1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.filter.mgt;
20
21 import org.apache.shiro.util.AntPathMatcher;
22 import org.apache.shiro.web.WebTest;
23 import org.apache.shiro.web.util.WebUtils;
24 import org.junit.Before;
25 import org.junit.Test;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.FilterConfig;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33
34 import static org.easymock.EasyMock.*;
35 import static org.junit.Assert.*;
36
37
38
39
40
41
42 public class PathMatchingFilterChainResolverTest extends WebTest {
43
44 private PathMatchingFilterChainResolver resolver;
45
46 @Before
47 public void setUp() {
48 resolver = new PathMatchingFilterChainResolver();
49 }
50
51 @Test
52 public void testNewInstance() {
53 assertNotNull(resolver.getPathMatcher());
54 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
55 assertNotNull(resolver.getFilterChainManager());
56 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
57 }
58
59 @Test
60 public void testNewInstanceWithFilterConfig() {
61 FilterConfig mock = createNiceMockFilterConfig();
62 replay(mock);
63 resolver = new PathMatchingFilterChainResolver(mock);
64 assertNotNull(resolver.getPathMatcher());
65 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
66 assertNotNull(resolver.getFilterChainManager());
67 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
68 assertEquals(((DefaultFilterChainManager) resolver.getFilterChainManager()).getFilterConfig(), mock);
69 verify(mock);
70 }
71
72 @Test
73 public void testSetters() {
74 resolver.setPathMatcher(new AntPathMatcher());
75 assertNotNull(resolver.getPathMatcher());
76 assertTrue(resolver.getPathMatcher() instanceof AntPathMatcher);
77 resolver.setFilterChainManager(new DefaultFilterChainManager());
78 assertNotNull(resolver.getFilterChainManager());
79 assertTrue(resolver.getFilterChainManager() instanceof DefaultFilterChainManager);
80 }
81
82 @Test
83 public void testGetChainsWithoutChains() {
84 ServletRequest request = createNiceMock(HttpServletRequest.class);
85 ServletResponse response = createNiceMock(HttpServletResponse.class);
86 FilterChain chain = createNiceMock(FilterChain.class);
87 FilterChain resolved = resolver.getChain(request, response, chain);
88 assertNull(resolved);
89 }
90
91 @Test
92 public void testGetChainsWithMatch() {
93 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
94 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
95 FilterChain chain = createNiceMock(FilterChain.class);
96
97
98 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
99
100 expect(request.getServletPath()).andReturn("");
101 expect(request.getPathInfo()).andReturn("/index.html");
102 replay(request);
103
104 FilterChain resolved = resolver.getChain(request, response, chain);
105 assertNotNull(resolved);
106 verify(request);
107 }
108
109 @Test
110 public void testPathTraversalWithDot() {
111 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
112 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
113 FilterChain chain = createNiceMock(FilterChain.class);
114
115
116 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
117
118 expect(request.getServletPath()).andReturn("/");
119 expect(request.getPathInfo()).andReturn("./index.html");
120 replay(request);
121
122 FilterChain resolved = resolver.getChain(request, response, chain);
123 assertNotNull(resolved);
124 verify(request);
125 }
126
127 @Test
128 public void testPathTraversalWithDotDot() {
129 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
130 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
131 FilterChain chain = createNiceMock(FilterChain.class);
132
133
134 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
135 expect(request.getServletPath()).andReturn("/public/");
136 expect(request.getPathInfo()).andReturn("../index.html");
137 replay(request);
138
139 FilterChain resolved = resolver.getChain(request, response, chain);
140 assertNotNull(resolved);
141 verify(request);
142 }
143
144 @Test
145 public void testGetChainsWithoutMatch() {
146 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
147 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
148 FilterChain chain = createNiceMock(FilterChain.class);
149
150
151 resolver.getFilterChainManager().addToChain("/index.html", "authcBasic");
152
153 expect(request.getServletPath()).andReturn("/");
154 expect(request.getPathInfo()).andReturn(null);
155 replay(request);
156
157 FilterChain resolved = resolver.getChain(request, response, chain);
158 assertNull(resolved);
159 verify(request);
160 }
161
162
163
164
165 @Test
166 public void testGetChain() {
167 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
168 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
169 FilterChain chain = createNiceMock(FilterChain.class);
170
171
172 resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
173
174 expect(request.getServletPath()).andReturn("");
175 expect(request.getPathInfo()).andReturn("/resource/book");
176 replay(request);
177
178 FilterChain resolved = resolver.getChain(request, response, chain);
179 assertNotNull(resolved);
180 verify(request);
181 }
182
183
184
185
186 @Test
187 public void testGetChainEqualUrlSeparator() {
188 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
189 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
190 FilterChain chain = createNiceMock(FilterChain.class);
191
192
193 resolver.getFilterChainManager().addToChain("/", "authcBasic");
194
195 expect(request.getServletPath()).andReturn("/");
196 expect(request.getPathInfo()).andReturn(null);
197 replay(request);
198
199 FilterChain resolved = resolver.getChain(request, response, chain);
200 assertNotNull(resolved);
201 verify(request);
202 }
203
204
205
206
207 @Test
208 public void testGetChainEndWithUrlSeparator() {
209 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
210 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
211 FilterChain chain = createNiceMock(FilterChain.class);
212
213
214 resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
215
216 expect(request.getServletPath()).andReturn("");
217 expect(request.getPathInfo()).andReturn("/resource/book");
218 replay(request);
219
220 FilterChain resolved = resolver.getChain(request, response, chain);
221 assertNotNull(resolved);
222 verify(request);
223 }
224
225
226
227
228 @Test
229 public void testGetChainEndWithMultiUrlSeparator() {
230 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
231 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
232 FilterChain chain = createNiceMock(FilterChain.class);
233
234
235 resolver.getFilterChainManager().addToChain("/resource/book", "authcBasic");
236
237 expect(request.getServletPath()).andReturn("");
238 expect(request.getPathInfo()).andReturn("/resource/book//");
239 replay(request);
240
241 FilterChain resolved = resolver.getChain(request, response, chain);
242 assertNotNull(resolved);
243 verify(request);
244 }
245 }