402984 - WebSocket Upgrade must honor case insensitive header fields in upgrade request

This commit is contained in:
Joakim Erdfelt 2013-03-19 11:28:23 -07:00
parent 96df602e9e
commit 04d86bd49e
5 changed files with 258 additions and 25 deletions

View File

@ -0,0 +1,124 @@
//
// ========================================================================
// Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.servlet;
import static org.hamcrest.Matchers.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URI;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.IO;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
public class RequestHeadersTest
{
@SuppressWarnings("serial")
private static class RequestHeaderServlet extends HttpServlet
{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
resp.setContentType("text/plain");
PrintWriter out = resp.getWriter();
out.printf("X-Camel-Type = %s",req.getHeader("X-Camel-Type"));
}
}
private static Server server;
private static ServerConnector connector;
private static URI serverUri;
@BeforeClass
public static void startServer() throws Exception
{
// Configure Server
server = new Server();
connector = new ServerConnector(server);
server.addConnector(connector);
ServletContextHandler context = new ServletContextHandler();
context.setContextPath("/");
server.setHandler(context);
// Serve capture servlet
context.addServlet(new ServletHolder(new RequestHeaderServlet()),"/*");
// Start Server
server.start();
String host = connector.getHost();
if (host == null)
{
host = "localhost";
}
int port = connector.getLocalPort();
serverUri = new URI(String.format("http://%s:%d/",host,port));
}
@AfterClass
public static void stopServer()
{
try
{
server.stop();
}
catch (Exception e)
{
e.printStackTrace(System.err);
}
}
@Test
public void testGetLowercaseHeader() throws IOException
{
HttpURLConnection http = null;
try
{
http = (HttpURLConnection)serverUri.toURL().openConnection();
// Set header in all lowercase
http.setRequestProperty("x-camel-type","bactrian");
try (InputStream in = http.getInputStream())
{
String resp = IO.toString(in, "UTF-8");
Assert.assertThat("Response", resp, is("X-Camel-Type = bactrian"));
}
}
finally
{
if (http != null)
{
http.disconnect();
}
}
}
}

View File

@ -24,6 +24,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
@ -86,7 +87,7 @@ public class UpgradeRequest
public String getHeader(String name)
{
List<String> values = headers.get(name);
List<String> values = headers.get(name.toLowerCase(Locale.ENGLISH));
// no value list
if (values == null)
{
@ -120,7 +121,7 @@ public class UpgradeRequest
public int getHeaderInt(String name)
{
List<String> values = headers.get(name);
List<String> values = headers.get(name.toLowerCase(Locale.ENGLISH));
// no value list
if (values == null)
{
@ -190,6 +191,13 @@ public class UpgradeRequest
return requestURI;
}
/**
* Access the Servlet HTTP Session (if present)
* <p>
* Note: Never present on a Client UpgradeRequest.
*
* @return the Servlet HTTPSession on server side UpgradeRequests
*/
public Object getSession()
{
return session;
@ -224,14 +232,14 @@ public class UpgradeRequest
public void setHeader(String name, List<String> values)
{
headers.put(name,values);
headers.put(name.toLowerCase(Locale.ENGLISH),values);
}
public void setHeader(String name, String value)
{
List<String> values = new ArrayList<>();
values.add(value);
setHeader(name,values);
setHeader(name.toLowerCase(Locale.ENGLISH),values);
}
public void setHttpVersion(String httpVersion)

View File

@ -114,11 +114,6 @@ public class ServletWebSocketRequest extends UpgradeRequest
return req.getUserPrincipal();
}
public StringBuffer getRequestURL()
{
return req.getRequestURL();
}
public Map<String, Object> getServletAttributes()
{
Map<String, Object> attributes = new HashMap<String, Object>();

View File

@ -191,7 +191,7 @@ public class WebSocketServletRFCTest
}
@Test
@Ignore("Still not working")
@Ignore("Need a better idle timeout test")
public void testIdle() throws Exception
{
BlockheadClient client = new BlockheadClient(server.getServerUri());
@ -248,6 +248,48 @@ public class WebSocketServletRFCTest
}
}
/**
* Test http://tools.ietf.org/html/rfc6455#section-4.1 where server side upgrade handling is supposed to be case insensitive.
* <p>
* This test will simulate a client requesting upgrade with all lowercase headers.
*/
@Test
public void testLowercaseUpgrade() throws Exception
{
BlockheadClient client = new BlockheadClient(server.getServerUri());
try
{
client.connect();
StringBuilder req = new StringBuilder();
req.append("GET ").append(client.getRequestPath()).append(" HTTP/1.1\r\n");
req.append("Host: ").append(client.getRequestHost()).append("\r\n");
req.append("Upgrade: websocket\r\n");
req.append("connection: upgrade\r\n");
req.append("sec-websocket-key: ").append(client.getRequestWebSocketKey()).append("\r\n");
req.append("sec-websocket-origin: ").append(client.getRequestWebSocketOrigin()).append("\r\n");
req.append("sec-websocket-protocol: echo\r\n");
req.append("sec-websocket-version: 13\r\n");
req.append("\r\n");
client.writeRaw(req.toString());
client.expectUpgradeResponse();
// Generate text frame
String msg = "this is an echo ... cho ... ho ... o";
client.write(WebSocketFrame.text(msg));
// Read frame (hopefully text frame)
IncomingFramesCapture capture = client.readFrames(1,TimeUnit.MILLISECONDS,500);
WebSocketFrame tf = capture.getFrames().get(0);
Assert.assertThat("Text Frame.status code",tf.getPayloadAsUTF8(),is(msg));
}
finally
{
client.close();
}
}
@Test
@Ignore("Should be moved to Fuzzer")
public void testMaxBinarySize() throws Exception
@ -366,4 +408,46 @@ public class WebSocketServletRFCTest
client.close();
}
}
/**
* Test http://tools.ietf.org/html/rfc6455#section-4.1 where server side upgrade handling is supposed to be case insensitive.
* <p>
* This test will simulate a client requesting upgrade with all uppercase headers.
*/
@Test
public void testUppercaseUpgrade() throws Exception
{
BlockheadClient client = new BlockheadClient(server.getServerUri());
try
{
client.connect();
StringBuilder req = new StringBuilder();
req.append("GET ").append(client.getRequestPath()).append(" HTTP/1.1\r\n");
req.append("HOST: ").append(client.getRequestHost()).append("\r\n");
req.append("UPGRADE: WEBSOCKET\r\n");
req.append("CONNECTION: UPGRADE\r\n");
req.append("SEC-WEBSOCKET-KEY: ").append(client.getRequestWebSocketKey()).append("\r\n");
req.append("SEC-WEBSOCKET-ORIGIN: ").append(client.getRequestWebSocketOrigin()).append("\r\n");
req.append("SEC-WEBSOCKET-PROTOCOL: ECHO\r\n");
req.append("SEC-WEBSOCKET-VERSION: 13\r\n");
req.append("\r\n");
client.writeRaw(req.toString());
client.expectUpgradeResponse();
// Generate text frame
String msg = "this is an echo ... cho ... ho ... o";
client.write(WebSocketFrame.text(msg));
// Read frame (hopefully text frame)
IncomingFramesCapture capture = client.readFrames(1,TimeUnit.MILLISECONDS,500);
WebSocketFrame tf = capture.getFrames().get(0);
Assert.assertThat("Text Frame.status code",tf.getPayloadAsUTF8(),is(msg));
}
finally
{
client.close();
}
}
}

View File

@ -330,6 +330,39 @@ public class BlockheadClient implements IncomingFrames, OutgoingFrames
return protocols;
}
public String getRequestHost()
{
if (destHttpURI.getPort() > 0)
{
return String.format("%s:%d",destHttpURI.getHost(),destHttpURI.getPort());
}
else
{
return destHttpURI.getHost();
}
}
public String getRequestPath()
{
StringBuilder path = new StringBuilder();
path.append(destHttpURI.getPath());
if (StringUtil.isNotBlank(destHttpURI.getQuery()))
{
path.append('?').append(destHttpURI.getQuery());
}
return path.toString();
}
public String getRequestWebSocketKey()
{
return REQUEST_HASH_KEY;
}
public String getRequestWebSocketOrigin()
{
return destWebsocketURI.toASCIIString();
}
public int getVersion()
{
return version;
@ -557,27 +590,16 @@ public class BlockheadClient implements IncomingFrames, OutgoingFrames
public void sendStandardRequest() throws IOException
{
StringBuilder req = new StringBuilder();
req.append("GET ");
req.append(destHttpURI.getPath());
if (StringUtil.isNotBlank(destHttpURI.getQuery()))
{
req.append('?').append(destHttpURI.getQuery());
}
req.append(" HTTP/1.1\r\n");
req.append("Host: ").append(destHttpURI.getHost());
if (destHttpURI.getPort() > 0)
{
req.append(':').append(destHttpURI.getPort());
}
req.append("\r\n");
req.append("GET ").append(getRequestPath()).append(" HTTP/1.1\r\n");
req.append("Host: ").append(getRequestHost()).append("\r\n");
req.append("Upgrade: websocket\r\n");
req.append("Connection: Upgrade\r\n");
for (String header : headers)
{
req.append(header);
}
req.append("Sec-WebSocket-Key: ").append(REQUEST_HASH_KEY).append("\r\n");
req.append("Sec-WebSocket-Origin: ").append(destWebsocketURI.toASCIIString()).append("\r\n");
req.append("Sec-WebSocket-Key: ").append(getRequestWebSocketKey()).append("\r\n");
req.append("Sec-WebSocket-Origin: ").append(getRequestWebSocketOrigin()).append("\r\n");
if (StringUtil.isNotBlank(protocols))
{
req.append("Sec-WebSocket-Protocol: ").append(protocols).append("\r\n");