetUrl;
- }
-
- @Override
- protected boolean gadgetWantsLockedDomain(Gadget gadget) {
- return wantsLockedDomain;
+ private HashLockedDomainService lockedDomainService;
+ private final GadgetSpec wantsLocked = makeSpec(true, "http://somehost.com/somegadget.xml");
+ private final GadgetSpec notLocked = makeSpec(false, "not-locked");
+ private final ContainerConfig requiredConfig = mock(ContainerConfig.class);
+ private final ContainerConfig enabledConfig = mock(ContainerConfig.class);
+
+ private static GadgetSpec makeSpec(boolean wantsLocked, String url) {
+ String gadgetXml;
+ if (wantsLocked) {
+ gadgetXml =
+ "<Module><ModulePrefs title=''>" +
+ " <Require feature='locked-domain'/>" +
+ "</ModulePrefs><Content/></Module>";
+ } else {
+ gadgetXml = "<Module><ModulePrefs title=''/><Content/></Module>";
}
- @Override
- protected String getGadgetUrl(Gadget gadget) {
- return gadgetUrl;
+ try {
+ return new GadgetSpec(URI.create(url), gadgetXml);
+ } catch (GadgetException e) {
+ return null;
}
}
@Override
protected void setUp() throws Exception {
super.setUp();
- containerRequiredConfig = mock(ContainerConfig.class);
- expect(containerRequiredConfig.get(ContainerConfig.DEFAULT_CONTAINER,
- LOCKED_DOMAIN_REQUIRED_KEY)).andReturn("true").anyTimes();
- expect(containerRequiredConfig.get(ContainerConfig.DEFAULT_CONTAINER,
+ expect(requiredConfig.get(ContainerConfig.DEFAULT_CONTAINER,
LOCKED_DOMAIN_SUFFIX_KEY)).andReturn("-a.example.com:8080").anyTimes();
- expect(containerRequiredConfig.getContainers())
+ expect(requiredConfig.get(ContainerConfig.DEFAULT_CONTAINER,
+ LOCKED_DOMAIN_REQUIRED_KEY)).andReturn("true").anyTimes();
+ expect(requiredConfig.getContainers())
.andReturn(Arrays.asList(ContainerConfig.DEFAULT_CONTAINER)).anyTimes();
- containerEnabledConfig = mock(ContainerConfig.class);
- expect(containerEnabledConfig.get(ContainerConfig.DEFAULT_CONTAINER,
- LOCKED_DOMAIN_REQUIRED_KEY)).andReturn("false").anyTimes();
- expect(containerEnabledConfig.get(ContainerConfig.DEFAULT_CONTAINER,
+ expect(enabledConfig.get(ContainerConfig.DEFAULT_CONTAINER,
LOCKED_DOMAIN_SUFFIX_KEY)).andReturn("-a.example.com:8080").anyTimes();
- expect(containerEnabledConfig.getContainers())
+ expect(enabledConfig.getContainers())
.andReturn(Arrays.asList(ContainerConfig.DEFAULT_CONTAINER)).anyTimes();
}
@@ -88,84 +75,76 @@
public void testDisabledGlobally() {
replay();
- domainLocker = new HashLockedDomainService(
- containerRequiredConfig, "embed.com", false);
- assertTrue(domainLocker.embedCanRender("anywhere.com"));
- assertTrue(domainLocker.embedCanRender("embed.com"));
- assertTrue(domainLocker.gadgetCanRender("embed.com", gadget, "default"));
-
- domainLocker = new HashLockedDomainService(
- containerEnabledConfig, "embed.com", false);
- assertTrue(domainLocker.embedCanRender("anywhere.com"));
- assertTrue(domainLocker.embedCanRender("embed.com"));
- assertTrue(domainLocker.gadgetCanRender("embed.com", gadget, "default"));
+ lockedDomainService = new HashLockedDomainService(requiredConfig, false);
+ assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
+ assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
+ assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default"));
+
+ lockedDomainService = new HashLockedDomainService(enabledConfig, false);
+ assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
+ assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
+ assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default"));
}
public void testEnabledForGadget() {
replay();
- domainLocker = new HashLockedDomainService(
- containerEnabledConfig, "embed.com", true);
- assertFalse(domainLocker.embedCanRender("anywhere.com"));
- assertTrue(domainLocker.embedCanRender("embed.com"));
- domainLocker.setSpecReader(wantsLocked);
- assertFalse(domainLocker.gadgetCanRender(
- "www.example.com", gadget, "default"));
- assertTrue(domainLocker.gadgetCanRender(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- gadget,
- "default"));
- String target = domainLocker.getLockedDomainForGadget(
- wantsLocked.getGadgetUrl(gadget), "default");
- assertEquals(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- target);
+ lockedDomainService = new HashLockedDomainService(enabledConfig, true);
+ assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
+ assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
+ assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender(
+ "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
+ String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
+ assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
}
public void testNotEnabledForGadget() {
replay();
- domainLocker = new HashLockedDomainService(
- containerEnabledConfig, "embed.com", true);
- domainLocker.setSpecReader(noLocked);
- assertTrue(domainLocker.gadgetCanRender(
- "www.example.com", gadget, "default"));
- assertFalse(domainLocker.gadgetCanRender(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- gadget,
- "default"));
- assertFalse(domainLocker.gadgetCanRender(
- "foo-a.example.com:8080",
- gadget,
- "default"));
- assertFalse(domainLocker.gadgetCanRender(
- "foo-a.example.com:8080",
- gadget,
- "othercontainer"));
- String target = domainLocker.getLockedDomainForGadget(
- wantsLocked.getGadgetUrl(gadget), "default");
- assertEquals(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- target);
+ lockedDomainService = new HashLockedDomainService(enabledConfig, true);
+
+ assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
+ assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
+ assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
+
+ assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
+ assertFalse(lockedDomainService.gadgetCanRender(
+ "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender(
+ "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
+ assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default"));
}
public void testRequiredForContainer() {
replay();
- domainLocker = new HashLockedDomainService(
- containerRequiredConfig, "embed.com", true);
- domainLocker.setSpecReader(noLocked);
- assertFalse(domainLocker.gadgetCanRender(
- "www.example.com", gadget, "default"));
- assertTrue(domainLocker.gadgetCanRender(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- gadget,
- "default"));
- String target = domainLocker.getLockedDomainForGadget(
- wantsLocked.getGadgetUrl(gadget), "default");
- assertEquals(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- target);
+ lockedDomainService = new HashLockedDomainService(requiredConfig, true);
+
+ assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
+ assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
+ assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
+
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
+
+ String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
+ assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
+ target = lockedDomainService.getLockedDomainForGadget(notLocked, "default");
+ assertEquals("auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", target);
+
+ assertTrue(lockedDomainService.gadgetCanRender(
+ "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
+ assertFalse(lockedDomainService.gadgetCanRender(
+ "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", wantsLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender(
+ "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
+ assertFalse(lockedDomainService.gadgetCanRender(
+ "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));
+
}
public void testMissingConfig() throws Exception {
@@ -174,11 +153,9 @@
.andReturn(Arrays.asList(ContainerConfig.DEFAULT_CONTAINER));
replay();
- domainLocker = new HashLockedDomainService(
- containerMissingConfig, "embed.com", false);
- domainLocker.setSpecReader(wantsLocked);
- assertTrue(domainLocker.gadgetCanRender(
- "www.example.com", gadget, "default"));
+ lockedDomainService = new HashLockedDomainService(containerMissingConfig, true);
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default"));
+ assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default"));
}
public void testMultiContainer() throws Exception {
@@ -191,14 +168,10 @@
.andReturn("-a.example.com:8080").anyTimes();
replay();
- domainLocker = new HashLockedDomainService(
- inheritsConfig, "embed.com", true);
- domainLocker.setSpecReader(wantsLocked);
- assertFalse(domainLocker.gadgetCanRender(
- "www.example.com", gadget, "other"));
- assertTrue(domainLocker.gadgetCanRender(
- "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080",
- gadget,
- "other"));
+ lockedDomainService = new HashLockedDomainService(inheritsConfig, true);
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "other"));
+ assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "other"));
+ assertTrue(lockedDomainService.gadgetCanRender(
+ "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
}
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/render/RendererTest.java Fri Sep 26 11:33:06 2008
@@ -20,6 +20,8 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.ContainerConfigException;
@@ -27,6 +29,7 @@
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetContext;
import org.apache.shindig.gadgets.GadgetException;
+import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.process.ProcessingException;
import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.spec.GadgetSpec;
@@ -55,13 +58,14 @@
private final FakeHtmlRenderer htmlRenderer = new FakeHtmlRenderer();
private final FakeProcessor processor = new FakeProcessor();
+ private final FakeLockedDomainService lockedDomainService = new FakeLockedDomainService();
private FakeContainerConfig containerConfig;
private Renderer renderer;
@Before
public void setUp() throws Exception {
containerConfig = new FakeContainerConfig();
- renderer = new Renderer(processor, htmlRenderer, containerConfig);
+ renderer = new Renderer(processor, htmlRenderer, containerConfig, lockedDomainService);
}
private GadgetContext makeContext(final String view) {
@@ -129,6 +133,20 @@
assertNotNull("No error message provided for bad parent.", results.getErrorMessage());
}
+ @Test
+ public void verifyLockedDomain() throws Exception {
+ renderer.render(makeContext("html"));
+ assertTrue("Locked domain not verified", lockedDomainService.wasChecked);
+ }
+
+ @Test
+ public void wrongDomainRedirects() throws Exception {
+ lockedDomainService.canRender = false;
+ RenderingResults results = renderer.render(makeContext("html"));
+ assertEquals(RenderingResults.Status.MUST_REDIRECT, results.getStatus());
+ // TODO: Verify the real url for redirection.
+ assertNull(results.getRedirect());
+ }
private static class FakeContainerConfig extends ContainerConfig {
private final JSONObject json = new JSONObject();
@@ -184,4 +202,21 @@
}
}
}
+
+ private static class FakeLockedDomainService implements LockedDomainService {
+ private boolean wasChecked = false;
+ private boolean canRender = true;
+ public boolean gadgetCanRender(String host, GadgetSpec gadget, String container) {
+ wasChecked = true;
+ return canRender;
+ }
+
+ public String getLockedDomainForGadget(GadgetSpec gadget, String container) {
+ return null;
+ }
+
+ public boolean isSafeForOpenProxy(String host) {
+ return false;
+ }
+ }
}
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/HttpGadgetContextTest.java Fri Sep 26 11:33:06 2008
@@ -56,6 +56,13 @@
assertEquals("bar", context.getParameter("foo"));
}
+ public void testGetHost() {
+ expect(request.getHeader("Host")).andReturn("foo.org");
+ replay();
+ GadgetContext context = new HttpGadgetContext(request);
+ assertEquals("foo.org", context.getHost());
+ }
+
public void testGetSecurityToken() throws Exception {
SecurityToken expected = new AnonymousSecurityToken();
expect(request.getAttribute(AuthInfo.Attribute.SECURITY_TOKEN.getId())).andReturn(expected);
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyHandlerTest.java Fri Sep 26 11:33:06 2008
@@ -76,7 +76,7 @@
public void testLockedDomainEmbed() throws Exception {
setupProxyRequestMock("www.example.com", URL_ONE);
- expect(lockedDomainService.embedCanRender("www.example.com")).andReturn(true);
+ expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(true);
expectGetAndReturnData(URL_ONE, DATA_ONE.getBytes());
replay();
@@ -89,7 +89,7 @@
public void testLockedDomainFailedEmbed() throws Exception {
setupFailedProxyRequestMock("www.example.com", URL_ONE);
- expect(lockedDomainService.embedCanRender("www.example.com")).andReturn(false);
+ expect(lockedDomainService.isSafeForOpenProxy("www.example.com")).andReturn(false);
replay();
try {
proxyHandler.fetch(request, response);
@@ -109,7 +109,7 @@
headers.put("Content-Type", Arrays.asList(contentType));
headers.put("X-Magic-Garbage", Arrays.asList(magicGarbage));
- expect(lockedDomainService.embedCanRender(domain)).andReturn(true).atLeastOnce();
+ expect(lockedDomainService.isSafeForOpenProxy(domain)).andReturn(true).atLeastOnce();
setupProxyRequestMock(domain, url);
expectGetAndReturnHeaders(url, headers);
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java?rev=699448&r1=699447&r2=699448&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyServletTest.java Fri Sep 26 11:33:06 2008
@@ -55,7 +55,7 @@
expect(request.getParameter(ProxyBase.URL_PARAM))
.andReturn(REQUEST_URL.toString()).anyTimes();
expect(request.getHeader("Host")).andReturn(REQUEST_DOMAIN).anyTimes();
- expect(lockedDomainService.embedCanRender(REQUEST_DOMAIN))
+ expect(lockedDomainService.isSafeForOpenProxy(REQUEST_DOMAIN))
.andReturn(true).anyTimes();
}