@Before public void setUp() throws Exception { aggregationState = mock(AggregationState.class); Provider<AggregationState> aggregationStateProvider = mock(Provider.class); when(aggregationStateProvider.get()).thenReturn(aggregationState); voter = new RequestExtensionVoter(aggregationStateProvider); ctx = (MockWebContext) MockUtil.initMockContext(); request = new MockHttpServletRequest(); request.setRequestURI("/file"); ctx.setRequest(request); MgnlContext.setInstance(ctx); }
@Test public void filterRestrictedToKnownExtensionsOnlyWithKnownRequestExtension() throws IOException, ServletException { //GIVEN filter.setRegisteredExtensionsOnly(true); MockHttpServletRequest request = new MockHttpServletRequest(); String knownExtension = "foo"; request.setRequestURI("/magnoliaAuthor/some/path." + knownExtension); MockWebContext webContext = (MockWebContext) MgnlContext.getWebContext(); webContext.setContextPath("/magnoliaAuthor"); webContext.setRequest(request); webContext.setResponse(response); //WHEN filter.doFilter(request, response, mock(FilterChain.class)); //THEN verify(response, never()).sendError(HttpServletResponse.SC_BAD_REQUEST, String.format("Unsupported extension=%1$s.", knownExtension)); verify(response).setCharacterEncoding(MIMEMapping.DEFAULT_CHAR_ENCODING); }
@Test public void testGetOriginalRequestUriStripsPathParameter() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/foo/bar.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); String originalRequestURI = ServletUtil.getOriginalRequestURI(mock); assertEquals("/foo/bar.html", originalRequestURI); }
@Test public void testGetOriginalRequestUri() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/some/path/and/some.file"); assertEquals("/some/path/and/some.file", ServletUtil.getOriginalRequestURI(mock)); mock.setAttribute(ServletUtil.FORWARD_REQUEST_URI_ATTRIBUTE, mock.getRequestURI()); mock.setRequestURI("/forwarded/to/test/path"); assertEquals("/some/path/and/some.file", ServletUtil.getOriginalRequestURI(mock)); }
@Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { assertEquals("/magnoliaAuthor/mapping/test.html", req.getRequestURI()); assertEquals("/magnoliaAuthor", req.getContextPath()); assertEquals("/mapping", req.getServletPath()); assertEquals("/test.html", req.getPathInfo()); assertEquals(null, req.getQueryString()); // simulate a forward MockHttpServletRequest mock = ServletUtils.getWrappedRequest(req, MockHttpServletRequest.class); mock.setRequestURI("/magnoliaAuthor/.magnolia/somepage.html"); mock.setContextPath("/magnoliaAuthor"); mock.setServletPath(""); mock.setPathInfo("/.magnolia/somepage.html"); // test that the ServletDispatcherFitler wrapper lets the new values through assertEquals("/magnoliaAuthor/.magnolia/somepage.html", req.getRequestURI()); assertEquals("/magnoliaAuthor", req.getContextPath()); assertEquals("", req.getServletPath()); assertEquals("/.magnolia/somepage.html", req.getPathInfo()); assertEquals(null, req.getQueryString()); } }
@Test public void filterRestrictedToKnownExtensionsOnlyWithUnknownRequestExtension() throws IOException, ServletException { //GIVEN filter.setRegisteredExtensionsOnly(true); MockHttpServletRequest request = new MockHttpServletRequest(); String unknownExtension = "blabla"; request.setRequestURI("/magnoliaAuthor/some/path." + unknownExtension); MockWebContext webContext = (MockWebContext) MgnlContext.getWebContext(); webContext.setContextPath("/magnoliaAuthor"); webContext.setRequest(request); webContext.setResponse(response); //WHEN filter.doFilter(request, response, mock(FilterChain.class)); //THEN verify(response).sendError(HttpServletResponse.SC_BAD_REQUEST, String.format("Unsupported extension=%1$s.", unknownExtension)); }
@Test public void testGetRequestUriStripsPathParameter() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/foo/bar.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); String requestUri = ServletUtil.getRequestUri(mock); assertEquals("/foo/bar.html", requestUri); }
@Test public void filterSetToNotCrosscheckMimeTypeWithWrongMimeType() throws IOException, ServletException { //GIVEN filter.setValidateContentType(false); MockHttpServletRequest request = new MockHttpServletRequest(); String knownExtension = "foo"; String wrongMimeType = "mime/bar"; request.setRequestURI("/magnoliaAuthor/some/path." + knownExtension); MockWebContext webContext = (MockWebContext) MgnlContext.getWebContext(); webContext.setContextPath("/magnoliaAuthor"); webContext.setRequest(request); webContext.setResponse(response); FilterChain chain = new ContentTypeChangingFilterChain(wrongMimeType); //WHEN filter.doFilter(request, response, chain); //THEN verify(response, never()).sendError(HttpServletResponse.SC_BAD_REQUEST, String.format("Invalid Content-Type for given extension=%1$s.", wrongMimeType)); }
@Test public void testGetOriginalRequestUriStripsPathParameterInForwardRequest() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/foo/bar/forward.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); mock.setAttribute(ServletUtil.FORWARD_REQUEST_URI_ATTRIBUTE, "/foo/bar.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); String originalRequestURI = ServletUtil.getOriginalRequestURI(mock); assertEquals("/foo/bar.html", originalRequestURI); }
@Test public void hasPercentSymbolInUrlDoesNotThrowExceptionAndReturnsError400() throws Exception { // GIVEN String url = "http://example.com/page.html?test=%"; MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI(StringUtils.substringBefore(url, "?")); request.setRequestURL(url); MockHttpServletResponse response = new MockHttpServletResponse(); // WHEN filter.doFilter(request, response, new FilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { } }); // THEN assertThat("URL is malformed and we expect that error 400 Bad request is send back in response.", response.getErrorCode(), equalTo(400)); }
@Test public void testGetRequestUriStripsPathParameterInIncludeRequest() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/foo/bar.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); mock.setAttribute(ServletUtil.INCLUDE_REQUEST_URI_ATTRIBUTE, "/foo/bar/include.html;jsessionid=EC910C89AE7B9E9A0CF7DF79622EEC74"); String requestUri = ServletUtil.getRequestUri(mock); assertEquals("/foo/bar/include.html", requestUri); }
@Test public void eTagDoesNotContainJSessionIdNorFilename() throws IOException, ServletException { // GIVEN final String filename = "dummy.txt"; final RangeSupportFilter filter = new RangeSupportFilter(); final FilterChain chain = new FilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { response.getOutputStream().println("dummy string"); } }; final MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.setRequestURI(String.format("/some/path/%s;JSESSIONID=EE3DB6042B1B57AD55C2633428F44496", filename)); request.setHeader("Range", "bytes=0-56000"); final MockHttpServletResponse response = new MockHttpServletResponse(); // WHEN filter.doFilter(request, response, chain); // THEN assertThat(response.getHeader("ETag"), not(containsString("JSESSIONID"))); assertThat(response.getHeader("ETag"), not(containsString(filename))); }
@Test public void filterSetToCrosscheckMimeTypeWithWrongMimeType() throws IOException, ServletException { //GIVEN filter.setValidateContentType(true); MockHttpServletRequest request = new MockHttpServletRequest(); String knownExtension = "foo"; String wrongMimeType = "mime/bar"; request.setRequestURI("/magnoliaAuthor/some/path." + knownExtension); MockWebContext webContext = (MockWebContext) MgnlContext.getWebContext(); webContext.setContextPath("/magnoliaAuthor"); webContext.setRequest(request); webContext.setResponse(response); FilterChain chain = new ContentTypeChangingFilterChain(wrongMimeType); //WHEN filter.doFilter(request, response, chain); //THEN verify(response).sendError(HttpServletResponse.SC_BAD_REQUEST, String.format("Invalid Content-Type for given extension=%1$s.", wrongMimeType)); }
@Test public void testIgnoresJSessionIdInRequestUri() { // GIVEN MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/.magnolia/admincentral;jsessionid=EE3DB6042B1B57AD55C2633428F44496"); URIPatternVoter voter = new URIPatternVoter(); voter.setPattern("/.magnolia/admincentral"); // WHEN int vote = voter.vote(request); // THEN assertEquals(1, vote); } }
@Test public void testGetContextRelativePath() { // GIVEN MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/context/servlet/path"); mock.setServletPath("/servlet"); mock.setContextPath("/context"); mock.setPathInfo("/path"); // WHEN String contextRelativePath = ServletUtil.getContextRelativePath(mock); // THEN assertEquals("/servlet/path", contextRelativePath); }
@Test public void testGetRequestUriStripsJSessionId() { // GIVEN MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/.magnolia/admincentral;jsessionid=EE3DB6042B1B57AD55C2633428F44496"); MockWebContext context = new MockWebContext(); context.setRequest(request); RequestAttributeStrategy strategy = new RequestAttributeStrategy(context); // WHEN String requestUri = (String) strategy.getAttribute(WebContext.ATTRIBUTE_REQUEST_URI, WebContext.LOCAL_SCOPE); // THEN assertEquals("/.magnolia/admincentral", requestUri); } }
@Test public void matchesWhenJSessionIdInRequestUri() { // GIVEN Mapping mapping = new Mapping(); mapping.addMapping("/.magnolia/admincentral"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/magnoliaAuthor/.magnolia/admincentral;jsessionid=EE3DB6042B1B57AD55C2633428F44496"); request.setContextPath("/magnoliaAuthor"); MgnlContext.setInstance(null); // WHEN boolean matching = mapping.match(request).isMatching(); // THEN assertTrue(matching); }
@Test public void shouldNotMatchDotRegexMetacharacter() { // GIVEN Mapping mapping = new Mapping(); mapping.addMapping("/.magnolia/admincentral"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setRequestURI("/magnoliaAuthor/amagnolia/admincentral"); request.setContextPath("/magnoliaAuthor"); MgnlContext.setInstance(null); // WHEN boolean matching = mapping.match(request).isMatching(); // THEN assertFalse(matching); } }
@Test public void testGetContextRelativePathInIncludeRequest() { // GIVEN MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURI("/context/servlet/path"); mock.setServletPath("/servlet"); mock.setContextPath("/context"); mock.setPathInfo("/path"); mock.setAttribute(ServletUtil.INCLUDE_REQUEST_URI_ATTRIBUTE, "/context/include/path"); mock.setAttribute(ServletUtil.INCLUDE_CONTEXT_PATH_ATTRIBUTE, "/context"); // WHEN String contextRelativePath = ServletUtil.getContextRelativePath(mock); // THEN assertEquals("/include/path", contextRelativePath); }
@Test public void testGetOriginalRequestUrlIncludingQueryString() { MockHttpServletRequest mock = new MockHttpServletRequest(); mock.setRequestURL("http://some.domain/foo/bar.html"); mock.setRequestURI("/foo/bar.html"); mock.setQueryString("a=5&b=6"); assertEquals("http://some.domain/foo/bar.html?a=5&b=6", ServletUtil.getOriginalRequestURLIncludingQueryString(mock)); mock.setAttribute(ServletUtil.FORWARD_REQUEST_URI_ATTRIBUTE, mock.getRequestURI()); mock.setAttribute(ServletUtil.FORWARD_QUERY_STRING_ATTRIBUTE, mock.getQueryString()); mock.setScheme("http"); mock.setServerName("some.domain"); mock.setServerPort(80); mock.setRequestURL("/forwarded/to/test/path"); mock.setQueryString("qwerty=yes"); assertEquals("http://some.domain/foo/bar.html?a=5&b=6", ServletUtil.getOriginalRequestURLIncludingQueryString(mock)); mock.setServerPort(8080); assertEquals("http://some.domain:8080/foo/bar.html?a=5&b=6", ServletUtil.getOriginalRequestURLIncludingQueryString(mock)); }