diff --git a/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java new file mode 100644 index 00000000000..fbe88dd69d3 --- /dev/null +++ b/tests/test-integration/src/test/java/org/eclipse/jetty/test/jsp/JspAndDefaultWithoutAliasesTest.java @@ -0,0 +1,188 @@ +// +// ======================================================================== +// Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.test.jsp; + +import static org.hamcrest.Matchers.*; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.URI; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.apache.jasper.servlet.JspServlet; +import org.eclipse.jetty.security.HashLoginService; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.nio.SelectChannelConnector; +import org.eclipse.jetty.servlet.DefaultServlet; +import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.toolchain.test.MavenTestingUtils; +import org.eclipse.jetty.util.IO; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; + + +/** + * Test various paths for JSP resources that tickle various java.io.File bugs to get around the JspServlet matching, that then flows to the DefaultServlet to be + * served as source files. + */ +@RunWith(Parameterized.class) +public class JspAndDefaultWithoutAliasesTest +{ + private static final Logger LOG = Log.getLogger(JspAndDefaultWithAliasesTest.class); + private static Server server; + private static URI serverURI; + + @Parameters + public static Collection data() + { + List data = new ArrayList(); + + // @formatter:off + data.add(new Object[] { "/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00" }); + data.add(new Object[] { "/dump.jsp%00x" }); + data.add(new Object[] { "/dump.jsp%00/" }); + data.add(new Object[] { "/dump.jsp%00x/" }); + data.add(new Object[] { "/dump.jsp%00x/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00/dump.jsp" }); + data.add(new Object[] { "/dump.jsp%00/index.html" }); + // @formatter:on + + return data; + } + + @BeforeClass + public static void startServer() throws Exception + { + server = new Server(); + SelectChannelConnector connector = new SelectChannelConnector(); + connector.setPort(0); + server.addConnector(connector); + + // Configure LoginService + HashLoginService login = new HashLoginService(); + login.setName("Test Realm"); + File realmFile = MavenTestingUtils.getTestResourceFile("realm.properties"); + login.setConfig(realmFile.getAbsolutePath()); + server.addBean(login); + + // Configure WebApp + ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); + context.setContextPath("/"); + File webappBase = MavenTestingUtils.getTestResourceDir("docroots/jsp"); + context.setResourceBase(webappBase.getAbsolutePath()); + context.setClassLoader(Thread.currentThread().getContextClassLoader()); + + // add default servlet + ServletHolder defaultServHolder = context.addServlet(DefaultServlet.class,"/"); + defaultServHolder.setInitParameter("aliases","false"); // important! must be FALSE + + // add jsp + ServletHolder jsp = context.addServlet(JspServlet.class,"*.jsp"); + jsp.setInitParameter("classpath",context.getClassPath()); + + // add context + server.setHandler(context); + + server.start(); + + serverURI = new URI("http://localhost:" + connector.getLocalPort() + "/"); + } + + @AfterClass + public static void stopServer() throws Exception + { + server.stop(); + } + + private String path; + + public JspAndDefaultWithoutAliasesTest(String encodedRequestPath) + { + LOG.info("Path \"" + encodedRequestPath + "\""); + this.path = encodedRequestPath; + } + + private void assertProcessedByJspServlet(HttpURLConnection conn) throws IOException + { + // make sure that jsp actually ran, and didn't just get passed onto + // the default servlet to return the jsp source + String body = getResponseBody(conn); + Assert.assertThat("Body",body,not(containsString("<%@"))); + Assert.assertThat("Body",body,not(containsString("