context.setDelegate(true);
context.setJarScanner(new NullJarScanner());
context.setAllowCasualMultipartParsing(true);
+ context.setCookies(false);
return context;
} catch (ServletException e) {
throw new IllegalStateException("Fail to configure webapp from " + dir, e);
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {
HttpServletRequest hsr = (HttpServletRequest) request;
if (filters.length == 0) {
- chain.doFilter(request, response);
+ chain.doFilter(hsr, response);
} else {
String path = hsr.getRequestURI().replaceFirst(hsr.getContextPath(), "");
GodFilterChain godChain = new GodFilterChain(chain);
godChain.addFilter(filter);
}
}
- godChain.doFilter(request, response);
+ godChain.doFilter(hsr, response);
}
}
filters.add(filter);
}
}
+
}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2016 SonarSource SA
- * mailto:contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.platform.web;
-
-import com.google.common.collect.ImmutableSet;
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.utils.log.Loggers;
-import org.sonar.api.utils.log.Profiler;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-import java.io.IOException;
-import java.util.Set;
-
-/**
- * <p>Profile HTTP requests using platform profiling utility.</p>
- * <p>To avoid profiling of requests for static resources, the <code>staticDirs</code>
- * filter parameter can be set in the servlet context descriptor. This parameter should
- * contain a comma-separated list of paths, starting at the context root;
- * requests on subpaths of these paths will not be profiled.</p>
- *
- * @since 4.1
- */
-public class ProfilingFilter implements Filter {
-
- private static final String CONFIG_SEPARATOR = ",";
- private static final String URL_SEPARATOR = "/";
-
- private static final String MESSAGE_WITH_QUERY = "%s %s?%s";
- private static final String MESSAGE_WITHOUT_QUERY = "%s %s";
- public static final org.sonar.api.utils.log.Logger Logger = Loggers.get("http");
-
- private String contextRoot;
- private Set<String> staticResourceDirs;
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- contextRoot = filterConfig.getServletContext().getContextPath();
-
- String staticResourcesConfig = filterConfig.getInitParameter("staticDirs");
- if (StringUtils.isNotBlank(staticResourcesConfig)) {
- staticResourceDirs = ImmutableSet.copyOf(staticResourcesConfig.split(CONFIG_SEPARATOR));
- } else {
- staticResourceDirs = ImmutableSet.of();
- }
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- if (request instanceof HttpServletRequest) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- String requestUri = httpRequest.getRequestURI();
- String rootDir = getRootDir(requestUri);
-
- if (staticResourceDirs.contains(rootDir)) {
- // Static resource, not profiled
- chain.doFilter(request, response);
- } else {
- Profiler profiler = Profiler.createIfDebug(Logger).start();
- try {
- chain.doFilter(request, response);
- } finally {
- if (profiler.isDebugEnabled()) {
- String queryString = httpRequest.getQueryString();
- String message = String.format(queryString == null ? MESSAGE_WITHOUT_QUERY : MESSAGE_WITH_QUERY, httpRequest.getMethod(), requestUri, queryString);
- profiler.stopDebug(message);
- }
- }
- }
- } else {
- // Not an HTTP request, not profiled
- chain.doFilter(request, response);
- }
- }
-
- private String getRootDir(String requestUri) {
- String rootPath = "";
- String localPath = StringUtils.substringAfter(requestUri, contextRoot);
- if (localPath.startsWith(URL_SEPARATOR)) {
- int secondSlash = localPath.indexOf(URL_SEPARATOR, 1);
- if (secondSlash > 0) {
- rootPath = URL_SEPARATOR + localPath.substring(1, secondSlash);
- }
- }
- return rootPath;
- }
-
- @Override
- public void destroy() {
- // Nothing
- }
-}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.platform.web;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableSet;
+import java.io.IOException;
+import java.util.Set;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.utils.log.Loggers;
+import org.sonar.api.utils.log.Profiler;
+
+/**
+ * <p>Profile HTTP requests using platform profiling utility.</p>
+ * <p>To avoid profiling of requests for static resources, the <code>staticDirs</code>
+ * filter parameter can be set in the servlet context descriptor. This parameter should
+ * contain a comma-separated list of paths, starting at the context root;
+ * requests on subpaths of these paths will not be profiled.</p>
+ *
+ * @since 4.1
+ */
+public class RootFilter implements Filter {
+
+ private static final String CONFIG_SEPARATOR = ",";
+ private static final String URL_SEPARATOR = "/";
+
+ private static final String MESSAGE_WITH_QUERY = "%s %s?%s";
+ private static final String MESSAGE_WITHOUT_QUERY = "%s %s";
+ public static final org.sonar.api.utils.log.Logger Logger = Loggers.get("http");
+
+ private String contextRoot;
+ private Set<String> staticResourceDirs;
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ contextRoot = filterConfig.getServletContext().getContextPath();
+
+ String staticResourcesConfig = filterConfig.getInitParameter("staticDirs");
+ if (StringUtils.isNotBlank(staticResourcesConfig)) {
+ staticResourceDirs = ImmutableSet.copyOf(staticResourcesConfig.split(CONFIG_SEPARATOR));
+ } else {
+ staticResourceDirs = ImmutableSet.of();
+ }
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ if (request instanceof HttpServletRequest) {
+ HttpServletRequest httpRequest = new ServletRequestWrapper((HttpServletRequest) request);
+ String requestUri = httpRequest.getRequestURI();
+ String rootDir = getRootDir(requestUri);
+
+ if (staticResourceDirs.contains(rootDir)) {
+ // Static resource, not profiled
+ chain.doFilter(httpRequest, response);
+ } else {
+ Profiler profiler = Profiler.createIfDebug(Logger).start();
+ try {
+ chain.doFilter(httpRequest, response);
+ } finally {
+ if (profiler.isDebugEnabled()) {
+ String queryString = httpRequest.getQueryString();
+ String message = String.format(queryString == null ? MESSAGE_WITHOUT_QUERY : MESSAGE_WITH_QUERY, httpRequest.getMethod(), requestUri, queryString);
+ profiler.stopDebug(message);
+ }
+ }
+ }
+ } else {
+ // Not an HTTP request, not profiled
+ chain.doFilter(request, response);
+ }
+ }
+
+ private String getRootDir(String requestUri) {
+ String rootPath = "";
+ String localPath = StringUtils.substringAfter(requestUri, contextRoot);
+ if (localPath.startsWith(URL_SEPARATOR)) {
+ int secondSlash = localPath.indexOf(URL_SEPARATOR, 1);
+ if (secondSlash > 0) {
+ rootPath = URL_SEPARATOR + localPath.substring(1, secondSlash);
+ }
+ }
+ return rootPath;
+ }
+
+ @Override
+ public void destroy() {
+ // Nothing
+ }
+
+ @VisibleForTesting
+ static class ServletRequestWrapper extends HttpServletRequestWrapper {
+
+ ServletRequestWrapper(HttpServletRequest request) {
+ super(request);
+ }
+
+ @Override
+ public HttpSession getSession(boolean create) {
+ throw notSupported();
+ }
+
+ @Override
+ public HttpSession getSession() {
+ throw notSupported();
+ }
+
+ private static UnsupportedOperationException notSupported() {
+ return new UnsupportedOperationException("Sessions are disabled so that web server is stateless");
+ }
+ }
+}
public class MasterServletFilterTest {
@Rule
- public ExpectedException thrown = ExpectedException.none();
+ public ExpectedException expectedException = ExpectedException.none();
@Before
public void resetSingleton() {
public void servlet_container_should_instantiate_only_a_single_master_instance() {
new MasterServletFilter();
- thrown.expect(IllegalStateException.class);
- thrown.expectMessage("Servlet filter org.sonar.server.platform.web.MasterServletFilter is already instantiated");
+ expectedException.expect(IllegalStateException.class);
+ expectedException.expectMessage("Servlet filter org.sonar.server.platform.web.MasterServletFilter is already instantiated");
new MasterServletFilter();
}
@Test
public void should_propagate_initialization_failure() throws Exception {
- thrown.expect(IllegalStateException.class);
- thrown.expectMessage("foo");
+ expectedException.expect(IllegalStateException.class);
+ expectedException.expectMessage("foo");
ServletFilter filter = mock(ServletFilter.class);
doThrow(new IllegalStateException("foo")).when(filter).init(any(FilterConfig.class));
private static int globalCount = 0;
private int count = 0;
+ @Override
public void init(FilterConfig filterConfig) throws ServletException {
}
+ @Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
globalCount++;
count = globalCount;
filterChain.doFilter(servletRequest, servletResponse);
}
+ @Override
public void destroy() {
}
-
}
+
}
+++ /dev/null
-/*
- * SonarQube
- * Copyright (C) 2009-2016 SonarSource SA
- * mailto:contact AT sonarsource DOT com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-package org.sonar.server.platform.web;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import org.sonar.server.platform.web.ProfilingFilter;
-
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class ProfilingFilterTest {
-
- private ProfilingFilter filter;
- private FilterChain chain;
-
- @Before
- public void initialize() throws Exception {
- FilterConfig filterConfig = mock(FilterConfig.class);
- when(filterConfig.getInitParameter("staticDirs")).thenReturn("/static,/assets");
- ServletContext context = mock(ServletContext.class);
- when(context.getContextPath()).thenReturn("/context");
- when(filterConfig.getServletContext()).thenReturn(context);
- chain = mock(FilterChain.class);
-
- filter = new ProfilingFilter();
- filter.init(filterConfig);
- }
-
- @Test
- public void should_profile_service_call() throws Exception {
- filter.doFilter(request("POST", "/context/service/call", "param=value"), null, chain);
- }
-
- @Test
- public void should_profile_service() throws Exception {
- filter.doFilter(request("POST", "/context/service", null), null, chain);
- }
-
- @Test
- public void should_profile_context_root_as_slash2() throws Exception {
- filter.doFilter(request("POST", "/context", null), null, chain);
- }
-
- @Test(expected = ServletException.class)
- public void should_profile_even_when_exception() throws Exception {
- Mockito.doThrow(new ServletException()).when(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
- filter.doFilter(request("POST", "/context/service/call", "param=value"), null, chain);
- }
-
- @Test
- public void should_not_profile_non_http_request() throws Exception {
- filter.doFilter(mock(ServletRequest.class), null, chain);
- }
-
- @Test
- public void should_not_profile_static_resource() throws Exception {
- filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
- }
-
- @Test
- public void should_profile_static_resource_if_no_config() throws Exception {
- FilterConfig filterConfig = mock(FilterConfig.class);
- ServletContext context = mock(ServletContext.class);
- when(context.getContextPath()).thenReturn("/context");
- when(filterConfig.getServletContext()).thenReturn(context);
-
- filter.init(filterConfig);
- filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
- }
-
- private HttpServletRequest request(String method, String path, String query) {
- HttpServletRequest request = mock(HttpServletRequest.class);
- when(request.getMethod()).thenReturn(method);
- when(request.getRequestURI()).thenReturn(path);
- when(request.getQueryString()).thenReturn(query);
- return request;
- }
-}
--- /dev/null
+/*
+ * SonarQube
+ * Copyright (C) 2009-2016 SonarSource SA
+ * mailto:contact AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.server.platform.web;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+
+import static org.assertj.core.api.Java6Assertions.assertThat;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class RootFilterTest {
+
+ @Rule
+ public ExpectedException expectedException = ExpectedException.none();
+
+ private RootFilter filter;
+ private FilterChain chain;
+
+ @Before
+ public void initialize() throws Exception {
+ FilterConfig filterConfig = mock(FilterConfig.class);
+ when(filterConfig.getInitParameter("staticDirs")).thenReturn("/static,/assets");
+ ServletContext context = mock(ServletContext.class);
+ when(context.getContextPath()).thenReturn("/context");
+ when(filterConfig.getServletContext()).thenReturn(context);
+ chain = mock(FilterChain.class);
+
+ filter = new RootFilter();
+ filter.init(filterConfig);
+ }
+
+ @Test
+ public void should_profile_service_call() throws Exception {
+ filter.doFilter(request("POST", "/context/service/call", "param=value"), null, chain);
+ }
+
+ @Test
+ public void should_profile_service() throws Exception {
+ filter.doFilter(request("POST", "/context/service", null), null, chain);
+ }
+
+ @Test
+ public void should_profile_context_root_as_slash2() throws Exception {
+ filter.doFilter(request("POST", "/context", null), null, chain);
+ }
+
+ @Test(expected = ServletException.class)
+ public void should_profile_even_when_exception() throws Exception {
+ Mockito.doThrow(new ServletException()).when(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+ filter.doFilter(request("POST", "/context/service/call", "param=value"), null, chain);
+ }
+
+ @Test
+ public void should_not_profile_non_http_request() throws Exception {
+ filter.doFilter(mock(ServletRequest.class), null, chain);
+ }
+
+ @Test
+ public void should_not_profile_static_resource() throws Exception {
+ filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
+ }
+
+ @Test
+ public void should_profile_static_resource_if_no_config() throws Exception {
+ FilterConfig filterConfig = mock(FilterConfig.class);
+ ServletContext context = mock(ServletContext.class);
+ when(context.getContextPath()).thenReturn("/context");
+ when(filterConfig.getServletContext()).thenReturn(context);
+
+ filter.init(filterConfig);
+ filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
+ }
+
+ @Test
+ public void request_used_in_chain_do_filter_is_a_servlet_wrapper_when_static_resource() throws Exception {
+ filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
+ ArgumentCaptor<ServletRequest> requestArgumentCaptor = ArgumentCaptor.forClass(ServletRequest.class);
+
+ verify(chain).doFilter(requestArgumentCaptor.capture(), any(ServletResponse.class));
+
+ assertThat(requestArgumentCaptor.getValue()).isInstanceOf(RootFilter.ServletRequestWrapper.class);
+ }
+
+ @Test
+ public void request_used_in_chain_do_filter_is_a_servlet_wrapper_when_service_call() throws Exception {
+ filter.doFilter(request("POST", "/context/service/call", "param=value"), null, chain);
+ ArgumentCaptor<ServletRequest> requestArgumentCaptor = ArgumentCaptor.forClass(ServletRequest.class);
+
+ verify(chain).doFilter(requestArgumentCaptor.capture(), any(ServletResponse.class));
+
+ assertThat(requestArgumentCaptor.getValue()).isInstanceOf(RootFilter.ServletRequestWrapper.class);
+ }
+
+ @Test
+ public void fail_to_get_session_from_request() throws Exception {
+ filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
+ ArgumentCaptor<ServletRequest> requestArgumentCaptor = ArgumentCaptor.forClass(ServletRequest.class);
+ verify(chain).doFilter(requestArgumentCaptor.capture(), any(ServletResponse.class));
+
+ expectedException.expect(UnsupportedOperationException.class);
+ ((HttpServletRequest) requestArgumentCaptor.getValue()).getSession();
+ }
+
+ @Test
+ public void fail_to_get_session_with_create_from_request() throws Exception {
+ filter.doFilter(request("GET", "/context/static/image.png", null), null, chain);
+ ArgumentCaptor<ServletRequest> requestArgumentCaptor = ArgumentCaptor.forClass(ServletRequest.class);
+ verify(chain).doFilter(requestArgumentCaptor.capture(), any(ServletResponse.class));
+
+ expectedException.expect(UnsupportedOperationException.class);
+ ((HttpServletRequest) requestArgumentCaptor.getValue()).getSession(true);
+ }
+
+ private HttpServletRequest request(String method, String path, String query) {
+ HttpServletRequest request = mock(HttpServletRequest.class);
+ when(request.getMethod()).thenReturn(method);
+ when(request.getRequestURI()).thenReturn(path);
+ when(request.getQueryString()).thenReturn(query);
+ return request;
+ }
+}
<filter-class>org.sonar.server.platform.web.SecurityServletFilter</filter-class>
</filter>
<filter>
- <filter-name>ProfilingFilter</filter-name>
- <filter-class>org.sonar.server.platform.web.ProfilingFilter</filter-class>
+ <filter-name>RootFilter</filter-name>
+ <filter-class>org.sonar.server.platform.web.RootFilter</filter-class>
<init-param>
<param-name>staticDirs</param-name>
<param-value>/images,/javascripts,/stylesheets</param-value>
<!-- order of execution is important -->
<filter-mapping>
- <filter-name>ProfilingFilter</filter-name>
+ <filter-name>RootFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
- <session-config>
- <!-- in minutes -->
- <session-timeout>20</session-timeout>
- <cookie-config>
- <http-only>true</http-only>
- </cookie-config>
- </session-config>
-
<listener>
<listener-class>org.sonar.server.platform.web.PlatformServletContextListener</listener-class>
</listener>
projects / sonarqube.git / commitdiff