Issue 86: corrected to only allow the comp header into the signature

git-svn-id: http://jclouds.googlecode.com/svn/trunk@1877 3d8758e0-26b5-11de-8745-db77d3ebf521
This commit is contained in:
adrian.f.cole 2009-09-03 07:48:04 +00:00
parent 7e9229d55e
commit df7a392208
2 changed files with 37 additions and 4 deletions

View File

@ -189,8 +189,20 @@ public class SharedKeyAuthentication implements HttpRequestFilter {
// mark and the comp parameter (for example, ?comp=metadata). No other parameters should be // mark and the comp parameter (for example, ?comp=metadata). No other parameters should be
// included on the query string. // included on the query string.
if (request.getEndpoint().getQuery() != null) { if (request.getEndpoint().getQuery() != null) {
// TODO: determine what components of the query string are really needed. StringBuilder paramsToSign = new StringBuilder("?");
toSign.append("?").append(request.getEndpoint().getQuery());
String[] params = request.getEndpoint().getQuery().split("&");
for (String param : params) {
String[] paramNameAndValue = param.split("=");
if ("comp".equals(paramNameAndValue[0])) {
paramsToSign.append(param);
}
}
if (paramsToSign.length() > 1) {
toSign.append(paramsToSign);
}
} }
} }

View File

@ -95,13 +95,34 @@ public class SharedKeyAuthenticationTest {
} }
@Test @Test
void testAclQueryStringRelative() { void testAclQueryStringResTypeNotSignificant() {
URI host = URI.create("http://" + ACCOUNT URI host = URI.create("http://" + ACCOUNT
+ ".blob.core.windows.net/mycontainer?restype=container"); + ".blob.core.windows.net/mycontainer?restype=container");
HttpRequest request = new HttpRequest(HttpMethod.GET, host); HttpRequest request = new HttpRequest(HttpMethod.GET, host);
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();
filter.appendUriPath(request, builder); filter.appendUriPath(request, builder);
assertEquals(builder.toString(), "/mycontainer?restype=container"); assertEquals(builder.toString(), "/mycontainer");
}
@Test
void testAclQueryStringComp() {
URI host = URI.create("http://" + ACCOUNT + ".blob.core.windows.net/mycontainer?comp=list");
HttpRequest request = new HttpRequest(HttpMethod.GET, host);
StringBuilder builder = new StringBuilder();
filter.appendUriPath(request, builder);
assertEquals(builder.toString(), "/mycontainer?comp=list");
}
@Test
void testAclQueryStringRelativeWithExtraJunk() {
URI host = URI
.create("http://"
+ ACCOUNT
+ ".blob.core.windows.net/mycontainer?comp=list&marker=marker&maxresults=1&prefix=prefix");
HttpRequest request = new HttpRequest(HttpMethod.GET, host);
StringBuilder builder = new StringBuilder();
filter.appendUriPath(request, builder);
assertEquals(builder.toString(), "/mycontainer?comp=list");
} }
@Test @Test