This is an automated email from the ASF dual-hosted git repository. cziegeler pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push: new f29d8a8a4d FELIX-6688 - Context path of outer servlet container is not respected for authentication (#306) f29d8a8a4d is described below commit f29d8a8a4d1b9b8f4f4fec771207e34c4462603c Author: Sagar Miglani <85228812+sagarmigl...@users.noreply.github.com> AuthorDate: Wed Apr 10 12:31:10 2024 +0530 FELIX-6688 - Context path of outer servlet container is not respected for authentication (#306) Co-authored-by: Sagar Miglani <s...@adobe.com> --- .../webconsole/internal/servlet/OsgiManager.java | 2 +- .../internal/servlet/OsgiManagerHttpContext.java | 11 ++-- .../servlet/OsgiManagerHttpContextTest.java | 62 ++++++++++++++++++++++ 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java index 966e588c44..4f8b9fcf9c 100644 --- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java +++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java @@ -791,7 +791,7 @@ public class OsgiManager extends HttpServlet { } if (this.servletContextRegistration == null) { - final ServletContextHelper httpContext = new OsgiManagerHttpContext(this.bundleContext.getBundle(), securityProviderTracker); + final ServletContextHelper httpContext = new OsgiManagerHttpContext(this.bundleContext.getBundle(), securityProviderTracker, this.webManagerRoot); final Dictionary<String, Object> props = new Hashtable<>(); if (httpServiceSelector != null) { props.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_TARGET, httpServiceSelector); diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java index bbf104baa4..c5fcc5f95b 100644 --- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java +++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java @@ -35,11 +35,14 @@ final class OsgiManagerHttpContext extends ServletContextHelper { private final Bundle bundle; + private final String webManagerRoot; + OsgiManagerHttpContext(final Bundle webConsoleBundle, - final ServiceTracker<SecurityProvider, SecurityProvider> tracker) { + final ServiceTracker<SecurityProvider, SecurityProvider> tracker, final String webManagerRoot) { super(webConsoleBundle); this.tracker = tracker; this.bundle = webConsoleBundle; + this.webManagerRoot = webManagerRoot; } public URL getResource(final String name) { @@ -60,12 +63,14 @@ final class OsgiManagerHttpContext extends ServletContextHelper { @Override public String getContextPath() { - return ""; + int managerRootIndex = r.getContextPath().lastIndexOf(webManagerRoot); + return r.getContextPath().substring(0, managerRootIndex); } @Override public String getServletPath() { - return r.getContextPath(); + int managerRootIndex = r.getContextPath().lastIndexOf(webManagerRoot); + return r.getContextPath().substring(managerRootIndex); } @Override diff --git a/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java b/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java new file mode 100644 index 0000000000..cb40c490bf --- /dev/null +++ b/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.felix.webconsole.internal.servlet; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.apache.felix.webconsole.spi.SecurityProvider; +import org.junit.Test; +import org.mockito.ArgumentCaptor; +import org.mockito.Mockito; +import org.osgi.framework.Bundle; +import org.osgi.util.tracker.ServiceTracker; + +import static org.junit.Assert.assertEquals; + +public class OsgiManagerHttpContextTest { + + @Test + public void testPathsInHandleSecurity() throws Exception { + + Bundle bundle = Mockito.mock(Bundle.class); + SecurityProvider provider = Mockito.mock(SecurityProvider.class); + ServiceTracker<SecurityProvider, SecurityProvider> tracker = Mockito.mock(ServiceTracker.class); + Mockito.when(tracker.getService()).thenReturn(provider); + + OsgiManagerHttpContext ctx = new OsgiManagerHttpContext(bundle, tracker, "/system/console"); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + Mockito.when(request.getContextPath()).thenReturn("/ctx/path/system/console"); + Mockito.when(request.getServletPath()).thenReturn("/bin/servlet"); + + + ctx.handleSecurity(request, response); + + ArgumentCaptor<HttpServletRequest> authenticationRequest = ArgumentCaptor.forClass(HttpServletRequest.class); + ArgumentCaptor<HttpServletResponse> authenticationResponse = ArgumentCaptor.forClass(HttpServletResponse.class); + Mockito.verify(provider, Mockito.times(1)).authenticate(authenticationRequest.capture(), authenticationResponse.capture()); + + assertEquals("/ctx/path", authenticationRequest.getValue().getContextPath()); + assertEquals("/system/console", authenticationRequest.getValue().getServletPath()); + assertEquals("/bin/servlet", authenticationRequest.getValue().getPathInfo()); + assertEquals(response, authenticationResponse.getValue()); + } + +}