Author: bdelacretaz
Date: Fri Oct 14 09:35:44 2016
New Revision: 1764845
URL: http://svn.apache.org/viewvc?rev=1764845&view=rev
Log:
SLING-5135 - verify handling of forbidden attributes
Modified:
sling/trunk/bundles/resourceresolver/src/test/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverControlTest.java
Modified:
sling/trunk/bundles/resourceresolver/src/test/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverControlTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/resourceresolver/src/test/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverControlTest.java?rev=1764845&r1=1764844&r2=1764845&view=diff
==============================================================================
---
sling/trunk/bundles/resourceresolver/src/test/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverControlTest.java
(original)
+++
sling/trunk/bundles/resourceresolver/src/test/java/org/apache/sling/resourceresolver/impl/helper/ResourceResolverControlTest.java
Fri Oct 14 09:35:44 2016
@@ -18,6 +18,7 @@
*/
package org.apache.sling.resourceresolver.impl.helper;
+import java.util.ArrayList;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasEntry;
@@ -37,12 +38,14 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.UUID;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceMetadata;
import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.resource.runtime.dto.AuthType;
@@ -59,6 +62,9 @@ import org.apache.sling.spi.resource.pro
import org.apache.sling.spi.resource.provider.ResourceProvider;
import org.apache.sling.testing.mock.osgi.MockOsgi;
import org.hamcrest.Matchers;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
@@ -67,6 +73,16 @@ import org.osgi.framework.BundleContext;
@SuppressWarnings("unchecked")
public class ResourceResolverControlTest {
+ private static final String TEST_ATTRIBUTE = "some.test.attribute";
+
+ private static final List<String> TEST_FORBIDDEN_ATTRIBUTES = new
ArrayList<String>();
+
+ static {
+ TEST_FORBIDDEN_ATTRIBUTES.add(ResourceResolverFactory.PASSWORD);
+
TEST_FORBIDDEN_ATTRIBUTES.add(ResourceProvider.AUTH_SERVICE_BUNDLE);
+ TEST_FORBIDDEN_ATTRIBUTES.add(ResourceResolverFactory.SUBSERVICE);
+ }
+
// query language names
private static final String QL_MOCK = "MockQueryLanguage";
private static final String QL_ANOTHER_MOCK = "AnotherMockQueryLanguage";
@@ -136,7 +152,7 @@ public class ResourceResolverControlTest
ResourceResolver rr = mock(ResourceResolver.class);
ResourceAccessSecurityTracker securityTracker =
Mockito.mock(ResourceAccessSecurityTracker.class);
- authInfo = Collections.emptyMap();
+ authInfo = getAuthInfo();
handlers = Arrays.asList(rootHandler, handler);
final ResourceProviderStorage storage = new
ResourceProviderStorage(handlers);
@@ -150,6 +166,21 @@ public class ResourceResolverControlTest
});
context = new ResourceResolverContext(rr, securityTracker);
}
+
+ /** Return test auth info */
+ private Map<String, Object> getAuthInfo() {
+ final Map<String, Object> result = new HashMap<String, Object>();
+
+ // Add all forbidden attributes to be able to verify that
+ // they are masked
+ for(String str : TEST_FORBIDDEN_ATTRIBUTES) {
+ result.put(str, "should be hidden");
+ }
+
+ result.put(TEST_ATTRIBUTE, "is " + TEST_ATTRIBUTE);
+
+ return result;
+ }
/**
* Configures the provider to return a mock resource for the specified path
@@ -425,6 +456,24 @@ public class ResourceResolverControlTest
assertThat("query result count", count, Matchers.equalTo(1));
}
+
+ @Test
+ public void forbiddenAttributeNames() {
+ for(String name : crp.getAttributeNames(context)) {
+ if(TEST_FORBIDDEN_ATTRIBUTES.contains(name)) {
+ fail("Attribute " + name + " should not be accessible");
+ }
+ }
+ assertTrue("Expecting non-forbidden attribute",
crp.getAttributeNames(context).contains(TEST_ATTRIBUTE));
+ }
+
+ @Test
+ public void forbiddenAttributeValues() {
+ for(String name : TEST_FORBIDDEN_ATTRIBUTES) {
+ assertNull("Expecting " + name + " to be hidden",
crp.getAttribute(context, name));
+ }
+ assertEquals("is " + TEST_ATTRIBUTE, crp.getAttribute(context,
TEST_ATTRIBUTE));
+ }
/**
* Simple test-only QueryLanguageProvider
