You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/09/09 21:24:25 UTC
shiro git commit: Added fix to adjust how the servlet context path is
handled
Repository: shiro
Updated Branches:
refs/heads/1.3.x d41afcc6e -> b15ab9277
Added fix to adjust how the servlet context path is handled
Based on a thread from the Servlet Expert Group
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/b15ab927
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/b15ab927
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/b15ab927
Branch: refs/heads/1.3.x
Commit: b15ab927709ca18ea4a02538be01919a19ab65af
Parents: d41afcc
Author: Brian Demers <bd...@apache.org>
Authored: Fri Sep 9 16:26:57 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Fri Sep 9 16:26:57 2016 -0400
----------------------------------------------------------------------
.../org/apache/shiro/web/util/WebUtils.java | 5 +-
.../apache/shiro/web/util/WebUtilsTest.groovy | 158 +++++++++++++++++++
2 files changed, 161 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/b15ab927/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
index 561dae9..3f3f750 100644
--- a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
+++ b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java
@@ -248,11 +248,12 @@ public class WebUtils {
if (contextPath == null) {
contextPath = request.getContextPath();
}
+ contextPath = normalize(decodeRequestString(request, contextPath));
if ("/".equals(contextPath)) {
- // Invalid case, but happens for includes on Jetty: silently adapt it.
+ // the normalize method will return a "/" and includes on Jetty, will also be a "/".
contextPath = "";
}
- return decodeRequestString(request, contextPath);
+ return contextPath;
}
/**
http://git-wip-us.apache.org/repos/asf/shiro/blob/b15ab927/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
----------------------------------------------------------------------
diff --git a/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
new file mode 100644
index 0000000..08cfce9
--- /dev/null
+++ b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy
@@ -0,0 +1,158 @@
+package org.apache.shiro.web.util
+
+import org.junit.Assert
+import org.junit.Test
+
+import javax.servlet.http.HttpServletRequest
+
+import static org.easymock.EasyMock.*
+import static org.junit.Assert.*
+
+/**
+ * Tests for {@link WebUtils}.
+ */
+public class WebUtilsTest {
+
+ @Test
+ void testGetContextPathIncludes() {
+ def request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/context-path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context-path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("//context-path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context-path", WebUtils.getContextPath(request)
+ verify request
+ }
+
+ @Test
+ void testGetContextPath() {
+
+ def request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/context-path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context-path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("//context-path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context-path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/context%20path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/c%6Fntext%20path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/context path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context path", WebUtils.getContextPath(request)
+ verify request
+
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/context%2525path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ assertEquals "/context%25path", WebUtils.getContextPath(request)
+ verify request
+
+ // non visible character's are NOT normalized, such as a backspace
+ request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null)
+ expect(request.getContextPath()).andReturn("/context-%08path")
+ expect(request.getCharacterEncoding()).andReturn("UTF-8")
+ replay request
+ def expected = "/context-" + (char) 0x08 + "path"
+ assertEquals expected, WebUtils.getContextPath(request)
+ verify request
+
+ }
+
+
+ @Test
+ void testGetPathWithinApplication() {
+
+ doTestGetPathWithinApplication("/", "/foobar", "/foobar");
+ doTestGetPathWithinApplication("", "/foobar", "/foobar");
+ doTestGetPathWithinApplication("", "foobar", "/foobar");
+ doTestGetPathWithinApplication("/", "foobar", "/foobar");
+ doTestGetPathWithinApplication("//", "foobar", "/foobar");
+ doTestGetPathWithinApplication("//", "//foobar", "/foobar");
+ doTestGetPathWithinApplication("/context-path", "/context-path/foobar", "/foobar");
+ doTestGetPathWithinApplication("/context-path", "/context-path/foobar/", "/foobar/");
+ doTestGetPathWithinApplication("//context-path", "//context-path/foobar", "/foobar");
+ doTestGetPathWithinApplication("//context-path", "//context-path//foobar", "/foobar");
+ doTestGetPathWithinApplication("//context-path", "//context-path/remove-one/remove-two/../../././/foobar", "/foobar");
+ doTestGetPathWithinApplication("//context-path", "//context-path//../../././/foobar", null);
+ doTestGetPathWithinApplication("/context%2525path", "/context%2525path/foobar", "/foobar");
+ doTestGetPathWithinApplication("/c%6Fntext%20path", "/c%6Fntext%20path/foobar", "/foobar");
+ doTestGetPathWithinApplication("/context path", "/context path/foobar", "/foobar");
+
+ }
+
+ void doTestGetPathWithinApplication(String contextPath, String requestUri, String expectedValue) {
+
+ def request = createMock(HttpServletRequest)
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(contextPath)
+ expect(request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE)).andReturn(requestUri)
+ expect(request.getCharacterEncoding()).andReturn("UTF-8").times(2)
+ replay request
+ assertEquals expectedValue, WebUtils.getPathWithinApplication(request)
+ verify request
+ }
+}