Fixes Issue ocpsoft#111 - Container based security broken when Rewrit…

…e is installed
patsonluk · Jun 21, 2013 · 92e67ee · 92e67ee
1 parent 11b29fb
commit 92e67ee
Show file tree

Hide file tree

Showing 7 changed files with 160 additions and 3 deletions.
diff --git a/...vlet-tests/src/test/java/org/ocpsoft/rewrite/servlet/container/ContainerSecurityTest.java b/...vlet-tests/src/test/java/org/ocpsoft/rewrite/servlet/container/ContainerSecurityTest.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2011 <a href="mailto:[email protected]">Lincoln Baxter, III</a>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ocpsoft.rewrite.servlet.container;
+
+import junit.framework.Assert;
+
+import org.apache.http.client.methods.HttpGet;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ocpsoft.rewrite.config.ConfigurationProvider;
+import org.ocpsoft.rewrite.servlet.ServletRoot;
+import org.ocpsoft.rewrite.test.HttpAction;
+import org.ocpsoft.rewrite.test.RewriteTest;
+
+/**
+ * @author <a href="mailto:[email protected]">Lincoln Baxter, III</a>
+ */
+@RunWith(Arquillian.class)
+public class ContainerSecurityTest extends RewriteTest
+{
+   @Deployment(testable = false)
+   public static WebArchive getDeployment()
+   {
+      WebArchive deployment = RewriteTest.getDeployment()
+               .addPackages(true, ServletRoot.class.getPackage())
+               .addAsWebInfResource("org/ocpsoft/rewrite/servlet/container/web.xml")
+               .addAsWebResource("org/ocpsoft/rewrite/servlet/container/login.html")
+               .addAsWebResource("org/ocpsoft/rewrite/servlet/container/login-fail.html")
+               .addAsWebResource("org/ocpsoft/rewrite/servlet/container/home.html", "/user/home.html")
+               .addAsServiceProvider(ConfigurationProvider.class, ContainerSecurityTestProvider.class);
+
+      System.out.println(deployment.toString(true));
+
+      return deployment;
+   }
+
+   @Test
+   public void testContainerSecurityFunctionsWithRewriteJoin() throws Exception
+   {
+      HttpAction<HttpGet> action = get("/user/home");
+      Assert.assertEquals(200, action.getResponse().getStatusLine().getStatusCode());
+      Assert.assertTrue(action.getResponseContent().contains("LOGIN PAGE"));
+   }
+
+   @Test
+   public void testContainerSecurityFunctionsWithRewriteUnHandled() throws Exception
+   {
+      HttpAction<HttpGet> action = get("/user/x");
+      Assert.assertEquals(200, action.getResponse().getStatusLine().getStatusCode());
+      Assert.assertTrue(action.getResponseContent().contains("LOGIN PAGE"));
+   }
+}
diff --git a/...ts/src/test/java/org/ocpsoft/rewrite/servlet/container/ContainerSecurityTestProvider.java b/...ts/src/test/java/org/ocpsoft/rewrite/servlet/container/ContainerSecurityTestProvider.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2011 <a href="mailto:[email protected]">Lincoln Baxter, III</a>
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ocpsoft.rewrite.servlet.container;
+
+import javax.servlet.ServletContext;
+
+import org.ocpsoft.rewrite.config.Configuration;
+import org.ocpsoft.rewrite.config.ConfigurationBuilder;
+import org.ocpsoft.rewrite.servlet.config.HttpConfigurationProvider;
+import org.ocpsoft.rewrite.servlet.config.rule.Join;
+
+/**
+ * @author <a href="mailto:[email protected]">Lincoln Baxter, III</a>
+ * 
+ */
+public class ContainerSecurityTestProvider extends HttpConfigurationProvider
+{
+   @Override
+   public int priority()
+   {
+      return 0;
+   }
+
+   @Override
+   public Configuration getConfiguration(final ServletContext context)
+   {
+      Configuration config = ConfigurationBuilder.begin()
+               .addRule(Join.path("/user/home").to("/user/home.html"));
+
+      return config;
+   }
+
+}
diff --git a/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/home.html b/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/home.html
@@ -0,0 +1 @@
+USER HOME
diff --git a/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/login-fail.html b/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/login-fail.html
@@ -0,0 +1 @@
+LOGIN FAIL
diff --git a/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/login.html b/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/login.html
@@ -0,0 +1 @@
+LOGIN PAGE
diff --git a/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/web.xml b/impl-servlet-tests/src/test/resources/org/ocpsoft/rewrite/servlet/container/web.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
+
+	<security-role>
+		<description>Administrators</description>
+		<role-name>admin</role-name>
+	</security-role>
+	<security-role>
+		<description>Users</description>
+		<role-name>user</role-name>
+	</security-role>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>General</web-resource-name>
+			<url-pattern>/user/*</url-pattern>
+			<http-method>DELETE</http-method>
+			<http-method>GET</http-method>
+			<http-method>POST</http-method>
+			<http-method>PUT</http-method>
+			<http-method>HEAD</http-method>
+			<http-method>TRACE</http-method>
+			<http-method>OPTIONS</http-method>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>user</role-name>
+		</auth-constraint>
+		<user-data-constraint>
+			<transport-guarantee>NONE</transport-guarantee>
+		</user-data-constraint>
+	</security-constraint>
+
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/login.html</form-login-page>
+			<form-error-page>/login-fail.html</form-error-page>
+		</form-login-config>
+	</login-config>
+</web-app>
diff --git a/impl-servlet/src/main/java/org/ocpsoft/rewrite/servlet/impl/HttpRewriteWrappedRequest.java b/impl-servlet/src/main/java/org/ocpsoft/rewrite/servlet/impl/HttpRewriteWrappedRequest.java
@@ -21,7 +21,6 @@
 import java.util.Map;
 import java.util.TreeMap;
 
-import javax.servlet.ServletRequestWrapper;
 import javax.servlet.http.HttpServletRequest;
 
 import org.ocpsoft.rewrite.servlet.RewriteWrappedRequest;
@@ -41,8 +40,7 @@ public class HttpRewriteWrappedRequest extends RewriteWrappedRequest
     */
    public HttpRewriteWrappedRequest(final HttpServletRequest request, final Map<String, String[]> additionalParams)
    {
-      super((HttpServletRequest) (request instanceof ServletRequestWrapper ? ((ServletRequestWrapper) request)
-               .getRequest() : request));
+      super(request);
 
       modifiableParameters = new TreeMap<String, String[]>();
       modifiableParameters.putAll(additionalParams);