402984 - WebSocket Upgrade must honor case insensitive header fields in upgrade request
This commit is contained in:
parent
96df602e9e
commit
04d86bd49e
|
@ -0,0 +1,124 @@
|
|||
//
|
||||
// ========================================================================
|
||||
// Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
|
||||
// ------------------------------------------------------------------------
|
||||
// All rights reserved. This program and the accompanying materials
|
||||
// are made available under the terms of the Eclipse Public License v1.0
|
||||
// and Apache License v2.0 which accompanies this distribution.
|
||||
//
|
||||
// The Eclipse Public License is available at
|
||||
// http://www.eclipse.org/legal/epl-v10.html
|
||||
//
|
||||
// The Apache License v2.0 is available at
|
||||
// http://www.opensource.org/licenses/apache2.0.php
|
||||
//
|
||||
// You may elect to redistribute this code under either of these licenses.
|
||||
// ========================================================================
|
||||
//
|
||||
|
||||
package org.eclipse.jetty.servlet;
|
||||
|
||||
import static org.hamcrest.Matchers.*;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.PrintWriter;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URI;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.eclipse.jetty.server.Server;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
import org.eclipse.jetty.util.IO;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
public class RequestHeadersTest
|
||||
{
|
||||
@SuppressWarnings("serial")
|
||||
private static class RequestHeaderServlet extends HttpServlet
|
||||
{
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
|
||||
{
|
||||
resp.setContentType("text/plain");
|
||||
PrintWriter out = resp.getWriter();
|
||||
out.printf("X-Camel-Type = %s",req.getHeader("X-Camel-Type"));
|
||||
}
|
||||
}
|
||||
|
||||
private static Server server;
|
||||
private static ServerConnector connector;
|
||||
private static URI serverUri;
|
||||
|
||||
@BeforeClass
|
||||
public static void startServer() throws Exception
|
||||
{
|
||||
// Configure Server
|
||||
server = new Server();
|
||||
connector = new ServerConnector(server);
|
||||
server.addConnector(connector);
|
||||
|
||||
ServletContextHandler context = new ServletContextHandler();
|
||||
context.setContextPath("/");
|
||||
server.setHandler(context);
|
||||
|
||||
// Serve capture servlet
|
||||
context.addServlet(new ServletHolder(new RequestHeaderServlet()),"/*");
|
||||
|
||||
// Start Server
|
||||
server.start();
|
||||
|
||||
String host = connector.getHost();
|
||||
if (host == null)
|
||||
{
|
||||
host = "localhost";
|
||||
}
|
||||
int port = connector.getLocalPort();
|
||||
serverUri = new URI(String.format("http://%s:%d/",host,port));
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void stopServer()
|
||||
{
|
||||
try
|
||||
{
|
||||
server.stop();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace(System.err);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetLowercaseHeader() throws IOException
|
||||
{
|
||||
HttpURLConnection http = null;
|
||||
try
|
||||
{
|
||||
http = (HttpURLConnection)serverUri.toURL().openConnection();
|
||||
// Set header in all lowercase
|
||||
http.setRequestProperty("x-camel-type","bactrian");
|
||||
|
||||
try (InputStream in = http.getInputStream())
|
||||
{
|
||||
String resp = IO.toString(in, "UTF-8");
|
||||
Assert.assertThat("Response", resp, is("X-Camel-Type = bactrian"));
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (http != null)
|
||||
{
|
||||
http.disconnect();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -24,6 +24,7 @@ import java.util.ArrayList;
|
|||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import org.eclipse.jetty.websocket.api.extensions.ExtensionConfig;
|
||||
|
@ -86,7 +87,7 @@ public class UpgradeRequest
|
|||
|
||||
public String getHeader(String name)
|
||||
{
|
||||
List<String> values = headers.get(name);
|
||||
List<String> values = headers.get(name.toLowerCase(Locale.ENGLISH));
|
||||
// no value list
|
||||
if (values == null)
|
||||
{
|
||||
|
@ -120,7 +121,7 @@ public class UpgradeRequest
|
|||
|
||||
public int getHeaderInt(String name)
|
||||
{
|
||||
List<String> values = headers.get(name);
|
||||
List<String> values = headers.get(name.toLowerCase(Locale.ENGLISH));
|
||||
// no value list
|
||||
if (values == null)
|
||||
{
|
||||
|
@ -190,6 +191,13 @@ public class UpgradeRequest
|
|||
return requestURI;
|
||||
}
|
||||
|
||||
/**
|
||||
* Access the Servlet HTTP Session (if present)
|
||||
* <p>
|
||||
* Note: Never present on a Client UpgradeRequest.
|
||||
*
|
||||
* @return the Servlet HTTPSession on server side UpgradeRequests
|
||||
*/
|
||||
public Object getSession()
|
||||
{
|
||||
return session;
|
||||
|
@ -224,14 +232,14 @@ public class UpgradeRequest
|
|||
|
||||
public void setHeader(String name, List<String> values)
|
||||
{
|
||||
headers.put(name,values);
|
||||
headers.put(name.toLowerCase(Locale.ENGLISH),values);
|
||||
}
|
||||
|
||||
public void setHeader(String name, String value)
|
||||
{
|
||||
List<String> values = new ArrayList<>();
|
||||
values.add(value);
|
||||
setHeader(name,values);
|
||||
setHeader(name.toLowerCase(Locale.ENGLISH),values);
|
||||
}
|
||||
|
||||
public void setHttpVersion(String httpVersion)
|
||||
|
|
|
@ -114,11 +114,6 @@ public class ServletWebSocketRequest extends UpgradeRequest
|
|||
return req.getUserPrincipal();
|
||||
}
|
||||
|
||||
public StringBuffer getRequestURL()
|
||||
{
|
||||
return req.getRequestURL();
|
||||
}
|
||||
|
||||
public Map<String, Object> getServletAttributes()
|
||||
{
|
||||
Map<String, Object> attributes = new HashMap<String, Object>();
|
||||
|
|
|
@ -191,7 +191,7 @@ public class WebSocketServletRFCTest
|
|||
}
|
||||
|
||||
@Test
|
||||
@Ignore("Still not working")
|
||||
@Ignore("Need a better idle timeout test")
|
||||
public void testIdle() throws Exception
|
||||
{
|
||||
BlockheadClient client = new BlockheadClient(server.getServerUri());
|
||||
|
@ -248,6 +248,48 @@ public class WebSocketServletRFCTest
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test http://tools.ietf.org/html/rfc6455#section-4.1 where server side upgrade handling is supposed to be case insensitive.
|
||||
* <p>
|
||||
* This test will simulate a client requesting upgrade with all lowercase headers.
|
||||
*/
|
||||
@Test
|
||||
public void testLowercaseUpgrade() throws Exception
|
||||
{
|
||||
BlockheadClient client = new BlockheadClient(server.getServerUri());
|
||||
try
|
||||
{
|
||||
client.connect();
|
||||
|
||||
StringBuilder req = new StringBuilder();
|
||||
req.append("GET ").append(client.getRequestPath()).append(" HTTP/1.1\r\n");
|
||||
req.append("Host: ").append(client.getRequestHost()).append("\r\n");
|
||||
req.append("Upgrade: websocket\r\n");
|
||||
req.append("connection: upgrade\r\n");
|
||||
req.append("sec-websocket-key: ").append(client.getRequestWebSocketKey()).append("\r\n");
|
||||
req.append("sec-websocket-origin: ").append(client.getRequestWebSocketOrigin()).append("\r\n");
|
||||
req.append("sec-websocket-protocol: echo\r\n");
|
||||
req.append("sec-websocket-version: 13\r\n");
|
||||
req.append("\r\n");
|
||||
client.writeRaw(req.toString());
|
||||
|
||||
client.expectUpgradeResponse();
|
||||
|
||||
// Generate text frame
|
||||
String msg = "this is an echo ... cho ... ho ... o";
|
||||
client.write(WebSocketFrame.text(msg));
|
||||
|
||||
// Read frame (hopefully text frame)
|
||||
IncomingFramesCapture capture = client.readFrames(1,TimeUnit.MILLISECONDS,500);
|
||||
WebSocketFrame tf = capture.getFrames().get(0);
|
||||
Assert.assertThat("Text Frame.status code",tf.getPayloadAsUTF8(),is(msg));
|
||||
}
|
||||
finally
|
||||
{
|
||||
client.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Ignore("Should be moved to Fuzzer")
|
||||
public void testMaxBinarySize() throws Exception
|
||||
|
@ -366,4 +408,46 @@ public class WebSocketServletRFCTest
|
|||
client.close();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test http://tools.ietf.org/html/rfc6455#section-4.1 where server side upgrade handling is supposed to be case insensitive.
|
||||
* <p>
|
||||
* This test will simulate a client requesting upgrade with all uppercase headers.
|
||||
*/
|
||||
@Test
|
||||
public void testUppercaseUpgrade() throws Exception
|
||||
{
|
||||
BlockheadClient client = new BlockheadClient(server.getServerUri());
|
||||
try
|
||||
{
|
||||
client.connect();
|
||||
|
||||
StringBuilder req = new StringBuilder();
|
||||
req.append("GET ").append(client.getRequestPath()).append(" HTTP/1.1\r\n");
|
||||
req.append("HOST: ").append(client.getRequestHost()).append("\r\n");
|
||||
req.append("UPGRADE: WEBSOCKET\r\n");
|
||||
req.append("CONNECTION: UPGRADE\r\n");
|
||||
req.append("SEC-WEBSOCKET-KEY: ").append(client.getRequestWebSocketKey()).append("\r\n");
|
||||
req.append("SEC-WEBSOCKET-ORIGIN: ").append(client.getRequestWebSocketOrigin()).append("\r\n");
|
||||
req.append("SEC-WEBSOCKET-PROTOCOL: ECHO\r\n");
|
||||
req.append("SEC-WEBSOCKET-VERSION: 13\r\n");
|
||||
req.append("\r\n");
|
||||
client.writeRaw(req.toString());
|
||||
|
||||
client.expectUpgradeResponse();
|
||||
|
||||
// Generate text frame
|
||||
String msg = "this is an echo ... cho ... ho ... o";
|
||||
client.write(WebSocketFrame.text(msg));
|
||||
|
||||
// Read frame (hopefully text frame)
|
||||
IncomingFramesCapture capture = client.readFrames(1,TimeUnit.MILLISECONDS,500);
|
||||
WebSocketFrame tf = capture.getFrames().get(0);
|
||||
Assert.assertThat("Text Frame.status code",tf.getPayloadAsUTF8(),is(msg));
|
||||
}
|
||||
finally
|
||||
{
|
||||
client.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -330,6 +330,39 @@ public class BlockheadClient implements IncomingFrames, OutgoingFrames
|
|||
return protocols;
|
||||
}
|
||||
|
||||
public String getRequestHost()
|
||||
{
|
||||
if (destHttpURI.getPort() > 0)
|
||||
{
|
||||
return String.format("%s:%d",destHttpURI.getHost(),destHttpURI.getPort());
|
||||
}
|
||||
else
|
||||
{
|
||||
return destHttpURI.getHost();
|
||||
}
|
||||
}
|
||||
|
||||
public String getRequestPath()
|
||||
{
|
||||
StringBuilder path = new StringBuilder();
|
||||
path.append(destHttpURI.getPath());
|
||||
if (StringUtil.isNotBlank(destHttpURI.getQuery()))
|
||||
{
|
||||
path.append('?').append(destHttpURI.getQuery());
|
||||
}
|
||||
return path.toString();
|
||||
}
|
||||
|
||||
public String getRequestWebSocketKey()
|
||||
{
|
||||
return REQUEST_HASH_KEY;
|
||||
}
|
||||
|
||||
public String getRequestWebSocketOrigin()
|
||||
{
|
||||
return destWebsocketURI.toASCIIString();
|
||||
}
|
||||
|
||||
public int getVersion()
|
||||
{
|
||||
return version;
|
||||
|
@ -557,27 +590,16 @@ public class BlockheadClient implements IncomingFrames, OutgoingFrames
|
|||
public void sendStandardRequest() throws IOException
|
||||
{
|
||||
StringBuilder req = new StringBuilder();
|
||||
req.append("GET ");
|
||||
req.append(destHttpURI.getPath());
|
||||
if (StringUtil.isNotBlank(destHttpURI.getQuery()))
|
||||
{
|
||||
req.append('?').append(destHttpURI.getQuery());
|
||||
}
|
||||
req.append(" HTTP/1.1\r\n");
|
||||
req.append("Host: ").append(destHttpURI.getHost());
|
||||
if (destHttpURI.getPort() > 0)
|
||||
{
|
||||
req.append(':').append(destHttpURI.getPort());
|
||||
}
|
||||
req.append("\r\n");
|
||||
req.append("GET ").append(getRequestPath()).append(" HTTP/1.1\r\n");
|
||||
req.append("Host: ").append(getRequestHost()).append("\r\n");
|
||||
req.append("Upgrade: websocket\r\n");
|
||||
req.append("Connection: Upgrade\r\n");
|
||||
for (String header : headers)
|
||||
{
|
||||
req.append(header);
|
||||
}
|
||||
req.append("Sec-WebSocket-Key: ").append(REQUEST_HASH_KEY).append("\r\n");
|
||||
req.append("Sec-WebSocket-Origin: ").append(destWebsocketURI.toASCIIString()).append("\r\n");
|
||||
req.append("Sec-WebSocket-Key: ").append(getRequestWebSocketKey()).append("\r\n");
|
||||
req.append("Sec-WebSocket-Origin: ").append(getRequestWebSocketOrigin()).append("\r\n");
|
||||
if (StringUtil.isNotBlank(protocols))
|
||||
{
|
||||
req.append("Sec-WebSocket-Protocol: ").append(protocols).append("\r\n");
|
||||
|
|
Loading…
Reference in New Issue