Updated Branches: refs/heads/wicket-1.4.x 189359078 -> aebab524c
Use SecurePackageResourceGuard as default. Improve Packages#absolutePath(). Use IPackageResourceGuard.accept() for each call of PackageResource#getResourceStream() Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/aebab524 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/aebab524 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/aebab524 Branch: refs/heads/wicket-1.4.x Commit: aebab524c15c09ec1195ee157584aa4f5eec31b6 Parents: 1893590 Author: martin-g <[email protected]> Authored: Mon Mar 5 11:06:46 2012 +0200 Committer: martin-g <[email protected]> Committed: Mon Mar 5 11:06:46 2012 +0200 ---------------------------------------------------------------------- pom.xml | 6 ++ .../velocity/VelocityTemplateApplication.java | 10 ++- wicket/pom.xml | 4 + .../apache/wicket/markup/html/PackageResource.java | 64 +++++++------- .../markup/html/SecurePackageResourceGuard.java | 30 ++++++- .../java/org/apache/wicket/settings/Settings.java | 5 +- .../wicket/util/file/WebApplicationPath.java | 12 +++- .../java/org/apache/wicket/util/lang/Packages.java | 7 +- .../resource/locator/ResourceStreamLocator.java | 29 ++++++- .../org/apache/wicket/SharedResourceUrlTest.java | 17 ++-- .../html/SecurePackageResourceGuardTest.java | 31 ++++--- .../html/link/AutolinkPageExpectedResult_2.html | 2 +- .../wicket/util/file/WebApplicationPathTest.java | 58 +++++++++++++ .../org/apache/wicket/util/lang/PackagesTest.java | 66 +++++++++++++++ .../wicket/util/tester/WicketTesterTest.java | 26 +++--- 15 files changed, 289 insertions(+), 78 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 69fc06d..418b558 100644 --- a/pom.xml +++ b/pom.xml @@ -502,6 +502,12 @@ <scope>provided</scope> <optional>true</optional> </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-all</artifactId> + <version>1.8.5</version> + <scope>test</scope> + </dependency> </dependencies> </dependencyManagement> <dependencies> http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java ---------------------------------------------------------------------- diff --git a/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java b/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java index 3087bf9..b36e1c9 100644 --- a/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java +++ b/wicket-examples/src/main/java/org/apache/wicket/examples/velocity/VelocityTemplateApplication.java @@ -22,6 +22,8 @@ import java.util.List; import org.apache.velocity.app.Velocity; import org.apache.wicket.Page; import org.apache.wicket.WicketRuntimeException; +import org.apache.wicket.markup.html.IPackageResourceGuard; +import org.apache.wicket.markup.html.SecurePackageResourceGuard; import org.apache.wicket.protocol.http.WebApplication; /** @@ -92,7 +94,13 @@ public class VelocityTemplateApplication extends WebApplication protected void init() { getDebugSettings().setDevelopmentUtilitiesEnabled(true); - + IPackageResourceGuard packageResourceGuard = getResourceSettings().getPackageResourceGuard(); + if (packageResourceGuard instanceof SecurePackageResourceGuard) + { + SecurePackageResourceGuard guard = (SecurePackageResourceGuard)packageResourceGuard; + // allow velocity macros resources + guard.addPattern("+*.vm"); + } // initialize velocity try { http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/pom.xml ---------------------------------------------------------------------- diff --git a/wicket/pom.xml b/wicket/pom.xml index 5ef39c5..3059ed9 100644 --- a/wicket/pom.xml +++ b/wicket/pom.xml @@ -46,6 +46,10 @@ <scope>provided</scope> <optional>true</optional> </dependency> + <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-all</artifactId> + </dependency> </dependencies> <build> <plugins> http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java index 0bb5ddf..a29117f 100644 --- a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java +++ b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResource.java @@ -504,13 +504,6 @@ public class PackageResource extends WebResource implements IModifiable, IPackag // Convert resource path to absolute path relative to base package absolutePath = Packages.absolutePath(scope, path); - if (!accept(scope, path)) - { - throw new PackageResourceBlockedException( - "Access denied to (static) package resource " + absolutePath + - ". See IPackageResourceGuard"); - } - scopeName = scope.getName(); this.path = path; this.locale = locale; @@ -603,6 +596,37 @@ public class PackageResource extends WebResource implements IModifiable, IPackag } } + Class<?> realScope = getScope(); + String realPath = absolutePath; + if (resourceStream instanceof IFixedLocationResourceStream) + { + realPath = ((IFixedLocationResourceStream)resourceStream).locationAsString(); + if (realPath != null) + { + int index = realPath.indexOf(absolutePath); + if (index != -1) + { + realPath = realPath.substring(index); + } + else + { + // TODO just fall back on the full path without a scope.. + realScope = null; + } + } + else + { + realPath = absolutePath; + } + } + + if (accept(realScope, realPath) == false) + { + throw new PackageResourceBlockedException( + "Access denied to (static) package resource " + absolutePath + + ". See IPackageResourceGuard"); + } + locale = resourceStream.getLocale(); if (resourceStream != null) @@ -668,31 +692,7 @@ public class PackageResource extends WebResource implements IModifiable, IPackag .getResourceSettings() .getPackageResourceGuard(); - String realPath = path; - IResourceStream resourceStream = Application.get() - .getResourceSettings() - .getResourceStreamLocator() - .locate(getScope(), absolutePath, style, locale, null); - if (resourceStream instanceof IFixedLocationResourceStream) - { - realPath = ((IFixedLocationResourceStream)resourceStream).locationAsString(); - if (realPath != null) - { - int index = realPath.indexOf(path); - if (index != -1) - { - realPath = realPath.substring(index); - } - else - // TODO just fall back on the full path without a scope.. - return guard.accept(null, realPath); - } - else - { - realPath = path; - } - } - return guard.accept(scope, realPath); + return guard.accept(scope, path); } @Override http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java b/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java index c553f32..71c63b6 100644 --- a/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java +++ b/wicket/src/main/java/org/apache/wicket/markup/html/SecurePackageResourceGuard.java @@ -20,6 +20,7 @@ import java.util.ArrayList; import java.util.List; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentLinkedQueue; +import java.util.concurrent.ConcurrentMap; import java.util.regex.Pattern; import org.apache.wicket.settings.IResourceSettings; @@ -80,16 +81,38 @@ public class SecurePackageResourceGuard extends PackageResourceGuard private List<SearchPattern> pattern = new ArrayList<SearchPattern>(); /** A cache to speed up the checks */ - private final ConcurrentHashMap<String, Boolean> cache; + private final ConcurrentMap<String, Boolean> cache; /** - * Construct. + * Constructor. */ public SecurePackageResourceGuard() { - cache = newCache(); + this(new SimpleCache(100)); } + public SecurePackageResourceGuard(ConcurrentMap<String, Boolean> cache) + { + this.cache = cache; + + // the order is important for better performance + // first add the most commonly used + addPattern("+*.js"); + addPattern("+*.css"); + addPattern("+*.png"); + addPattern("+*.jpg"); + addPattern("+*.jpeg"); + addPattern("+*.gif"); + addPattern("+*.ico"); + + // WICKET-208 non page templates may be served + addPattern("+*.html"); + + addPattern("+*.txt"); + addPattern("+*.swf"); + addPattern("+*.bmp"); + } + /** * Get a new cache implementation. Subclasses may return null to disable caching. More advanced * caches (e.h. ehcache) should be used in production environments to limit the size and remove @@ -97,6 +120,7 @@ public class SecurePackageResourceGuard extends PackageResourceGuard * * @return the cache implementation */ + @Deprecated public ConcurrentHashMap<String, Boolean> newCache() { return new SimpleCache(100); http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/settings/Settings.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/settings/Settings.java b/wicket/src/main/java/org/apache/wicket/settings/Settings.java index 0d58547..06c47b4 100644 --- a/wicket/src/main/java/org/apache/wicket/settings/Settings.java +++ b/wicket/src/main/java/org/apache/wicket/settings/Settings.java @@ -42,7 +42,7 @@ import org.apache.wicket.markup.IMarkupParserFactory; import org.apache.wicket.markup.MarkupCache; import org.apache.wicket.markup.MarkupParserFactory; import org.apache.wicket.markup.html.IPackageResourceGuard; -import org.apache.wicket.markup.html.PackageResourceGuard; +import org.apache.wicket.markup.html.SecurePackageResourceGuard; import org.apache.wicket.markup.html.form.persistence.CookieValuePersisterSettings; import org.apache.wicket.markup.html.pages.BrowserInfoPage; import org.apache.wicket.markup.resolver.AutoComponentResolver; @@ -205,7 +205,8 @@ public final class Settings private final Map<String, IResourceFactory> nameToResourceFactory = new HashMap<String, IResourceFactory>(); /** The package resource guard. */ - private IPackageResourceGuard packageResourceGuard = new PackageResourceGuard(); + private IPackageResourceGuard packageResourceGuard = new SecurePackageResourceGuard( + new SecurePackageResourceGuard.SimpleCache(100)); /** The error page displayed when an expired page is accessed. */ private WeakReference<Class<? extends Page>> pageExpiredErrorPage; http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java b/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java index 7be009f..452e658 100644 --- a/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java +++ b/wicket/src/main/java/org/apache/wicket/util/file/WebApplicationPath.java @@ -92,8 +92,12 @@ public final class WebApplicationPath implements IResourcePath * * @see org.apache.wicket.util.file.IResourceFinder#find(Class, String) */ - public IResourceStream find(final Class<?> clazz, final String pathname) + public IResourceStream find(final Class<?> clazz, String pathname) { + while (pathname.startsWith("/")) + { + pathname = pathname.substring(1); + } Iterator<Folder> foldersIter = folders.iterator(); while (foldersIter.hasNext()) { @@ -138,4 +142,10 @@ public final class WebApplicationPath implements IResourcePath return "[folders = " + StringList.valueOf(folders) + ", webapppaths: " + StringList.valueOf(webappPaths) + "]"; } + + /* package private for test in 1.4 only */ + final void addToWebPath(String path) + { + webappPaths.add(path); + } } http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java b/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java index 0d5601c..baef04c 100644 --- a/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java +++ b/wicket/src/main/java/org/apache/wicket/util/lang/Packages.java @@ -16,7 +16,6 @@ */ package org.apache.wicket.util.lang; -import org.apache.wicket.util.string.IStringIterator; import org.apache.wicket.util.string.StringList; /** @@ -87,10 +86,10 @@ public final class Packages final StringList folders = StringList.tokenize(relativePath, "/\\"); // Iterate through folders - for (final IStringIterator iterator = folders.iterator(); iterator.hasNext();) + for (int i = 0, size = folders.size(); i < size; i++) { // Get next folder - final String folder = iterator.next(); + final String folder = folders.get(i); // Up one? if ("..".equals(folder)) @@ -105,7 +104,7 @@ public final class Packages throw new IllegalArgumentException("Invalid path " + relativePath); } } - else + else if (absolutePath.size() <= i || absolutePath.get(i).equals(folder) == false) { // Add to stack absolutePath.add(folder); http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java b/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java index 96fe514..ca75b86 100644 --- a/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java +++ b/wicket/src/main/java/org/apache/wicket/util/resource/locator/ResourceStreamLocator.java @@ -23,6 +23,7 @@ import org.apache.wicket.Application; import org.apache.wicket.util.file.IResourceFinder; import org.apache.wicket.util.resource.IResourceStream; import org.apache.wicket.util.resource.UrlResourceStream; +import org.apache.wicket.util.string.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -114,7 +115,7 @@ public class ResourceStreamLocator implements IResourceStreamLocator { // Try the various combinations of style, locale and extension to find // the resource. - ResourceNameIterator iter = new ResourceNameIterator(path, style, locale, extension); + ResourceNameIterator iter = newResourceNameIterator(path, style, locale, extension); while (iter.hasNext()) { String newPath = iter.next(); @@ -130,6 +131,32 @@ public class ResourceStreamLocator implements IResourceStreamLocator return null; } + private ResourceNameIterator newResourceNameIterator(String path, String style, Locale locale, + String extension) + { + final String realPath; + final String realExtension; + + if ((extension == null) && (path != null) && (path.indexOf('.') != -1)) + { + realPath = Strings.beforeLast(path, '.'); + // for extensions with separator take the first extension + realExtension = Strings.afterLast(path, '.'); + if (realExtension.indexOf(',') > -1) + { + // multiple extensions are not allowed in the path parameter + return new EmptyResourceNameIterator(); + } + } + else + { + realPath = path; + realExtension = extension; + } + + return new ResourceNameIterator(realPath, style, locale, realExtension); + } + /** * Search the the resource my means of the various classloaders available * http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java b/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java index b263385..a2a6dbd 100644 --- a/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java +++ b/wicket/src/test/java/org/apache/wicket/SharedResourceUrlTest.java @@ -68,7 +68,8 @@ public class SharedResourceUrlTest extends WicketTestCase rr = new ResourceReference(SharedResourceUrlTest.class, "test"); url = cycle.urlFor(rr, new ValueMap("param=value", "")); - assertEquals("resources/org.apache.wicket.SharedResourceUrlTest/test?param=value", url.toString()); + assertEquals("resources/org.apache.wicket.SharedResourceUrlTest/test?param=value", + url.toString()); } public void testResourceReferenceUrl_SessionLocale() throws Exception @@ -77,13 +78,13 @@ public class SharedResourceUrlTest extends WicketTestCase WebRequestCycle cycle = tester.createRequestCycle(); Session.get().setLocale(Locale.GERMANY); - ResourceReference rr = new ResourceReference(Application.class, "test", true, false); + ResourceReference rr = new ResourceReference(Application.class, "test.css", true, false); CharSequence url = cycle.urlFor(rr); - assertEquals("resources/org.apache.wicket.Application/test_de_DE", url.toString()); + assertEquals("resources/org.apache.wicket.Application/test_de_DE.css", url.toString()); Session.get().setLocale(Locale.US); url = cycle.urlFor(rr); - assertEquals("resources/org.apache.wicket.Application/test_en_US", url.toString()); + assertEquals("resources/org.apache.wicket.Application/test_en_US.css", url.toString()); } /** @@ -115,19 +116,19 @@ public class SharedResourceUrlTest extends WicketTestCase tester.setupRequestAndResponse(); WebRequestCycle cycle = tester.createRequestCycle(); - ResourceReference rr = new ResourceReference(Application.class, "test", true, true); + ResourceReference rr = new ResourceReference(Application.class, "test.css", true, true); Session.get().setLocale(Locale.GERMANY); CharSequence url = cycle.urlFor(rr); - assertEquals("resources/org.apache.wicket.Application/test_de_DE", url.toString()); + assertEquals("resources/org.apache.wicket.Application/test_de_DE.css", url.toString()); Session.get().setStyle("foo"); url = cycle.urlFor(rr); - assertEquals("resources/org.apache.wicket.Application/test_foo_de_DE", url.toString()); + assertEquals("resources/org.apache.wicket.Application/test_foo_de_DE.css", url.toString()); Session.get().setStyle("bar"); Session.get().setLocale(Locale.US); url = cycle.urlFor(rr); - assertEquals("resources/org.apache.wicket.Application/test_bar_en_US", url.toString()); + assertEquals("resources/org.apache.wicket.Application/test_bar_en_US.css", url.toString()); } /** http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java b/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java index e36aac5..0def5f2 100644 --- a/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java +++ b/wicket/src/test/java/org/apache/wicket/markup/html/SecurePackageResourceGuardTest.java @@ -24,12 +24,19 @@ import org.apache.wicket.WicketTestCase; */ public class SecurePackageResourceGuardTest extends WicketTestCase { + private SecurePackageResourceGuard newGuard() + { + SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + guard.getPattern().clear(); + return guard; + } + /** * */ public void test_accept() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+*.gif"); assertTrue(guard.accept(Application.class, "test.gif")); assertTrue(guard.accept(Application.class, "mydir/test.gif")); @@ -56,7 +63,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_acceptAbsolutePath() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+*.gif"); assertTrue(guard.acceptAbsolutePath("test.gif")); assertTrue(guard.acceptAbsolutePath("mydir/test.gif")); @@ -68,7 +75,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_fileOnly() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+**.gif"); guard.addPattern("+*.gif*"); guard.addPattern("+*.gi*"); @@ -94,7 +101,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_withDirectory() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+mydir/*/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -109,7 +116,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_1() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+mydir/**/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -124,7 +131,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_2() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+*my*dir*/*/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -142,7 +149,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_3() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+mydir**/*X/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -160,7 +167,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_4() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+mydir/**/xxx/**/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -186,7 +193,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_5() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+/**/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -202,7 +209,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_6() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+**/*.gif"); assertTrue(guard.acceptAbsolutePath("test.gif")); @@ -217,7 +224,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_7() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+*/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); @@ -232,7 +239,7 @@ public class SecurePackageResourceGuardTest extends WicketTestCase */ public void test_8() { - SecurePackageResourceGuard guard = new SecurePackageResourceGuard(); + SecurePackageResourceGuard guard = newGuard(); guard.addPattern("+/*/*.gif"); assertFalse(guard.acceptAbsolutePath("test.gif")); http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html b/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html index 9fb160b..409ff1e 100644 --- a/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html +++ b/wicket/src/test/java/org/apache/wicket/markup/html/link/AutolinkPageExpectedResult_2.html @@ -26,7 +26,7 @@ <a href="?wicket:bookmarkablePage=:org.apache.wicket.markup.html.link.subdir.Page1">Home</a> <link href="resources/org.apache.wicket.markup.html.link.AutolinkPage_2/test_myStyle.css"/> <a href="/root/test.html">Home</a> -<a href="org/apache/wicket/markup/html/link/Page1.html">Home</a> +<a href="?wicket:bookmarkablePage=:org.apache.wicket.markup.html.link.Page1">Home</a> <a href="http://www.google.com";>Google</a> </body> </html> http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java b/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java new file mode 100644 index 0000000..58fa3f0 --- /dev/null +++ b/wicket/src/test/java/org/apache/wicket/util/file/WebApplicationPathTest.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.util.file; + +import java.net.URL; + +import javax.servlet.ServletContext; + +import org.apache.wicket.util.resource.IResourceStream; +import org.junit.Assert; +import org.junit.Test; +import org.mockito.Matchers; +import org.mockito.Mockito; + +/** + * @since 1.5.5 + */ +public class WebApplicationPathTest extends Assert +{ + @Test + public void doNotServeResourcesFromWebInfEvenIfRootIsAdded() throws Exception + { + URL webUrl = new URL("file://dummyFile"); + + ServletContext context = Mockito.mock(ServletContext.class); + Class<String> scope = String.class; + Mockito.when(context.getResource(Matchers.any(scope))).thenReturn(webUrl); + + WebApplicationPath path = new WebApplicationPath(context); + path.addToWebPath("/"); + IResourceStream resourceStream = path.find(scope, "WEB-INF/web.xml"); + assertNull(resourceStream); + + IResourceStream resourceStreamWithLeadingSlash = path.find(scope, "/WEB-INF/web.xml"); + assertNull(resourceStreamWithLeadingSlash); + + IResourceStream otherResourceStream = path.find(scope, "any/other/resource"); + assertNotNull(otherResourceStream); + IResourceStream otherResourceStreamWithLeadingSlash = path.find(scope, + "/any/other/resource"); + assertNotNull(otherResourceStreamWithLeadingSlash); + + } +} http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java b/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java new file mode 100644 index 0000000..ba1eaa1 --- /dev/null +++ b/wicket/src/test/java/org/apache/wicket/util/lang/PackagesTest.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.wicket.util.lang; + +import org.junit.Assert; +import org.junit.Test; + +/** + * @since 1.4.20 + */ +public class PackagesTest extends Assert +{ + @Test + public void absolutePath1() throws Exception + { + String packageName = "org.apache.wicket.util.tester"; + String relativePath = "org/apache/wicket/util/tester/BlockedResourceLinkPage.html"; + + String absolutePath = Packages.absolutePath(packageName, relativePath); + assertEquals(relativePath, absolutePath); + } + + @Test + public void absolutePath2() throws Exception + { + String packageName = "org.apache.wicket.util"; + String relativePath = "tester/BlockedResourceLinkPage.html"; + + String absolutePath = Packages.absolutePath(packageName, relativePath); + assertEquals("org/apache/wicket/util/tester/BlockedResourceLinkPage.html", absolutePath); + } + + @Test + public void absolutePath3() throws Exception + { + String packageName = "org.apache.wicket.util"; + String relativePath = "wicket/BlockedResourceLinkPage.html"; + + String absolutePath = Packages.absolutePath(packageName, relativePath); + assertEquals("org/apache/wicket/util/wicket/BlockedResourceLinkPage.html", absolutePath); + } + + @Test + public void absolutePath4() throws Exception + { + String packageName = "org.apache.wicket.util"; + String relativePath = "../../BlockedResourceLinkPage.html"; + + String absolutePath = Packages.absolutePath(packageName, relativePath); + assertEquals("org/apache/BlockedResourceLinkPage.html", absolutePath); + } +} http://git-wip-us.apache.org/repos/asf/wicket/blob/aebab524/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java ---------------------------------------------------------------------- diff --git a/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java b/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java index 2679ccc..a2b22be 100644 --- a/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java +++ b/wicket/src/test/java/org/apache/wicket/util/tester/WicketTesterTest.java @@ -35,7 +35,6 @@ import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.ajax.markup.html.AjaxLink; import org.apache.wicket.authorization.Action; import org.apache.wicket.authorization.IAuthorizationStrategy; -import org.apache.wicket.markup.html.PackageResource.PackageResourceBlockedException; import org.apache.wicket.markup.html.WebPage; import org.apache.wicket.markup.html.basic.Label; import org.apache.wicket.markup.html.form.Button; @@ -432,7 +431,7 @@ public class WicketTesterTest extends TestCase } /** - * + * */ public void testAssertComponentOnAjaxResponse() { @@ -679,7 +678,7 @@ public class WicketTesterTest extends TestCase } /** - * + * */ public void testRedirectWithPageParameters() { @@ -705,16 +704,17 @@ public class WicketTesterTest extends TestCase */ public void testClickResourceLink() { - try - { - tester.startPage(BlockedResourceLinkPage.class); - fail("Accessing " + BlockedResourceLinkPage.class + " should have raised a " + - PackageResourceBlockedException.class); - } - catch (PackageResourceBlockedException e) - { - - } + /* + * With the changes in PackageResource that no longer check the resource guard in the + * constructor but in getResourceStream, this can no longer be tested with the 1.4 + * WicketTester + * + * try { tester.startPage(BlockedResourceLinkPage.class); fail("Accessing " + + * BlockedResourceLinkPage.class + " should have raised a " + + * PackageResourceBlockedException.class); } catch (PackageResourceBlockedException e) { + * + * } + */ tester.startPage(MockResourceLinkPage.class); tester.clickLink("link");
