diff options
author | Joakim Erdfelt | 2013-01-09 22:22:32 +0000 |
---|---|---|
committer | Joakim Erdfelt | 2013-01-09 22:22:32 +0000 |
commit | 7a3b440a62380411ac140bede2a61b47407b676f (patch) | |
tree | 38662bd81b974e8cc58e2de1cca56c20ae7c0efd | |
parent | 64ed66db8b984f3157eaebca95822a3771a95682 (diff) | |
download | org.eclipse.jetty.project-7a3b440a62380411ac140bede2a61b47407b676f.tar.gz org.eclipse.jetty.project-7a3b440a62380411ac140bede2a61b47407b676f.tar.xz org.eclipse.jetty.project-7a3b440a62380411ac140bede2a61b47407b676f.zip |
Refactoring Jsp + DefaultServlet + Resource Aliasing test cases
-rw-r--r-- | tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithAliasesTest.java | 189 | ||||
-rw-r--r-- | tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java (renamed from tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspMatchingTest.java) | 159 |
2 files changed, 250 insertions, 98 deletions
diff --git a/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithAliasesTest.java b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithAliasesTest.java new file mode 100644 index 0000000000..301141ac1c --- /dev/null +++ b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithAliasesTest.java @@ -0,0 +1,189 @@ +// +// ======================================================================== +// Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.test.jsp; + +import static org.hamcrest.Matchers.*; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.URI; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.apache.jasper.servlet.JspServlet; +import org.eclipse.jetty.security.HashLoginService; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.nio.SelectChannelConnector; +import org.eclipse.jetty.servlet.DefaultServlet; +import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.toolchain.test.MavenTestingUtils; +import org.eclipse.jetty.util.IO; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; + +/** + * Test various paths for JSP resources that tickle various java.io.File bugs to get around the JspServlet matching, that then flows to the DefaultServlet to be + * served as source files. + */ +@Ignore("Disabled till greg can look at it") +@RunWith(Parameterized.class) +public class JspAndDefaultWithAliasesTest +{ + private static final Logger LOG = Log.getLogger(JspAndDefaultWithAliasesTest.class); + private static Server server; + private static URI serverURI; + + @Parameters + public static Collection<String[]> data() + { + List<String[]> data = new ArrayList<String[]>(); + + // @formatter:off + data.add(new String[] { "/dump.jsp" }); + data.add(new String[] { "/dump.jsp%00" }); + data.add(new String[] { "/dump.jsp%00x" }); + data.add(new String[] { "/dump.jsp%00/" }); + data.add(new String[] { "/dump.jsp%00x/" }); + data.add(new String[] { "/dump.jsp%00x/dump.jsp" }); + data.add(new String[] { "/dump.jsp%00/dump.jsp" }); + data.add(new String[] { "/dump.jsp%00/index.html" }); + // @formatter:on + + return data; + } + + @BeforeClass + public static void startServer() throws Exception + { + server = new Server(); + SelectChannelConnector connector = new SelectChannelConnector(); + connector.setPort(0); + server.addConnector(connector); + + // Configure LoginService + HashLoginService login = new HashLoginService(); + login.setName("Test Realm"); + File realmFile = MavenTestingUtils.getTestResourceFile("realm.properties"); + login.setConfig(realmFile.getAbsolutePath()); + server.addBean(login); + + // Configure WebApp + ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); + context.setContextPath("/"); + File webappBase = MavenTestingUtils.getTestResourceDir("docroots/jsp"); + context.setResourceBase(webappBase.getAbsolutePath()); + context.setClassLoader(Thread.currentThread().getContextClassLoader()); + + // add default servlet + ServletHolder defaultServHolder = context.addServlet(DefaultServlet.class,"/"); + defaultServHolder.setInitParameter("aliases","true"); // important! must be TRUE + + // add jsp + ServletHolder jsp = context.addServlet(JspServlet.class,"*.jsp"); + jsp.setInitParameter("classpath",context.getClassPath()); + + // add context + server.setHandler(context); + + server.start(); + + serverURI = new URI("http://localhost:" + connector.getLocalPort() + "/"); + } + + @AfterClass + public static void stopServer() throws Exception + { + server.stop(); + } + + private String path; + + public JspAndDefaultWithAliasesTest(String encodedRequestPath) + { + LOG.info("Path \"" + encodedRequestPath + "\""); + this.path = encodedRequestPath; + } + + private void assertProcessedByJspServlet(HttpURLConnection conn) throws IOException + { + // make sure that jsp actually ran, and didn't just get passed onto + // the default servlet to return the jsp source + String body = getResponseBody(conn); + Assert.assertThat("Body",body,not(containsString("<%@"))); + Assert.assertThat("Body",body,not(containsString("<jsp:"))); + } + + private void assertResponse(HttpURLConnection conn) throws IOException + { + if (conn.getResponseCode() == 200) + { + // Serving content is allowed, but it better be the processed JspServlet + assertProcessedByJspServlet(conn); + return; + } + + // Of other possible paths, only 404 Not Found is expected + Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); + } + + @Test + public void testGetReference() throws Exception + { + URI uri = serverURI.resolve(path); + + HttpURLConnection conn = null; + try + { + conn = (HttpURLConnection)uri.toURL().openConnection(); + conn.setConnectTimeout(1000); + conn.setReadTimeout(1000); + assertResponse(conn); + } + finally + { + conn.disconnect(); + } + } + + protected String getResponseBody(HttpURLConnection conn) throws IOException + { + InputStream in = null; + try + { + in = conn.getInputStream(); + return IO.toString(in); + } + finally + { + IO.close(in); + } + } +} diff --git a/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspMatchingTest.java b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java index d5c19ae9fd..9f20d3a73d 100644 --- a/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspMatchingTest.java +++ b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java @@ -25,8 +25,9 @@ import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URI; -import java.net.URL; -import java.net.URLClassLoader; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; import org.apache.jasper.servlet.JspServlet; import org.eclipse.jetty.security.HashLoginService; @@ -37,18 +38,46 @@ import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.toolchain.test.MavenTestingUtils; import org.eclipse.jetty.util.IO; -import org.eclipse.jetty.util.Loader; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; -import org.junit.Ignore; import org.junit.Test; - -public class JspMatchingTest +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; + +/** + * Test various paths for JSP resources that tickle various java.io.File bugs to get around the JspServlet matching, that then flows to the DefaultServlet to be + * served as source files. + */ +@RunWith(Parameterized.class) +public class JspAndDefaultWithoutAliasesTest { + private static final Logger LOG = Log.getLogger(JspAndDefaultWithAliasesTest.class); private static Server server; private static URI serverURI; + @Parameters + public static Collection<Object[]> data() + { + List<Object[]> data = new ArrayList<Object[]>(); + + // @formatter:off + data.add(new Object[] { "/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00" }); + data.add(new Object[] { "/dump.jsp%00x" }); + data.add(new Object[] { "/dump.jsp%00/" }); + data.add(new Object[] { "/dump.jsp%00x/" }); + data.add(new Object[] { "/dump.jsp%00x/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00/index.html" }); + // @formatter:on + + return data; + } + @BeforeClass public static void startServer() throws Exception { @@ -69,18 +98,15 @@ public class JspMatchingTest context.setContextPath("/"); File webappBase = MavenTestingUtils.getTestResourceDir("docroots/jsp"); context.setResourceBase(webappBase.getAbsolutePath()); - URLClassLoader contextLoader = new URLClassLoader(new URL[]{}, Server.class.getClassLoader()); - context.setClassLoader(contextLoader); - + context.setClassLoader(Thread.currentThread().getContextClassLoader()); // add default servlet ServletHolder defaultServHolder = context.addServlet(DefaultServlet.class,"/"); - defaultServHolder.setInitParameter("aliases","false"); // important! + defaultServHolder.setInitParameter("aliases","false"); // important! must be FALSE // add jsp ServletHolder jsp = context.addServlet(JspServlet.class,"*.jsp"); - context.setAttribute("org.apache.catalina.jsp_classpath", context.getClassPath()); - jsp.setInitParameter("com.sun.appserv.jsp.classpath", Loader.getClassPath(Server.class.getClassLoader())); + jsp.setInitParameter("classpath",context.getClassPath()); // add context server.setHandler(context); @@ -88,7 +114,6 @@ public class JspMatchingTest server.start(); serverURI = new URI("http://localhost:" + connector.getLocalPort() + "/"); - } @AfterClass @@ -97,97 +122,40 @@ public class JspMatchingTest server.stop(); } - @Test - public void testGetBeanRef() throws Exception + private String path; + + public JspAndDefaultWithoutAliasesTest(String encodedRequestPath) { - - URI uri = serverURI.resolve("/dump.jsp"); - - HttpURLConnection conn = null; - try - { - conn = (HttpURLConnection)uri.toURL().openConnection(); - conn.setConnectTimeout(5000); - conn.setReadTimeout(5000); - Assert.assertThat(conn.getResponseCode(),is(200)); - - // make sure that jsp actually ran, and didn't just get passed onto - // the default servlet to return the jsp source - String body = getResponseBody(conn); - Assert.assertThat("Body",body,not(containsString("<%@"))); - Assert.assertThat("Body",body,not(containsString("<jsp:"))); - } - finally - { - close(conn); - } + LOG.info("Path \"" + encodedRequestPath + "\""); + this.path = encodedRequestPath; } - - @Test - public void testGetBeanRefInvalid_null() throws Exception + + private void assertProcessedByJspServlet(HttpURLConnection conn) throws IOException { - - URI uri = serverURI.resolve("/dump.jsp%00"); - - HttpURLConnection conn = null; - try - { - conn = (HttpURLConnection)uri.toURL().openConnection(); - conn.setConnectTimeout(1000); - conn.setReadTimeout(1000); - Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); - } - finally - { - close(conn); - } + // make sure that jsp actually ran, and didn't just get passed onto + // the default servlet to return the jsp source + String body = getResponseBody(conn); + Assert.assertThat("Body",body,not(containsString("<%@"))); + Assert.assertThat("Body",body,not(containsString("<jsp:"))); } - @Test - public void testGetBeanRefInvalid_nullx() throws Exception + private void assertResponse(HttpURLConnection conn) throws IOException { - - URI uri = serverURI.resolve("/dump.jsp%00x"); - - HttpURLConnection conn = null; - try + if (conn.getResponseCode() == 200) { - conn = (HttpURLConnection)uri.toURL().openConnection(); - conn.setConnectTimeout(1000); - conn.setReadTimeout(1000); - Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); + // Serving content is allowed, but it better be the processed JspServlet + assertProcessedByJspServlet(conn); + return; } - finally - { - close(conn); - } - } - - @Test - public void testGetBeanRefInvalid_nullslash() throws Exception - { - URI uri = serverURI.resolve("/dump.jsp%00/"); - - HttpURLConnection conn = null; - try - { - conn = (HttpURLConnection)uri.toURL().openConnection(); - conn.setConnectTimeout(1000); - conn.setReadTimeout(1000); - Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); - } - finally - { - close(conn); - } + // Of other possible paths, only 404 Not Found is expected + Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); } @Test - public void testGetBeanRefInvalid_nullxslash() throws Exception + public void testGetReference() throws Exception { - - URI uri = serverURI.resolve("/dump.jsp%00x/"); + URI uri = serverURI.resolve(path); HttpURLConnection conn = null; try @@ -195,11 +163,11 @@ public class JspMatchingTest conn = (HttpURLConnection)uri.toURL().openConnection(); conn.setConnectTimeout(1000); conn.setReadTimeout(1000); - Assert.assertThat("Response Code",conn.getResponseCode(),is(404)); + assertResponse(conn); } finally { - close(conn); + conn.disconnect(); } } @@ -216,9 +184,4 @@ public class JspMatchingTest IO.close(in); } } - - private void close(HttpURLConnection conn) - { - conn.disconnect(); - } } |