You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by fp...@apache.org on 2020/02/13 08:46:41 UTC
[shiro] branch master updated: fix bug throw exception when match
url is /
This is an automated email from the ASF dual-hosted git repository.
fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/master by this push:
new f902982 fix bug throw exception when match url is /
new 9762f97 Merge pull request #201 from tomsun28/path-match-bug-fix
f902982 is described below
commit f90298235275f7e0a07e7825e095a4121b405046
Author: tomsun28 <to...@outlook.com>
AuthorDate: Sat Feb 8 14:01:11 2020 +0800
fix bug throw exception when match url is /
---
.../shiro/web/filter/PathMatchingFilter.java | 6 ++++--
.../mgt/PathMatchingFilterChainResolver.java | 6 ++++--
.../shiro/web/filter/PathMatchingFilterTest.java | 14 ++++++++++++++
.../mgt/PathMatchingFilterChainResolverTest.java | 22 ++++++++++++++++++++++
4 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/web/src/main/java/org/apache/shiro/web/filter/PathMatchingFilter.java b/web/src/main/java/org/apache/shiro/web/filter/PathMatchingFilter.java
index e507ad3..be1da71 100644
--- a/web/src/main/java/org/apache/shiro/web/filter/PathMatchingFilter.java
+++ b/web/src/main/java/org/apache/shiro/web/filter/PathMatchingFilter.java
@@ -123,10 +123,12 @@ public abstract class PathMatchingFilter extends AdviceFilter implements PathCon
*/
protected boolean pathsMatch(String path, ServletRequest request) {
String requestURI = getPathWithinApplication(request);
- if (requestURI != null && requestURI.endsWith(DEFAULT_PATH_SEPARATOR)) {
+ if (requestURI != null && !DEFAULT_PATH_SEPARATOR.equals(requestURI)
+ && requestURI.endsWith(DEFAULT_PATH_SEPARATOR)) {
requestURI = requestURI.substring(0, requestURI.length() - 1);
}
- if (path != null && path.endsWith(DEFAULT_PATH_SEPARATOR)) {
+ if (path != null && !DEFAULT_PATH_SEPARATOR.equals(path)
+ && path.endsWith(DEFAULT_PATH_SEPARATOR)) {
path = path.substring(0, path.length() - 1);
}
log.trace("Attempting to match pattern '{}' with current requestURI '{}'...", path, Encode.forHtml(requestURI));
diff --git a/web/src/main/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolver.java b/web/src/main/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolver.java
index 7adcda7..c35ab9b 100644
--- a/web/src/main/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolver.java
+++ b/web/src/main/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolver.java
@@ -105,7 +105,8 @@ public class PathMatchingFilterChainResolver implements FilterChainResolver {
// in spring web, the requestURI "/resource/menus" ---- "resource/menus/" bose can access the resource
// but the pathPattern match "/resource/menus" can not match "resource/menus/"
// user can use requestURI + "/" to simply bypassed chain filter, to bypassed shiro protect
- if(requestURI != null && requestURI.endsWith(DEFAULT_PATH_SEPARATOR)) {
+ if(requestURI != null && !DEFAULT_PATH_SEPARATOR.equals(requestURI)
+ && requestURI.endsWith(DEFAULT_PATH_SEPARATOR)) {
requestURI = requestURI.substring(0, requestURI.length() - 1);
}
@@ -113,7 +114,8 @@ public class PathMatchingFilterChainResolver implements FilterChainResolver {
//the 'chain names' in this implementation are actually path patterns defined by the user. We just use them
//as the chain name for the FilterChainManager's requirements
for (String pathPattern : filterChainManager.getChainNames()) {
- if (pathPattern != null && pathPattern.endsWith(DEFAULT_PATH_SEPARATOR)) {
+ if (pathPattern != null && !DEFAULT_PATH_SEPARATOR.equals(pathPattern)
+ && pathPattern.endsWith(DEFAULT_PATH_SEPARATOR)) {
pathPattern = pathPattern.substring(0, pathPattern.length() - 1);
}
diff --git a/web/src/test/java/org/apache/shiro/web/filter/PathMatchingFilterTest.java b/web/src/test/java/org/apache/shiro/web/filter/PathMatchingFilterTest.java
index 116aaae..c6e81d4 100644
--- a/web/src/test/java/org/apache/shiro/web/filter/PathMatchingFilterTest.java
+++ b/web/src/test/java/org/apache/shiro/web/filter/PathMatchingFilterTest.java
@@ -122,6 +122,20 @@ public class PathMatchingFilterTest {
}
/**
+ * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-742">SHIRO-742<a/>.
+ */
+ @Test
+ public void testPathMatchEqualUrlSeparatorEnabled() {
+ expect(request.getContextPath()).andReturn(CONTEXT_PATH).anyTimes();
+ expect(request.getRequestURI()).andReturn("/").anyTimes();
+ replay(request);
+
+ boolean matchEnabled = filter.pathsMatch("/", request);
+ assertTrue("PathMatch can match URL end with Separator", matchEnabled);
+ verify(request);
+ }
+
+ /**
* Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-682">SHIRO-682<a/>.
*/
@Test
diff --git a/web/src/test/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolverTest.java b/web/src/test/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolverTest.java
index 68a8fa2..758be4d 100644
--- a/web/src/test/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolverTest.java
+++ b/web/src/test/java/org/apache/shiro/web/filter/mgt/PathMatchingFilterChainResolverTest.java
@@ -187,6 +187,28 @@ public class PathMatchingFilterChainResolverTest extends WebTest {
}
/**
+ * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-742">SHIRO-742<a/>.
+ */
+ @Test
+ public void testGetChainEqualUrlSeparator() {
+ HttpServletRequest request = createNiceMock(HttpServletRequest.class);
+ HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+ FilterChain chain = createNiceMock(FilterChain.class);
+
+ //ensure at least one chain is defined:
+ resolver.getFilterChainManager().addToChain("/", "authcBasic");
+
+ expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
+ expect(request.getContextPath()).andReturn("");
+ expect(request.getRequestURI()).andReturn("/");
+ replay(request);
+
+ FilterChain resolved = resolver.getChain(request, response, chain);
+ assertNotNull(resolved);
+ verify(request);
+ }
+
+ /**
* Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-682">SHIRO-682<a/>.
*/
@Test