Merged branch 'jetty-9.4.x' into 'jetty-10.0.x'.
This commit is contained in:
Simone Bordet
commit
b1d231b9e7
|
|
@ -33,6 +33,7 @@ import org.eclipse.jetty.io.ClientConnector;
|
|||
import org.eclipse.jetty.io.EndPoint;
|
||||
import org.eclipse.jetty.util.ProcessorUtils;
|
||||
import org.eclipse.jetty.util.Promise;
|
||||
import org.eclipse.jetty.util.annotation.ManagedAttribute;
|
||||
import org.eclipse.jetty.util.annotation.ManagedObject;
|
||||
|
||||
@ManagedObject("The HTTP/1.1 client transport")
|
||||
|
|
@ -40,6 +41,8 @@ public class HttpClientTransportOverHTTP extends AbstractConnectorHttpClientTran
|
|||
{
|
||||
public static final HttpDestination.Protocol HTTP11 = new HttpDestination.Protocol(List.of("http/1.1"), false);
|
||||
|
||||
private int headerCacheSize = 1024;
|
||||
|
||||
public HttpClientTransportOverHTTP()
|
||||
{
|
||||
this(Math.max(1, ProcessorUtils.availableProcessors() / 2));
|
||||
|
|
@ -75,7 +78,7 @@ public class HttpClientTransportOverHTTP extends AbstractConnectorHttpClientTran
|
|||
HttpDestination destination = (HttpDestination)context.get(HTTP_DESTINATION_CONTEXT_KEY);
|
||||
@SuppressWarnings("unchecked")
|
||||
Promise<Connection> promise = (Promise<Connection>)context.get(HTTP_CONNECTION_PROMISE_CONTEXT_KEY);
|
||||
org.eclipse.jetty.io.Connection connection = newHttpConnection(endPoint, destination, promise);
|
||||
var connection = newHttpConnection(endPoint, destination, promise);
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Created {}", connection);
|
||||
return customize(connection, context);
|
||||
|
|
@ -85,4 +88,15 @@ public class HttpClientTransportOverHTTP extends AbstractConnectorHttpClientTran
|
|||
{
|
||||
return new HttpConnectionOverHTTP(endPoint, destination, promise);
|
||||
}
|
||||
|
||||
@ManagedAttribute("The maximum allowed size in bytes for an HTTP header field cache")
|
||||
public int getHeaderCacheSize()
|
||||
{
|
||||
return headerCacheSize;
|
||||
}
|
||||
|
||||
public void setHeaderCacheSize(int headerCacheSize)
|
||||
{
|
||||
this.headerCacheSize = headerCacheSize;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -245,8 +245,8 @@ public class HttpReceiverOverHTTP extends HttpReceiver implements HttpParser.Res
|
|||
@Override
|
||||
public int getHeaderCacheSize()
|
||||
{
|
||||
// TODO get from configuration
|
||||
return 4096;
|
||||
HttpClientTransportOverHTTP transport = (HttpClientTransportOverHTTP)getHttpDestination().getHttpClient().getTransport();
|
||||
return transport.getHeaderCacheSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@
|
|||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="sendServerVersion">true</Set>
|
||||
<Set name="sendDateHeader">false</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
|
||||
<!-- Uncomment to enable handling of X-Forwarded- style headers
|
||||
<Call name="addCustomizer">
|
||||
|
|
|
|||
|
|
@ -213,7 +213,7 @@ Below is the relevant section taken from link:{GITBROWSEURL}/jetty-server/src/ma
|
|||
<Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set>
|
||||
<Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set>
|
||||
<Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set>
|
||||
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="4096" /></Set>
|
||||
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="1024" /></Set>
|
||||
<Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
|
||||
<Set name="maxErrorDispatches"><Property name="jetty.httpConfig.maxErrorDispatches" default="10"/></Set>
|
||||
<Set name="persistentConnectionsEnabled"><Property name="jetty.httpConfig.persistentConnectionsEnabled" default="true"/></Set>
|
||||
|
|
|
|||
|
|
@ -154,7 +154,7 @@ public class ResponseContentParser extends StreamContentParser
|
|||
public int getHeaderCacheSize()
|
||||
{
|
||||
// TODO: configure this
|
||||
return 4096;
|
||||
return 1024;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -263,7 +263,7 @@ public class HttpGeneratorServerHTTPTest
|
|||
@Override
|
||||
public int getHeaderCacheSize()
|
||||
{
|
||||
return 4096;
|
||||
return 1024;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -2305,7 +2305,7 @@ public class HttpParserTest
|
|||
@Override
|
||||
public int getHeaderCacheSize()
|
||||
{
|
||||
return 4096;
|
||||
return 1024;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
<Set name="outputBufferSize">32768</Set>
|
||||
<Set name="requestHeaderSize">8192</Set>
|
||||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<Call name="addConnector">
|
||||
|
|
|
|||
|
|
@ -51,6 +51,11 @@
|
|||
<artifactId>jetty-server</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.jetty</groupId>
|
||||
<artifactId>jetty-client</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.jetty</groupId>
|
||||
<artifactId>jetty-security</artifactId>
|
||||
|
|
@ -72,11 +77,5 @@
|
|||
<artifactId>jetty-test-helper</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.jetty</groupId>
|
||||
<artifactId>jetty-client</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -1,12 +1,22 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
|
||||
<Configure id="Server" class="org.eclipse.jetty.server.Server">
|
||||
<Get id="ThreadPool" name="threadPool"/>
|
||||
<New id="HttpClient" class="org.eclipse.jetty.client.HttpClient">
|
||||
<Arg>
|
||||
<New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
|
||||
<Set name="trustAll" type="boolean"><Property name="jetty.openid.sslContextFactory.trustAll" default="false"/></Set>
|
||||
</New>
|
||||
</Arg>
|
||||
<Set name="executor"><Ref refid="ThreadPool"/></Set>
|
||||
</New>
|
||||
<New id="OpenIdConfiguration" class="org.eclipse.jetty.security.openid.OpenIdConfiguration">
|
||||
<Arg><Property name="jetty.openid.provider" deprecated="jetty.openid.openIdProvider"/></Arg>
|
||||
<Arg><Property name="jetty.openid.provider.authorizationEndpoint"/></Arg>
|
||||
<Arg><Property name="jetty.openid.provider.tokenEndpoint"/></Arg>
|
||||
<Arg><Property name="jetty.openid.clientId"/></Arg>
|
||||
<Arg><Property name="jetty.openid.clientSecret"/></Arg>
|
||||
<Arg><Ref refid="HttpClient"/></Arg>
|
||||
<Call name="addScopes">
|
||||
<Arg>
|
||||
<Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ Adds OpenId Connect authentication.
|
|||
|
||||
[depend]
|
||||
security
|
||||
client
|
||||
|
||||
[lib]
|
||||
lib/jetty-openid-${jetty.version}.jar
|
||||
|
|
@ -37,4 +38,7 @@ etc/jetty-openid.xml
|
|||
# jetty.openid.scopes=email,profile
|
||||
|
||||
## Whether to Authenticate users not found by base LoginService
|
||||
# jetty.openid.authenticateNewUsers=false
|
||||
# jetty.openid.authenticateNewUsers=false
|
||||
|
||||
## True if all certificates should be trusted by the default SslContextFactory
|
||||
# jetty.openid.sslContextFactory.trustAll=false
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
|
||||
<Configure id="BaseLoginService">
|
||||
<Configure>
|
||||
<!-- Optional code to configure the base LoginService used by the OpenIdLoginService
|
||||
<New id="BaseLoginService" class="org.eclipse.jetty.security.HashLoginService">
|
||||
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
|
||||
|
|
|
|||
|
|
@ -18,19 +18,21 @@
|
|||
|
||||
package org.eclipse.jetty.security.openid;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.io.Serializable;
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.eclipse.jetty.util.IO;
|
||||
import org.eclipse.jetty.client.HttpClient;
|
||||
import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP;
|
||||
import org.eclipse.jetty.io.ClientConnector;
|
||||
import org.eclipse.jetty.util.ajax.JSON;
|
||||
import org.eclipse.jetty.util.component.ContainerLifeCycle;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
|
||||
/**
|
||||
* Holds the configuration for an OpenID Connect service.
|
||||
|
|
@ -38,18 +40,18 @@ import org.eclipse.jetty.util.log.Logger;
|
|||
* This uses the OpenID Provider URL with the path {@link #CONFIG_PATH} to discover
|
||||
* the required information about the OIDC service.
|
||||
*/
|
||||
public class OpenIdConfiguration implements Serializable
|
||||
public class OpenIdConfiguration extends ContainerLifeCycle
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(OpenIdConfiguration.class);
|
||||
private static final long serialVersionUID = 2227941990601349102L;
|
||||
private static final String CONFIG_PATH = "/.well-known/openid-configuration";
|
||||
|
||||
private final HttpClient httpClient;
|
||||
private final String issuer;
|
||||
private final String authEndpoint;
|
||||
private final String tokenEndpoint;
|
||||
private final String clientId;
|
||||
private final String clientSecret;
|
||||
private final List<String> scopes = new ArrayList<>();
|
||||
private String authEndpoint;
|
||||
private String tokenEndpoint;
|
||||
|
||||
/**
|
||||
* Create an OpenID configuration for a specific OIDC provider.
|
||||
|
|
@ -59,7 +61,7 @@ public class OpenIdConfiguration implements Serializable
|
|||
*/
|
||||
public OpenIdConfiguration(String provider, String clientId, String clientSecret)
|
||||
{
|
||||
this(provider, null, null, clientId, clientSecret);
|
||||
this(provider, null, null, clientId, clientSecret, null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -69,60 +71,92 @@ public class OpenIdConfiguration implements Serializable
|
|||
* @param tokenEndpoint the URL of the OpenID provider's token endpoint if configured.
|
||||
* @param clientId OAuth 2.0 Client Identifier valid at the Authorization Server.
|
||||
* @param clientSecret The client secret known only by the Client and the Authorization Server.
|
||||
* @param httpClient The {@link HttpClient} instance to use.
|
||||
*/
|
||||
public OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint, String clientId, String clientSecret)
|
||||
public OpenIdConfiguration(String issuer, String authorizationEndpoint, String tokenEndpoint,
|
||||
String clientId, String clientSecret, HttpClient httpClient)
|
||||
{
|
||||
this.issuer = issuer;
|
||||
this.clientId = clientId;
|
||||
this.clientSecret = clientSecret;
|
||||
this.authEndpoint = authorizationEndpoint;
|
||||
this.tokenEndpoint = tokenEndpoint;
|
||||
this.httpClient = httpClient != null ? httpClient : newHttpClient();
|
||||
|
||||
if (issuer == null)
|
||||
throw new IllegalArgumentException("Provider was not configured");
|
||||
if (this.issuer == null)
|
||||
throw new IllegalArgumentException("Issuer was not configured");
|
||||
|
||||
if (tokenEndpoint == null || authorizationEndpoint == null)
|
||||
addBean(this.httpClient);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doStart() throws Exception
|
||||
{
|
||||
super.doStart();
|
||||
|
||||
if (authEndpoint == null || tokenEndpoint == null)
|
||||
{
|
||||
Map<String, Object> discoveryDocument = fetchOpenIdConnectMetadata(issuer);
|
||||
Map<String, Object> discoveryDocument = fetchOpenIdConnectMetadata(issuer, httpClient);
|
||||
|
||||
this.authEndpoint = (String)discoveryDocument.get("authorization_endpoint");
|
||||
if (this.authEndpoint == null)
|
||||
authEndpoint = (String)discoveryDocument.get("authorization_endpoint");
|
||||
if (authEndpoint == null)
|
||||
throw new IllegalArgumentException("authorization_endpoint");
|
||||
|
||||
this.tokenEndpoint = (String)discoveryDocument.get("token_endpoint");
|
||||
if (this.tokenEndpoint == null)
|
||||
tokenEndpoint = (String)discoveryDocument.get("token_endpoint");
|
||||
if (tokenEndpoint == null)
|
||||
throw new IllegalArgumentException("token_endpoint");
|
||||
|
||||
if (!Objects.equals(discoveryDocument.get("issuer"), issuer))
|
||||
LOG.warn("The provider in the metadata is not correct.");
|
||||
}
|
||||
else
|
||||
{
|
||||
this.authEndpoint = authorizationEndpoint;
|
||||
this.tokenEndpoint = tokenEndpoint;
|
||||
LOG.warn("The issuer in the metadata is not correct.");
|
||||
}
|
||||
}
|
||||
|
||||
private static Map<String, Object> fetchOpenIdConnectMetadata(String provider)
|
||||
private static HttpClient newHttpClient()
|
||||
{
|
||||
ClientConnector connector = new ClientConnector();
|
||||
connector.setSslContextFactory(new SslContextFactory.Client(false));
|
||||
return new HttpClient(new HttpClientTransportOverHTTP(connector));
|
||||
}
|
||||
|
||||
private static Map<String, Object> fetchOpenIdConnectMetadata(String provider, HttpClient httpClient)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (provider.endsWith("/"))
|
||||
provider = provider.substring(0, provider.length() - 1);
|
||||
|
||||
URI providerUri = URI.create(provider + CONFIG_PATH);
|
||||
InputStream inputStream = providerUri.toURL().openConnection().getInputStream();
|
||||
String content = IO.toString(inputStream);
|
||||
Map<String, Object> discoveryDocument = (Map)JSON.parse(content);
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("discovery document {}", discoveryDocument);
|
||||
Map<String, Object> result;
|
||||
String responseBody = httpClient.GET(provider + CONFIG_PATH)
|
||||
.getContentAsString();
|
||||
Object parsedResult = JSON.parse(responseBody);
|
||||
|
||||
return discoveryDocument;
|
||||
if (parsedResult instanceof Map)
|
||||
{
|
||||
Map<?, ?> rawResult = (Map)parsedResult;
|
||||
result = rawResult.entrySet().stream()
|
||||
.collect(Collectors.toMap(it -> it.getKey().toString(), Map.Entry::getValue));
|
||||
}
|
||||
else
|
||||
{
|
||||
LOG.warn("OpenID provider did not return a proper JSON object response. Result was '{}'", responseBody);
|
||||
throw new IllegalStateException("Could not parse OpenID provider's malformed response");
|
||||
}
|
||||
|
||||
LOG.debug("discovery document {}", result);
|
||||
|
||||
return result;
|
||||
}
|
||||
catch (Throwable e)
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new IllegalArgumentException("invalid identity provider", e);
|
||||
}
|
||||
}
|
||||
|
||||
public HttpClient getHttpClient()
|
||||
{
|
||||
return httpClient;
|
||||
}
|
||||
|
||||
public String getAuthEndpoint()
|
||||
{
|
||||
return authEndpoint;
|
||||
|
|
|
|||
|
|
@ -18,20 +18,19 @@
|
|||
|
||||
package org.eclipse.jetty.security.openid;
|
||||
|
||||
import java.io.DataOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.Serializable;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.eclipse.jetty.util.IO;
|
||||
import org.eclipse.jetty.util.UrlEncoded;
|
||||
import org.eclipse.jetty.client.HttpClient;
|
||||
import org.eclipse.jetty.client.api.ContentResponse;
|
||||
import org.eclipse.jetty.client.api.Request;
|
||||
import org.eclipse.jetty.client.util.FormContentProvider;
|
||||
import org.eclipse.jetty.util.Fields;
|
||||
import org.eclipse.jetty.util.ajax.JSON;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
|
@ -42,7 +41,7 @@ import org.eclipse.jetty.util.log.Logger;
|
|||
*
|
||||
* <p>
|
||||
* This is constructed with an authorization code from the authentication request. This authorization code
|
||||
* is then exchanged using {@link #redeemAuthCode()} for a response containing the ID Token and Access Token.
|
||||
* is then exchanged using {@link #redeemAuthCode(HttpClient)} for a response containing the ID Token and Access Token.
|
||||
* The response is then validated against the {@link OpenIdConfiguration}.
|
||||
* </p>
|
||||
*/
|
||||
|
|
@ -79,7 +78,7 @@ public class OpenIdCredentials implements Serializable
|
|||
return response;
|
||||
}
|
||||
|
||||
public void redeemAuthCode() throws IOException
|
||||
public void redeemAuthCode(HttpClient httpClient) throws Exception
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("redeemAuthCode() {}", this);
|
||||
|
|
@ -88,7 +87,7 @@ public class OpenIdCredentials implements Serializable
|
|||
{
|
||||
try
|
||||
{
|
||||
response = claimAuthCode(authCode);
|
||||
response = claimAuthCode(httpClient, authCode);
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("response: {}", response);
|
||||
|
||||
|
|
@ -186,7 +185,10 @@ public class OpenIdCredentials implements Serializable
|
|||
String jwtClaimString = new String(decoder.decode(padJWTSection(sections[1])), StandardCharsets.UTF_8);
|
||||
String jwtSignature = sections[2];
|
||||
|
||||
Map<String, Object> jwtHeader = (Map)JSON.parse(jwtHeaderString);
|
||||
Object parsedJwtHeader = JSON.parse(jwtHeaderString);
|
||||
if (!(parsedJwtHeader instanceof Map))
|
||||
throw new IllegalStateException("Invalid JWT header");
|
||||
Map<String, Object> jwtHeader = (Map)parsedJwtHeader;
|
||||
LOG.debug("JWT Header: {}", jwtHeader);
|
||||
|
||||
/* If the ID Token is received via direct communication between the Client
|
||||
|
|
@ -195,7 +197,11 @@ public class OpenIdCredentials implements Serializable
|
|||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("JWT signature not validated {}", jwtSignature);
|
||||
|
||||
return (Map)JSON.parse(jwtClaimString);
|
||||
Object parsedClaims = JSON.parse(jwtClaimString);
|
||||
if (!(parsedClaims instanceof Map))
|
||||
throw new IllegalStateException("Could not decode JSON for JWT claims.");
|
||||
|
||||
return (Map)parsedClaims;
|
||||
}
|
||||
|
||||
private static byte[] padJWTSection(String unpaddedEncodedJwtSection)
|
||||
|
|
@ -224,40 +230,27 @@ public class OpenIdCredentials implements Serializable
|
|||
return paddedEncodedJwtSection;
|
||||
}
|
||||
|
||||
private Map<String, Object> claimAuthCode(String authCode) throws IOException
|
||||
private Map<String, Object> claimAuthCode(HttpClient httpClient, String authCode) throws Exception
|
||||
{
|
||||
Fields fields = new Fields();
|
||||
fields.add("code", authCode);
|
||||
fields.add("client_id", configuration.getClientId());
|
||||
fields.add("client_secret", configuration.getClientSecret());
|
||||
fields.add("redirect_uri", redirectUri);
|
||||
fields.add("grant_type", "authorization_code");
|
||||
FormContentProvider formContentProvider = new FormContentProvider(fields);
|
||||
Request request = httpClient.POST(configuration.getTokenEndpoint())
|
||||
.content(formContentProvider)
|
||||
.timeout(10, TimeUnit.SECONDS);
|
||||
ContentResponse response = request.send();
|
||||
String responseBody = response.getContentAsString();
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("claimAuthCode {}", authCode);
|
||||
LOG.debug("Authentication response: {}", responseBody);
|
||||
|
||||
// Use the authorization code to get the id_token from the OpenID Provider
|
||||
String urlParameters = "code=" + authCode +
|
||||
"&client_id=" + UrlEncoded.encodeString(configuration.getClientId(), StandardCharsets.UTF_8) +
|
||||
"&client_secret=" + UrlEncoded.encodeString(configuration.getClientSecret(), StandardCharsets.UTF_8) +
|
||||
"&redirect_uri=" + UrlEncoded.encodeString(redirectUri, StandardCharsets.UTF_8) +
|
||||
"&grant_type=authorization_code";
|
||||
Object parsedResponse = JSON.parse(responseBody);
|
||||
if (!(parsedResponse instanceof Map))
|
||||
throw new IllegalStateException("Malformed response from OpenID Provider");
|
||||
|
||||
URL url = new URL(configuration.getTokenEndpoint());
|
||||
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
||||
try
|
||||
{
|
||||
connection.setDoOutput(true);
|
||||
connection.setRequestMethod("POST");
|
||||
connection.setRequestProperty("Host", configuration.getIssuer());
|
||||
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
|
||||
|
||||
try (DataOutputStream wr = new DataOutputStream(connection.getOutputStream()))
|
||||
{
|
||||
wr.write(urlParameters.getBytes(StandardCharsets.UTF_8));
|
||||
}
|
||||
|
||||
try (InputStream content = (InputStream)connection.getContent())
|
||||
{
|
||||
return (Map)JSON.parse(IO.toString(content));
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
connection.disconnect();
|
||||
}
|
||||
return (Map)parsedResponse;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import java.security.Principal;
|
|||
import javax.security.auth.Subject;
|
||||
import javax.servlet.ServletRequest;
|
||||
|
||||
import org.eclipse.jetty.client.HttpClient;
|
||||
import org.eclipse.jetty.security.IdentityService;
|
||||
import org.eclipse.jetty.security.LoginService;
|
||||
import org.eclipse.jetty.server.UserIdentity;
|
||||
|
|
@ -40,8 +41,9 @@ public class OpenIdLoginService extends ContainerLifeCycle implements LoginServi
|
|||
{
|
||||
private static final Logger LOG = Log.getLogger(OpenIdLoginService.class);
|
||||
|
||||
private final OpenIdConfiguration _configuration;
|
||||
private final OpenIdConfiguration configuration;
|
||||
private final LoginService loginService;
|
||||
private final HttpClient httpClient;
|
||||
private IdentityService identityService;
|
||||
private boolean authenticateNewUsers;
|
||||
|
||||
|
|
@ -59,20 +61,22 @@ public class OpenIdLoginService extends ContainerLifeCycle implements LoginServi
|
|||
*/
|
||||
public OpenIdLoginService(OpenIdConfiguration configuration, LoginService loginService)
|
||||
{
|
||||
_configuration = configuration;
|
||||
this.configuration = configuration;
|
||||
this.loginService = loginService;
|
||||
this.httpClient = configuration.getHttpClient();
|
||||
addBean(this.configuration);
|
||||
addBean(this.loginService);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName()
|
||||
{
|
||||
return _configuration.getIssuer();
|
||||
return configuration.getIssuer();
|
||||
}
|
||||
|
||||
public OpenIdConfiguration getConfiguration()
|
||||
{
|
||||
return _configuration;
|
||||
return configuration;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -84,7 +88,7 @@ public class OpenIdLoginService extends ContainerLifeCycle implements LoginServi
|
|||
OpenIdCredentials openIdCredentials = (OpenIdCredentials)credentials;
|
||||
try
|
||||
{
|
||||
openIdCredentials.redeemAuthCode();
|
||||
openIdCredentials.redeemAuthCode(httpClient);
|
||||
if (openIdCredentials.isExpired())
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@
|
|||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="sendServerVersion">true</Set>
|
||||
<Set name="sendDateHeader">false</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
-->
|
||||
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
||||
|
|
@ -61,7 +61,7 @@
|
|||
<Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" default="8192" /></Set>
|
||||
<Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" default="true" /></Set>
|
||||
<Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" default="false" /></Set>
|
||||
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="4096" /></Set>
|
||||
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="1024" /></Set>
|
||||
<Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" default="true"/></Set>
|
||||
<Set name="maxErrorDispatches"><Property name="jetty.httpConfig.maxErrorDispatches" default="10"/></Set>
|
||||
<Set name="persistentConnectionsEnabled"><Property name="jetty.httpConfig.persistentConnectionsEnabled" default="true"/></Set>
|
||||
|
|
|
|||
|
|
@ -42,8 +42,8 @@
|
|||
</Set>
|
||||
|
||||
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
||||
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https"/></Set>
|
||||
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https"/></Set>
|
||||
<Set name="secureScheme" property="jetty.httpConfig.secureScheme"/>
|
||||
<Set name="securePort" property="jetty.httpConfig.securePort"/>
|
||||
<Set name="outputBufferSize" property="jetty.httpConfig.outputBufferSize"/>
|
||||
<Set name="outputAggregationSize" property="jetty.httpConfig.outputAggregationSize"/>
|
||||
<Set name="requestHeaderSize" property="jetty.httpConfig.requestHeaderSize"/>
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@
|
|||
<!-- for all configuration that may be set here. -->
|
||||
<!-- =========================================================== -->
|
||||
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
|
||||
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set>
|
||||
<Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set>
|
||||
<Set name="secureScheme" property="jetty.httpConfig.secureScheme"/>
|
||||
<Set name="securePort" property="jetty.httpConfig.securePort"/>
|
||||
<Set name="outputBufferSize" property="jetty.httpConfig.outputBufferSize"/>
|
||||
<Set name="outputAggregationSize" property="jetty.httpConfig.outputAggregationSize"/>
|
||||
<Set name="requestHeaderSize" property="jetty.httpConfig.requestHeaderSize"/>
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ etc/jetty.xml
|
|||
# jetty.httpConfig.sendDateHeader=false
|
||||
|
||||
## Max per-connection header cache size (in nodes)
|
||||
# jetty.httpConfig.headerCacheSize=4096
|
||||
# jetty.httpConfig.headerCacheSize=1024
|
||||
|
||||
## Whether, for requests with content, delay dispatch until some content has arrived
|
||||
# jetty.httpConfig.delayDispatchUntilContent=true
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public class HttpConfiguration implements Dumpable
|
|||
private int _outputAggregationSize = _outputBufferSize / 4;
|
||||
private int _requestHeaderSize = 8 * 1024;
|
||||
private int _responseHeaderSize = 8 * 1024;
|
||||
private int _headerCacheSize = 4 * 1024;
|
||||
private int _headerCacheSize = 1024;
|
||||
private boolean _headerCacheCaseSensitive = false;
|
||||
private int _securePort;
|
||||
private long _idleTimeout = -1;
|
||||
|
|
|
|||
|
|
@ -832,12 +832,11 @@ public class HttpConnectionTest
|
|||
@Test
|
||||
public void testBadURIencoding() throws Exception
|
||||
{
|
||||
// The URI is being leniently decoded, leaving the "%x" alone
|
||||
String response = connector.getResponse("GET /bad/encoding%x HTTP/1.1\r\n" +
|
||||
"Host: localhost\r\n" +
|
||||
"Connection: close\r\n" +
|
||||
"\r\n");
|
||||
checkContains(response, 0, "HTTP/1.1 200");
|
||||
checkContains(response, 0, "HTTP/1.1 400");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -251,6 +251,24 @@ public abstract class HttpServerTestBase extends HttpServerTestFixture
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBadURI() throws Exception
|
||||
{
|
||||
configureServer(new HelloWorldHandler());
|
||||
|
||||
try (Socket client = newSocket(_serverURI.getHost(), _serverURI.getPort()))
|
||||
{
|
||||
OutputStream os = client.getOutputStream();
|
||||
|
||||
os.write("GET /%xx HTTP/1.0\r\n\r\n".getBytes(StandardCharsets.ISO_8859_1));
|
||||
os.flush();
|
||||
|
||||
// Read the response.
|
||||
String response = readResponse(client);
|
||||
|
||||
assertThat(response, Matchers.containsString("HTTP/1.1 400 "));
|
||||
}
|
||||
}
|
||||
@Test
|
||||
public void testExceptionThrownInHandlerLoop() throws Exception
|
||||
{
|
||||
|
|
|
|||
|
|
@ -470,75 +470,25 @@ public class URIUtil
|
|||
builder = new Utf8StringBuilder(path.length());
|
||||
builder.append(path, offset, i - offset);
|
||||
}
|
||||
|
||||
// lenient percent decoding
|
||||
if (i >= end)
|
||||
if ((i + 2) < end)
|
||||
{
|
||||
// [LENIENT] a percent sign at end of string.
|
||||
builder.append('%');
|
||||
i = end;
|
||||
}
|
||||
else if (end > (i + 1))
|
||||
{
|
||||
char type = path.charAt(i + 1);
|
||||
if (type == 'u')
|
||||
char u = path.charAt(i + 1);
|
||||
if (u == 'u')
|
||||
{
|
||||
// We have a possible (deprecated) microsoft unicode code point "%u####"
|
||||
// - not recommended to use as it's limited to 2 bytes.
|
||||
if ((i + 5) >= end)
|
||||
{
|
||||
// [LENIENT] we have a partial "%u####" at the end of a string.
|
||||
builder.append(path, i, (end - i));
|
||||
i = end;
|
||||
}
|
||||
else
|
||||
{
|
||||
// this seems wrong, as we are casting to a char, but that's the known
|
||||
// limitation of this deprecated encoding (only 2 bytes allowed)
|
||||
if (StringUtil.isHex(path, i + 2, 4))
|
||||
{
|
||||
int codepoint = 0xffff & TypeUtil.parseInt(path, i + 2, 4, 16);
|
||||
char[] chars = Character.toChars(codepoint);
|
||||
for (char ch : chars)
|
||||
{
|
||||
builder.append(ch);
|
||||
}
|
||||
i += 5;
|
||||
}
|
||||
else
|
||||
{
|
||||
// [LENIENT] copy the "%u" as-is.
|
||||
builder.append(path, i, 2);
|
||||
i += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (end > (i + 2))
|
||||
{
|
||||
// we have a possible "%##" encoding
|
||||
if (StringUtil.isHex(path, i + 1, 2))
|
||||
{
|
||||
builder.append((byte)TypeUtil.parseInt(path, i + 1, 2, 16));
|
||||
i += 2;
|
||||
}
|
||||
else
|
||||
{
|
||||
builder.append(path, i, 3);
|
||||
i += 2;
|
||||
}
|
||||
// TODO remove %u support in jetty-10
|
||||
// this is wrong. This is a codepoint not a char
|
||||
builder.append((char)(0xffff & TypeUtil.parseInt(path, i + 2, 4, 16)));
|
||||
i += 5;
|
||||
}
|
||||
else
|
||||
{
|
||||
// [LENIENT] incomplete "%##" sequence at end of string
|
||||
builder.append(path, i, (end - i));
|
||||
i = end;
|
||||
builder.append((byte)(0xff & (TypeUtil.convertHexDigit(u) * 16 + TypeUtil.convertHexDigit(path.charAt(i + 2)))));
|
||||
i += 2;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// [LENIENT] the "%" at the end of the string
|
||||
builder.append(path, i, (end - i));
|
||||
i = end;
|
||||
throw new IllegalArgumentException("Bad URI % encoding");
|
||||
}
|
||||
|
||||
break;
|
||||
|
|
@ -576,10 +526,18 @@ public class URIUtil
|
|||
}
|
||||
catch (NotUtf8Exception e)
|
||||
{
|
||||
LOG.warn(path.substring(offset, offset + length) + " " + e);
|
||||
LOG.debug(e);
|
||||
LOG.debug(path.substring(offset, offset + length) + " " + e);
|
||||
return decodeISO88591Path(path, offset, length);
|
||||
}
|
||||
catch (IllegalArgumentException e)
|
||||
{
|
||||
throw e;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new IllegalArgumentException("cannot decode URI", e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* Decode a URI path and strip parameters of ISO-8859-1 path
|
||||
|
|
@ -604,13 +562,14 @@ public class URIUtil
|
|||
char u = path.charAt(i + 1);
|
||||
if (u == 'u')
|
||||
{
|
||||
// TODO this is wrong. This is a codepoint not a char
|
||||
// TODO remove %u encoding support in jetty-10
|
||||
// This is wrong. This is a codepoint not a char
|
||||
builder.append((char)(0xffff & TypeUtil.parseInt(path, i + 2, 4, 16)));
|
||||
i += 5;
|
||||
}
|
||||
else
|
||||
{
|
||||
builder.append((byte)(0xff & (TypeUtil.convertHexDigit(u) * 16 + TypeUtil.convertHexDigit(path.charAt(i + 2)))));
|
||||
builder.append((char)(0xff & (TypeUtil.convertHexDigit(u) * 16 + TypeUtil.convertHexDigit(path.charAt(i + 2)))));
|
||||
i += 2;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
|
|||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
/**
|
||||
|
|
@ -94,18 +95,6 @@ public class URIUtilTest
|
|||
|
||||
// Deprecated Microsoft Percent-U encoding
|
||||
arguments.add(Arguments.of("abc%u3040", "abc\u3040"));
|
||||
|
||||
// Lenient decode
|
||||
arguments.add(Arguments.of("abc%xyz", "abc%xyz")); // not a "%##"
|
||||
arguments.add(Arguments.of("abc%", "abc%")); // percent at end of string
|
||||
arguments.add(Arguments.of("abc%A", "abc%A")); // incomplete "%##" at end of string
|
||||
arguments.add(Arguments.of("abc%uvwxyz", "abc%uvwxyz")); // not a valid "%u####"
|
||||
arguments.add(Arguments.of("abc%uEFGHIJ", "abc%uEFGHIJ")); // not a valid "%u####"
|
||||
arguments.add(Arguments.of("abc%uABC", "abc%uABC")); // incomplete "%u####"
|
||||
arguments.add(Arguments.of("abc%uAB", "abc%uAB")); // incomplete "%u####"
|
||||
arguments.add(Arguments.of("abc%uA", "abc%uA")); // incomplete "%u####"
|
||||
arguments.add(Arguments.of("abc%u", "abc%u")); // incomplete "%u####"
|
||||
|
||||
return arguments.stream();
|
||||
}
|
||||
|
||||
|
|
@ -117,6 +106,60 @@ public class URIUtilTest
|
|||
assertEquals(expectedPath, path);
|
||||
}
|
||||
|
||||
public static Stream<Arguments> decodeBadPathSource()
|
||||
{
|
||||
List<Arguments> arguments = new ArrayList<>();
|
||||
|
||||
// Test for null character (real world ugly test case)
|
||||
// TODO is this a bad decoding or a bad URI ?
|
||||
// arguments.add(Arguments.of("/%00/"));
|
||||
|
||||
// Deprecated Microsoft Percent-U encoding
|
||||
// TODO still supported for now ?
|
||||
// arguments.add(Arguments.of("abc%u3040"));
|
||||
|
||||
// Bad %## encoding
|
||||
arguments.add(Arguments.of("abc%xyz"));
|
||||
|
||||
// Incomplete %## encoding
|
||||
arguments.add(Arguments.of("abc%"));
|
||||
arguments.add(Arguments.of("abc%A"));
|
||||
|
||||
// Invalid microsoft %u#### encoding
|
||||
arguments.add(Arguments.of("abc%uvwxyz"));
|
||||
arguments.add(Arguments.of("abc%uEFGHIJ"));
|
||||
|
||||
// Incomplete microsoft %u#### encoding
|
||||
arguments.add(Arguments.of("abc%uABC"));
|
||||
arguments.add(Arguments.of("abc%uAB"));
|
||||
arguments.add(Arguments.of("abc%uA"));
|
||||
arguments.add(Arguments.of("abc%u"));
|
||||
|
||||
// Invalid UTF-8 and ISO8859-1
|
||||
// TODO currently ISO8859 is too forgiving to detect these
|
||||
/*
|
||||
arguments.add(Arguments.of("abc%C3%28")); // invalid 2 octext sequence
|
||||
arguments.add(Arguments.of("abc%A0%A1")); // invalid 2 octext sequence
|
||||
arguments.add(Arguments.of("abc%e2%28%a1")); // invalid 3 octext sequence
|
||||
arguments.add(Arguments.of("abc%e2%82%28")); // invalid 3 octext sequence
|
||||
arguments.add(Arguments.of("abc%f0%28%8c%bc")); // invalid 4 octext sequence
|
||||
arguments.add(Arguments.of("abc%f0%90%28%bc")); // invalid 4 octext sequence
|
||||
arguments.add(Arguments.of("abc%f0%28%8c%28")); // invalid 4 octext sequence
|
||||
arguments.add(Arguments.of("abc%f8%a1%a1%a1%a1")); // valid sequence, but not unicode
|
||||
arguments.add(Arguments.of("abc%fc%a1%a1%a1%a1%a1")); // valid sequence, but not unicode
|
||||
arguments.add(Arguments.of("abc%f8%a1%a1%a1")); // incomplete sequence
|
||||
*/
|
||||
|
||||
return arguments.stream();
|
||||
}
|
||||
|
||||
@ParameterizedTest(name = "[{index}] {0}")
|
||||
@MethodSource("decodeBadPathSource")
|
||||
public void testBadDecodePath(String encodedPath)
|
||||
{
|
||||
assertThrows(IllegalArgumentException.class, () -> URIUtil.decodePath(encodedPath));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDecodePathSubstring()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -18,93 +18,132 @@
|
|||
|
||||
package org.eclipse.jetty.util.resource;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.InvalidPathException;
|
||||
import java.nio.file.Path;
|
||||
|
||||
import org.eclipse.jetty.toolchain.test.FS;
|
||||
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.eclipse.jetty.toolchain.test.jupiter.WorkDir;
|
||||
import org.eclipse.jetty.toolchain.test.jupiter.WorkDirExtension;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
@ExtendWith(WorkDirExtension.class)
|
||||
public class ResourceAliasTest
|
||||
{
|
||||
static File __dir;
|
||||
public WorkDir workDir;
|
||||
|
||||
@BeforeAll
|
||||
public static void beforeClass()
|
||||
@Test
|
||||
public void testPercentPaths() throws IOException
|
||||
{
|
||||
__dir = MavenTestingUtils.getTargetTestingDir("RAT");
|
||||
}
|
||||
Path baseDir = workDir.getEmptyPathDir();
|
||||
|
||||
@BeforeEach
|
||||
public void before()
|
||||
{
|
||||
FS.ensureDirExists(__dir);
|
||||
FS.ensureEmpty(__dir);
|
||||
Path foo = baseDir.resolve("%foo");
|
||||
Files.createDirectories(foo);
|
||||
|
||||
Path bar = foo.resolve("bar%");
|
||||
Files.createDirectories(bar);
|
||||
|
||||
Path text = bar.resolve("test.txt");
|
||||
FS.touch(text);
|
||||
|
||||
// At this point we have a path .../%foo/bar%/test.txt present on the filesystem.
|
||||
// This would also apply for paths found in JAR files (like META-INF/resources/%foo/bar%/test.txt)
|
||||
|
||||
assertTrue(Files.exists(text));
|
||||
|
||||
Resource baseResource = new PathResource(baseDir);
|
||||
assertTrue(baseResource.exists(), "baseResource exists");
|
||||
|
||||
Resource fooResource = baseResource.addPath("%foo");
|
||||
assertTrue(fooResource.exists(), "fooResource exists");
|
||||
assertTrue(fooResource.isDirectory(), "fooResource isDir");
|
||||
assertFalse(fooResource.isAlias(), "fooResource isAlias");
|
||||
|
||||
Resource barResource = fooResource.addPath("bar%");
|
||||
assertTrue(barResource.exists(), "barResource exists");
|
||||
assertTrue(barResource.isDirectory(), "barResource isDir");
|
||||
assertFalse(barResource.isAlias(), "barResource isAlias");
|
||||
|
||||
Resource textResource = barResource.addPath("test.txt");
|
||||
assertTrue(textResource.exists(), "textResource exists");
|
||||
assertFalse(textResource.isDirectory(), "textResource isDir");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNullCharEndingFilename() throws Exception
|
||||
{
|
||||
File file = new File(__dir, "test.txt");
|
||||
assertFalse(file.exists());
|
||||
assertTrue(file.createNewFile());
|
||||
assertTrue(file.exists());
|
||||
Path baseDir = workDir.getEmptyPathDir();
|
||||
|
||||
File file0 = new File(__dir, "test.txt\0");
|
||||
if (!file0.exists())
|
||||
return; // this file system does not suffer this problem
|
||||
|
||||
assertTrue(file0.exists()); // This is an alias!
|
||||
|
||||
Resource dir = Resource.newResource(__dir);
|
||||
|
||||
// Test not alias paths
|
||||
Resource resource = Resource.newResource(file);
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.getAbsoluteFile());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.toURI());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.toURI().toString());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = dir.addPath("test.txt");
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
|
||||
// Test alias paths
|
||||
resource = Resource.newResource(file0);
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.getAbsoluteFile());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.toURI());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.toURI().toString());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
Path file = baseDir.resolve("test.txt");
|
||||
FS.touch(file);
|
||||
|
||||
try
|
||||
{
|
||||
resource = dir.addPath("test.txt\0");
|
||||
Path file0 = baseDir.resolve("test.txt\0");
|
||||
if (!Files.exists(file0))
|
||||
return; // this file system does get tricked by ending filenames
|
||||
|
||||
assertThat(file0 + " exists", Files.exists(file0), is(true)); // This is an alias!
|
||||
|
||||
Resource dir = Resource.newResource(baseDir);
|
||||
|
||||
// Test not alias paths
|
||||
Resource resource = Resource.newResource(file);
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.toAbsolutePath());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.toUri());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = Resource.newResource(file.toUri().toString());
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
resource = dir.addPath("test.txt");
|
||||
assertTrue(resource.exists());
|
||||
assertNull(resource.getAlias());
|
||||
|
||||
// Test alias paths
|
||||
resource = Resource.newResource(file0);
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.toAbsolutePath());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.toUri());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
resource = Resource.newResource(file0.toUri().toString());
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
|
||||
try
|
||||
{
|
||||
resource = dir.addPath("test.txt\0");
|
||||
assertTrue(resource.exists());
|
||||
assertNotNull(resource.getAlias());
|
||||
}
|
||||
catch (MalformedURLException e)
|
||||
{
|
||||
assertTrue(true);
|
||||
}
|
||||
}
|
||||
catch (MalformedURLException e)
|
||||
catch (InvalidPathException e)
|
||||
{
|
||||
assertTrue(true);
|
||||
// this file system does allow null char ending filenames
|
||||
Log.getRootLogger().ignore(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="sendServerVersion">true</Set>
|
||||
<Set name="sendDateHeader">false</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
</New>
|
||||
|
||||
<!-- =========================================================== -->
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
<Set name="responseHeaderSize">8192</Set>
|
||||
<Set name="sendServerVersion">true</Set>
|
||||
<Set name="sendDateHeader">false</Set>
|
||||
<Set name="headerCacheSize">4096</Set>
|
||||
<Set name="headerCacheSize">1024</Set>
|
||||
|
||||
<!-- Uncomment to enable handling of X-Forwarded- style headers
|
||||
<Call name="addCustomizer">
|
||||
|
|
|
|||
Loading…
Reference in New Issue