View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.filter.mgt;
20  
21  import org.apache.shiro.util.AntPathMatcher;
22  import org.apache.shiro.web.WebTest;
23  import org.apache.shiro.web.util.WebUtils;
24  import org.junit.Before;
25  import org.junit.Test;
26  
27  import javax.servlet.FilterChain;
28  import javax.servlet.FilterConfig;
29  import javax.servlet.ServletRequest;
30  import javax.servlet.ServletResponse;
31  import javax.servlet.http.HttpServletRequest;
32  import javax.servlet.http.HttpServletResponse;
33  
34  import static org.easymock.EasyMock.*;
35  import static org.junit.Assert.*;
36  
37  /**
38   * Tests for {@link org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver}.
39   *
40   * @since 1.0
41   */
42  public class PathMatchingFilterChainResolverTest extends WebTest {
43  
44      private PathMatchingFilterChainResolver resolver;
45  
46      @Before
47      public void setUp() {
48          resolver = new PathMatchingFilterChainResolver();
49      }
50  
51      @Test
52      public void testNewInstance() {
53          assertNotNull(resolver.getPathMatcher());
54          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
55          assertNotNull(resolver.getFilterChainManager());
56          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
57      }
58  
59      @Test
60      public void testNewInstanceWithFilterConfig() {
61          FilterConfig mock = createNiceMockFilterConfig();
62          replay(mock);
63          resolver = new PathMatchingFilterChainResolver(mock);
64          assertNotNull(resolver.getPathMatcher());
65          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
66          assertNotNull(resolver.getFilterChainManager());
67          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
68          assertEquals(((DefaultFilterChainManager) resolver.getFilterChainManager()).getFilterConfig(), mock);
69          verify(mock);
70      }
71  
72      @Test
73      public void testSetters() {
74          resolver.setPathMatcher(new AntPathMatcher());
75          assertNotNull(resolver.getPathMatcher());
76          assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
77          resolver.setFilterChainManager(new DefaultFilterChainManager());
78          assertNotNull(resolver.getFilterChainManager());
79          assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
80      }
81  
82      @Test
83      public void testGetChainsWithoutChains() {
84          ServletRequest request = createNiceMock(HttpServletRequest.class);
85          ServletResponse response = createNiceMock(HttpServletResponse.class);
86          FilterChain chain = createNiceMock(FilterChain.class);
87          FilterChain resolved = resolver.getChain(request, response, chain);
88          assertNull(resolved);
89      }
90  
91      @Test
92      public void testGetChainsWithMatch() {
93          HttpServletRequest request = createNiceMock(HttpServletRequest.class);
94          HttpServletResponse response = createNiceMock(HttpServletResponse.class);
95          FilterChain chain = createNiceMock(FilterChain.class);
96  
97          //ensure at least one chain is defined:
98          resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
99  
100         expect(request.getServletPath()).andReturn("");
101         expect(request.getPathInfo()).andReturn("/index.html");
102         replay(request);
103 
104         FilterChain resolved = resolver.getChain(request, response, chain);
105         assertNotNull(resolved);
106         verify(request);
107     }
108     
109     @Test
110     public void testPathTraversalWithDot() {
111         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
112         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
113         FilterChain chain = createNiceMock(FilterChain.class);
114 
115         //ensure at least one chain is defined:
116         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
117 
118         expect(request.getServletPath()).andReturn("/");
119         expect(request.getPathInfo()).andReturn("./index.html");
120         replay(request);
121 
122         FilterChain resolved = resolver.getChain(request, response, chain);
123         assertNotNull(resolved);
124         verify(request);
125     }
126     
127     @Test
128     public void testPathTraversalWithDotDot() {
129         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
130         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
131         FilterChain chain = createNiceMock(FilterChain.class);
132 
133         //ensure at least one chain is defined:
134         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
135         expect(request.getServletPath()).andReturn("/public/");
136         expect(request.getPathInfo()).andReturn("../index.html");
137         replay(request);
138 
139         FilterChain resolved = resolver.getChain(request, response, chain);
140         assertNotNull(resolved);
141         verify(request);
142     }
143 
144     @Test
145     public void testGetChainsWithoutMatch() {
146         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
147         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
148         FilterChain chain = createNiceMock(FilterChain.class);
149 
150         //ensure at least one chain is defined:
151         resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
152 
153         expect(request.getServletPath()).andReturn("/");
154         expect(request.getPathInfo()).andReturn(null);
155         replay(request);
156 
157         FilterChain resolved = resolver.getChain(request, response, chain);
158         assertNull(resolved);
159         verify(request);
160     }
161 
162     /**
163      * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-682">SHIRO-682<a/>.
164      */
165     @Test
166     public void testGetChain() {
167         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
168         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
169         FilterChain chain = createNiceMock(FilterChain.class);
170 
171         //ensure at least one chain is defined:
172         resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
173 
174         expect(request.getServletPath()).andReturn("");
175         expect(request.getPathInfo()).andReturn("/resource/book");
176         replay(request);
177 
178         FilterChain resolved = resolver.getChain(request, response, chain);
179         assertNotNull(resolved);
180         verify(request);
181     }
182 
183     /**
184      * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-742">SHIRO-742<a/>.
185      */
186     @Test
187     public void testGetChainEqualUrlSeparator() {
188         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
189         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
190         FilterChain chain = createNiceMock(FilterChain.class);
191 
192         //ensure at least one chain is defined:
193         resolver.getFilterChainManager().addToChain("/", "authcBasic");
194 
195         expect(request.getServletPath()).andReturn("/");
196         expect(request.getPathInfo()).andReturn(null);
197         replay(request);
198 
199         FilterChain resolved = resolver.getChain(request, response, chain);
200         assertNotNull(resolved);
201         verify(request);
202     }
203 
204     /**
205      * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-682">SHIRO-682<a/>.
206      */
207     @Test
208     public void testGetChainEndWithUrlSeparator() {
209         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
210         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
211         FilterChain chain = createNiceMock(FilterChain.class);
212 
213         //ensure at least one chain is defined:
214         resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
215 
216         expect(request.getServletPath()).andReturn("");
217         expect(request.getPathInfo()).andReturn("/resource/book");
218         replay(request);
219 
220         FilterChain resolved = resolver.getChain(request, response, chain);
221         assertNotNull(resolved);
222         verify(request);
223     }
224 
225     /**
226      * Test asserting <a href="https://issues.apache.org/jira/browse/SHIRO-682">SHIRO-682<a/>.
227      */
228     @Test
229     public void testGetChainEndWithMultiUrlSeparator() {
230         HttpServletRequest request = createNiceMock(HttpServletRequest.class);
231         HttpServletResponse response = createNiceMock(HttpServletResponse.class);
232         FilterChain chain = createNiceMock(FilterChain.class);
233 
234         //ensure at least one chain is defined:
235         resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
236 
237         expect(request.getServletPath()).andReturn("");
238         expect(request.getPathInfo()).andReturn("/resource/book//");
239         replay(request);
240 
241         FilterChain resolved = resolver.getChain(request, response, chain);
242         assertNotNull(resolved);
243         verify(request);
244     }
245 }