From cada28e8cfc0d5b561829296977af8b29b84ad48 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Fri, 5 Apr 2013 16:32:51 +1100 Subject: 404325 data constraint redirection does send default port --- .../jetty/security/ConstraintSecurityHandler.java | 15 ++++-- .../org/eclipse/jetty/security/ConstraintTest.java | 57 ++++++++++++++++++++-- 2 files changed, 64 insertions(+), 8 deletions(-) (limited to 'jetty-security/src') diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java index 8132aae67d..a7515cc274 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java @@ -29,6 +29,7 @@ import java.util.Set; import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CopyOnWriteArraySet; +import org.eclipse.jetty.http.HttpSchemes; import org.eclipse.jetty.http.PathMap; import org.eclipse.jetty.server.AbstractHttpConnection; import org.eclipse.jetty.server.Connector; @@ -365,7 +366,11 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr return true; if (connector.getIntegralPort() > 0) { - String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI(); + String scheme=connector.getIntegralScheme(); + int port=connector.getIntegralPort(); + String url = (HttpSchemes.HTTPS.equalsIgnoreCase(scheme) && port==443) + ? "https://"+request.getServerName()+request.getRequestURI() + : scheme + "://" + request.getServerName() + ":" + port + request.getRequestURI(); if (request.getQueryString() != null) url += "?" + request.getQueryString(); response.setContentLength(0); @@ -384,11 +389,13 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr if (connector.getConfidentialPort() > 0) { - String url = connector.getConfidentialScheme() + "://" + request.getServerName() + ":" + connector.getConfidentialPort() - + request.getRequestURI(); + String scheme=connector.getConfidentialScheme(); + int port=connector.getConfidentialPort(); + String url = (HttpSchemes.HTTPS.equalsIgnoreCase(scheme) && port==443) + ? "https://"+request.getServerName()+request.getRequestURI() + : scheme + "://" + request.getServerName() + ":" + port + request.getRequestURI(); if (request.getQueryString() != null) url += "?" + request.getQueryString(); - response.setContentLength(0); response.sendRedirect(url); } diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index d466a466d4..6ed2800f6e 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -138,7 +138,14 @@ public class ConstraintTest mapping5.setPathSpec("/forbid/post"); mapping5.setConstraint(constraint5); mapping5.setMethod("POST"); - + + Constraint constraint6 = new Constraint(); + constraint6.setAuthenticate(false); + constraint6.setName("data constraint"); + constraint6.setDataConstraint(2); + ConstraintMapping mapping6 = new ConstraintMapping(); + mapping6.setPathSpec("/data/*"); + mapping6.setConstraint(constraint6); Set knownRoles=new HashSet(); knownRoles.add("user"); @@ -146,7 +153,7 @@ public class ConstraintTest _security.setConstraintMappings(Arrays.asList(new ConstraintMapping[] { - mapping0, mapping1, mapping2, mapping3, mapping4, mapping5 + mapping0, mapping1, mapping2, mapping3, mapping4, mapping5,mapping6 }), knownRoles); } @@ -668,9 +675,9 @@ public class ConstraintTest response = _connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); assertTrue(response.startsWith("HTTP/1.1 403 Forbidden")); - response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); + response = _connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\nHost:wibble.com:8888\r\n\r\n"); assertTrue(response.indexOf(" 302 Found") > 0); - assertTrue(response.indexOf("/ctx/testLoginPage") > 0); + assertTrue(response.indexOf("http://wibble.com:8888/ctx/testLoginPage") > 0); String session = response.substring(response.indexOf("JSESSIONID=") + 11, response.indexOf(";Path=/ctx")); @@ -766,6 +773,48 @@ public class ConstraintTest assertTrue(response.startsWith("HTTP/1.1 200 OK")); } + + + @Test + public void testDataRedirection() throws Exception + { + _security.setAuthenticator(new BasicAuthenticator()); + _server.start(); + + String response; + + response = _connector.getResponses("GET /ctx/data/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 403")); + + _connector.setConfidentialPort(8443); + _connector.setConfidentialScheme("https"); + + response = _connector.getResponses("GET /ctx/data/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 302 Found")); + assertTrue(response.indexOf("Location") > 0); + assertTrue(response.indexOf(":8443/ctx/data/info") > 0); + + _connector.setConfidentialPort(443); + response = _connector.getResponses("GET /ctx/data/info HTTP/1.0\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 302 Found")); + assertTrue(response.indexOf("Location") > 0); + assertTrue(response.indexOf(":443/ctx/data/info") < 0); + + _connector.setConfidentialPort(8443); + response = _connector.getResponses("GET /ctx/data/info HTTP/1.0\r\nHost: wobble.com\r\n\r\n"); + assertTrue(response.startsWith("HTTP/1.1 302 Found")); + assertTrue(response.indexOf("Location") > 0); + assertTrue(response.indexOf("https://wobble.com:8443/ctx/data/info") > 0); + + _connector.setConfidentialPort(443); + response = _connector.getResponses("GET /ctx/data/info HTTP/1.0\r\nHost: wobble.com\r\n\r\n"); + System.err.println(response); + assertTrue(response.startsWith("HTTP/1.1 302 Found")); + assertTrue(response.indexOf("Location") > 0); + assertTrue(response.indexOf(":443") < 0); + assertTrue(response.indexOf("https://wobble.com/ctx/data/info") > 0); + } + @Test public void testRoleRef() throws Exception { -- cgit v1.2.3