1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.filter.mgt;
20
21 import org.apache.shiro.util.AntPathMatcher;
22 import org.apache.shiro.web.WebTest;
23 import org.apache.shiro.web.util.WebUtils;
24 import org.junit.Before;
25 import org.junit.Test;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.FilterConfig;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33
34 import static org.easymock.EasyMock.*;
35 import static org.junit.Assert.*;
36
37
38
39
40
41
42 public class PathMatchingFilterChainResolverTest extends WebTest {
43
44 private PathMatchingFilterChainResolver resolver;
45
46 @Before
47 public void setUp() {
48 resolver = new PathMatchingFilterChainResolver();
49 }
50
51 @Test
52 public void testNewInstance() {
53 assertNotNull(resolver.getPathMatcher());
54 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
55 assertNotNull(resolver.getFilterChainManager());
56 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
57 }
58
59 @Test
60 public void testNewInstanceWithFilterConfig() {
61 FilterConfig mock = createNiceMockFilterConfig();
62 replay(mock);
63 resolver = new PathMatchingFilterChainResolver(mock);
64 assertNotNull(resolver.getPathMatcher());
65 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
66 assertNotNull(resolver.getFilterChainManager());
67 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
68 assertEquals(((DefaultFilterChainManager) resolver.getFilterChainManager()).getFilterConfig(), mock);
69 verify(mock);
70 }
71
72 @Test
73 public void testSetters() {
74 resolver.setPathMatcher(new AntPathMatcher());
75 assertNotNull(resolver.getPathMatcher());
76 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
77 resolver.setFilterChainManager(new DefaultFilterChainManager());
78 assertNotNull(resolver.getFilterChainManager());
79 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
80 }
81
82 @Test
83 public void testGetChainsWithoutChains() {
84 ServletRequest request = createNiceMock(HttpServletRequest.class);
85 ServletResponse response = createNiceMock(HttpServletResponse.class);
86 FilterChain chain = createNiceMock(FilterChain.class);
87 FilterChain resolved = resolver.getChain(request, response, chain);
88 assertNull(resolved);
89 }
90
91 @Test
92 public void testGetChainsWithMatch() {
93 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
94 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
95 FilterChain chain = createNiceMock(FilterChain.class);
96
97
98 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
99
100 expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
101 expect(request.getContextPath()).andReturn("");
102 expect(request.getRequestURI()).andReturn("/index.html");
103 replay(request);
104
105 FilterChain resolved = resolver.getChain(request, response, chain);
106 assertNotNull(resolved);
107 verify(request);
108 }
109
110 @Test
111 public void testPathTraversalWithDot() {
112 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
113 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
114 FilterChain chain = createNiceMock(FilterChain.class);
115
116
117 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
118
119 expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
120 expect(request.getContextPath()).andReturn("");
121 expect(request.getRequestURI()).andReturn("/./index.html");
122 replay(request);
123
124 FilterChain resolved = resolver.getChain(request, response, chain);
125 assertNotNull(resolved);
126 verify(request);
127 }
128
129 @Test
130 public void testPathTraversalWithDotDot() {
131 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
132 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
133 FilterChain chain = createNiceMock(FilterChain.class);
134
135
136 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
137
138 expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
139 expect(request.getContextPath()).andReturn("");
140 expect(request.getRequestURI()).andReturn("/public/../index.html");
141 replay(request);
142
143 FilterChain resolved = resolver.getChain(request, response, chain);
144 assertNotNull(resolved);
145 verify(request);
146 }
147
148 @Test
149 public void testGetChainsWithoutMatch() {
150 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
151 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
152 FilterChain chain = createNiceMock(FilterChain.class);
153
154
155 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
156
157 expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
158 expect(request.getContextPath()).andReturn("");
159 expect(request.getRequestURI()).andReturn("/");
160 replay(request);
161
162 FilterChain resolved = resolver.getChain(request, response, chain);
163 assertNull(resolved);
164 verify(request);
165 }
166 }