View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.filter.mgt;
20  
21  import org.apache.shiro.util.AntPathMatcher;
22  import org.apache.shiro.web.WebTest;
23  import org.apache.shiro.web.util.WebUtils;
24  import org.junit.Before;
25  import org.junit.Test;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.FilterConfig;
29  import javax.servlet.ServletRequest;
30  import javax.servlet.ServletResponse;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpServletResponse;
33  
34  import static org.easymock.EasyMock.*;
35  import static org.junit.Assert.*;
36  
37  /**
38   * Tests for {@link org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver}.
39   *
40   * @since 1.0
41   */
42  public class PathMatchingFilterChainResolverTest extends WebTest {
43  
44      private PathMatchingFilterChainResolver resolver;
45  
46      @Before
47      public void setUp() {
48          resolver = new PathMatchingFilterChainResolver();
49      }
50  
51      @Test
52      public void testNewInstance() {
53          assertNotNull(resolver.getPathMatcher());
54          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
55          assertNotNull(resolver.getFilterChainManager());
56          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
57      }
58  
59      @Test
60      public void testNewInstanceWithFilterConfig() {
61          FilterConfig mock = createNiceMockFilterConfig();
62          replay(mock);
63          resolver = new PathMatchingFilterChainResolver(mock);
64          assertNotNull(resolver.getPathMatcher());
65          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
66          assertNotNull(resolver.getFilterChainManager());
67          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
68          assertEquals(((DefaultFilterChainManager) resolver.getFilterChainManager()).getFilterConfig(), mock);
69          verify(mock);
70      }
71  
72      @Test
73      public void testSetters() {
74          resolver.setPathMatcher(new AntPathMatcher());
75          assertNotNull(resolver.getPathMatcher());
76          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
77          resolver.setFilterChainManager(new DefaultFilterChainManager());
78          assertNotNull(resolver.getFilterChainManager());
79          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
80      }
81  
82      @Test
83      public void testGetChainsWithoutChains() {
84          ServletRequest request = createNiceMock(HttpServletRequest.class);
85          ServletResponse response = createNiceMock(HttpServletResponse.class);
86          FilterChain chain = createNiceMock(FilterChain.class);
87          FilterChain resolved = resolver.getChain(request, response, chain);
88          assertNull(resolved);
89      }
90  
91      @Test
92      public void testGetChainsWithMatch() {
93          HttpServletRequest request = createNiceMock(HttpServletRequest.class);
94          HttpServletResponse response = createNiceMock(HttpServletResponse.class);
95          FilterChain chain = createNiceMock(FilterChain.class);
96  
97          //ensure at least one chain is defined:
98          resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
99  
100         expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
101         expect(request.getContextPath()).andReturn("");
102         expect(request.getRequestURI()).andReturn("/index.html");
103         replay(request);
104 
105         FilterChain resolved = resolver.getChain(request, response, chain);
106         assertNotNull(resolved);
107         verify(request);
108     }
109     
110     @Test
111     public void testPathTraversalWithDot() {
112         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
113         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
114         FilterChain chain = createNiceMock(FilterChain.class);
115 
116         //ensure at least one chain is defined:
117         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
118 
119         expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
120         expect(request.getContextPath()).andReturn("");
121         expect(request.getRequestURI()).andReturn("/./index.html");
122         replay(request);
123 
124         FilterChain resolved = resolver.getChain(request, response, chain);
125         assertNotNull(resolved);
126         verify(request);
127     }
128     
129     @Test
130     public void testPathTraversalWithDotDot() {
131         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
132         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
133         FilterChain chain = createNiceMock(FilterChain.class);
134 
135         //ensure at least one chain is defined:
136         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
137 
138         expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
139         expect(request.getContextPath()).andReturn("");
140         expect(request.getRequestURI()).andReturn("/public/../index.html");
141         replay(request);
142 
143         FilterChain resolved = resolver.getChain(request, response, chain);
144         assertNotNull(resolved);
145         verify(request);
146     }
147 
148     @Test
149     public void testGetChainsWithoutMatch() {
150         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
151         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
152         FilterChain chain = createNiceMock(FilterChain.class);
153 
154         //ensure at least one chain is defined:
155         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
156 
157         expect(request.getAttribute(WebUtils.INCLUDE_CONTEXT_PATH_ATTRIBUTE)).andReturn(null).anyTimes();
158         expect(request.getContextPath()).andReturn("");
159         expect(request.getRequestURI()).andReturn("/");
160         replay(request);
161 
162         FilterChain resolved = resolver.getChain(request, response, chain);
163         assertNull(resolved);
164         verify(request);
165     }
166 }