Repository: shiro Updated Branches: refs/heads/1.3.x d41afcc6e -> b15ab9277
Added fix to adjust how the servlet context path is handled Based on a thread from the Servlet Expert Group Project: http://git-wip-us.apache.org/repos/asf/shiro/repo Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/b15ab927 Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/b15ab927 Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/b15ab927 Branch: refs/heads/1.3.x Commit: b15ab927709ca18ea4a02538be01919a19ab65af Parents: d41afcc Author: Brian Demers <[email protected]> Authored: Fri Sep 9 16:26:57 2016 -0400 Committer: Brian Demers <[email protected]> Committed: Fri Sep 9 16:26:57 2016 -0400 ---------------------------------------------------------------------- .../org/apache/shiro/web/util/WebUtils.java | 5 +- .../apache/shiro/web/util/WebUtilsTest.groovy | 158 +++++++++++++++++++ 2 files changed, 161 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/shiro/blob/b15ab927/web/src/main/java/org/apache/shiro/web/util/WebUtils.java ---------------------------------------------------------------------- diff --git a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java index 561dae9..3f3f750 100644 --- a/web/src/main/java/org/apache/shiro/web/util/WebUtils.java +++ b/web/src/main/java/org/apache/shiro/web/util/WebUtils.java @@ -248,11 +248,12 @@ public class WebUtils { if (contextPath == null) { contextPath = request.getContextPath(); } + contextPath = normalize(decodeRequestString(request, contextPath)); if ("/".equals(contextPath)) { - // Invalid case, but happens for includes on Jetty: silently adapt it. + // the normalize method will return a "/" and includes on Jetty, will also be a "/". contextPath = ""; } - return decodeRequestString(request, contextPath); + return contextPath; } /** http://git-wip-us.apache.org/repos/asf/shiro/blob/b15ab927/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy ---------------------------------------------------------------------- diff --git a/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy new file mode 100644 index 0000000..08cfce9 --- /dev/null +++ b/web/src/test/groovy/org/apache/shiro/web/util/WebUtilsTest.groovy @@ -0,0 +1,158 @@ +package org.apache.shiro.web.util + +import org.junit.Assert +import org.junit.Test + +import javax.servlet.http.HttpServletRequest + +import static org.easymock.EasyMock.* +import static org.junit.Assert.* + +/** + * Tests for {@link WebUtils}. + */ +public class WebUtilsTest { + + @Test + void testGetContextPathIncludes() { + def request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("/context-path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context-path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn("//context-path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context-path", WebUtils.getContextPath(request) + verify request + } + + @Test + void testGetContextPath() { + + def request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/context-path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context-path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("//context-path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context-path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/context%20path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/c%6Fntext%20path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/context path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context path", WebUtils.getContextPath(request) + verify request + + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/context%2525path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + assertEquals "/context%25path", WebUtils.getContextPath(request) + verify request + + // non visible character's are NOT normalized, such as a backspace + request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null) + expect(request.getContextPath()).andReturn("/context-%08path") + expect(request.getCharacterEncoding()).andReturn("UTF-8") + replay request + def expected = "/context-" + (char) 0x08 + "path" + assertEquals expected, WebUtils.getContextPath(request) + verify request + + } + + + @Test + void testGetPathWithinApplication() { + + doTestGetPathWithinApplication("/", "/foobar", "/foobar"); + doTestGetPathWithinApplication("", "/foobar", "/foobar"); + doTestGetPathWithinApplication("", "foobar", "/foobar"); + doTestGetPathWithinApplication("/", "foobar", "/foobar"); + doTestGetPathWithinApplication("//", "foobar", "/foobar"); + doTestGetPathWithinApplication("//", "//foobar", "/foobar"); + doTestGetPathWithinApplication("/context-path", "/context-path/foobar", "/foobar"); + doTestGetPathWithinApplication("/context-path", "/context-path/foobar/", "/foobar/"); + doTestGetPathWithinApplication("//context-path", "//context-path/foobar", "/foobar"); + doTestGetPathWithinApplication("//context-path", "//context-path//foobar", "/foobar"); + doTestGetPathWithinApplication("//context-path", "//context-path/remove-one/remove-two/../../././/foobar", "/foobar"); + doTestGetPathWithinApplication("//context-path", "//context-path//../../././/foobar", null); + doTestGetPathWithinApplication("/context%2525path", "/context%2525path/foobar", "/foobar"); + doTestGetPathWithinApplication("/c%6Fntext%20path", "/c%6Fntext%20path/foobar", "/foobar"); + doTestGetPathWithinApplication("/context path", "/context path/foobar", "/foobar"); + + } + + void doTestGetPathWithinApplication(String contextPath, String requestUri, String expectedValue) { + + def request = createMock(HttpServletRequest) + expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(contextPath) + expect(request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE)).andReturn(requestUri) + expect(request.getCharacterEncoding()).andReturn("UTF-8").times(2) + replay request + assertEquals expectedValue, WebUtils.getPathWithinApplication(request) + verify request + } +}
