From ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Leif=20=C3=85strand?= Date: Tue, 16 Oct 2012 16:46:45 +0300 Subject: [PATCH] Don't let /APP requests continue to the BootstrapHandler (#9553) * Change ApplicationConstants.APP_REQUEST_PATH to not include an ending slash so it can be used by the new check as well. Change-Id: If613e339b0e1ef4fd9e4f07d7567cd381678b912 --- .../server/ConnectorResourceHandler.java | 11 ++++++++- .../vaadin/server/GlobalResourceHandler.java | 4 ++-- .../com/vaadin/server/ResourceReference.java | 2 +- .../vaadin/server/ServletPortletHelper.java | 3 ++- .../vaadin/shared/ApplicationConstants.java | 4 ++-- .../tests/requesthandlers/AppResource404.html | 24 +++++++++++++------ .../tests/requesthandlers/AppResource404.java | 13 +++++++++- 7 files changed, 46 insertions(+), 15 deletions(-) diff --git a/server/src/com/vaadin/server/ConnectorResourceHandler.java b/server/src/com/vaadin/server/ConnectorResourceHandler.java index 6d375aaa50..dc112a2d5b 100644 --- a/server/src/com/vaadin/server/ConnectorResourceHandler.java +++ b/server/src/com/vaadin/server/ConnectorResourceHandler.java @@ -14,7 +14,7 @@ import com.vaadin.ui.UI; public class ConnectorResourceHandler implements RequestHandler { // APP/connector/[uiid]/[cid]/[filename.xyz] private static final Pattern CONNECTOR_RESOURCE_PATTERN = Pattern - .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH + .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH + '/' + ConnectorResource.CONNECTOR_REQUEST_PATH + "(\\d+)/(\\d+)/(.*)"); @@ -62,6 +62,15 @@ public class ConnectorResourceHandler implements RequestHandler { } return true; + } else if (requestPath.matches('/' + + ApplicationConstants.APP_REQUEST_PATH + "(/.*)?")) { + /* + * This should be the last request handler before we get to + * bootstrap logic. Prevent /APP requests from reaching bootstrap + * handlers to help protect the /APP name space for framework usage. + */ + return error(request, response, + "Returning 404 for /APP request not yet handled."); } else { return false; } diff --git a/server/src/com/vaadin/server/GlobalResourceHandler.java b/server/src/com/vaadin/server/GlobalResourceHandler.java index ad276dc77a..5b89408d01 100644 --- a/server/src/com/vaadin/server/GlobalResourceHandler.java +++ b/server/src/com/vaadin/server/GlobalResourceHandler.java @@ -60,7 +60,7 @@ public class GlobalResourceHandler implements RequestHandler { // APP/global/[uiid]/[type]/[id] private static final Matcher matcher = Pattern.compile( - "^/?" + ApplicationConstants.APP_REQUEST_PATH + "^/?" + ApplicationConstants.APP_REQUEST_PATH + '/' + RESOURCE_REQUEST_PATH + "(\\d+)/(([^/]+)(/.*))").matcher( ""); @@ -188,7 +188,7 @@ public class GlobalResourceHandler implements RequestHandler { String uri = legacyResourceKeys.get(resource); if (uri != null && !uri.isEmpty()) { return ApplicationConstants.APP_PROTOCOL_PREFIX - + ApplicationConstants.APP_REQUEST_PATH + + ApplicationConstants.APP_REQUEST_PATH + '/' + RESOURCE_REQUEST_PATH + connector.getUI().getUIId() + '/' + uri; } else { diff --git a/server/src/com/vaadin/server/ResourceReference.java b/server/src/com/vaadin/server/ResourceReference.java index 815cbee275..b6a0cfda92 100644 --- a/server/src/com/vaadin/server/ResourceReference.java +++ b/server/src/com/vaadin/server/ResourceReference.java @@ -103,7 +103,7 @@ public class ResourceReference extends URLReference { private static String getConnectorResourceBase(String filename, ClientConnector connector) { String uri = ApplicationConstants.APP_PROTOCOL_PREFIX - + ApplicationConstants.APP_REQUEST_PATH + + ApplicationConstants.APP_REQUEST_PATH + '/' + ConnectorResource.CONNECTOR_REQUEST_PATH + connector.getUI().getUIId() + '/' + connector.getConnectorId() + '/' + encodeFileName(filename); diff --git a/server/src/com/vaadin/server/ServletPortletHelper.java b/server/src/com/vaadin/server/ServletPortletHelper.java index 59c0b382c9..15c3e18959 100644 --- a/server/src/com/vaadin/server/ServletPortletHelper.java +++ b/server/src/com/vaadin/server/ServletPortletHelper.java @@ -111,7 +111,8 @@ class ServletPortletHelper implements Serializable { } public static boolean isAppRequest(VaadinRequest request) { - return hasPathPrefix(request, ApplicationConstants.APP_REQUEST_PATH); + return hasPathPrefix(request, + ApplicationConstants.APP_REQUEST_PATH + '/'); } public static boolean isHeartbeatRequest(VaadinRequest request) { diff --git a/shared/src/com/vaadin/shared/ApplicationConstants.java b/shared/src/com/vaadin/shared/ApplicationConstants.java index 61b57687bd..80b05d6021 100644 --- a/shared/src/com/vaadin/shared/ApplicationConstants.java +++ b/shared/src/com/vaadin/shared/ApplicationConstants.java @@ -20,14 +20,14 @@ public class ApplicationConstants { // This indicates the whole page is generated by us (not embedded) public static final String GENERATED_BODY_CLASSNAME = "v-generated-body"; - public static final String APP_REQUEST_PATH = "APP/"; + public static final String APP_REQUEST_PATH = "APP"; public static final String UIDL_REQUEST_PATH = "UIDL/"; public static final String HEARTBEAT_REQUEST_PATH = "HEARTBEAT/"; public static final String DEPENDENCY_RESOURCE_PREFIX = APP_REQUEST_PATH - + "DEPENDENCY"; + + '/' + "DEPENDENCY"; public static final String APP_PROTOCOL_PREFIX = "app://"; public static final String DEPENDENCY_PROTOCOL_NAME = "dependency"; diff --git a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html index da050b3aaa..16f3db6a1a 100644 --- a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html +++ b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html @@ -38,7 +38,7 @@ assertTextPresent - RequestURI=/run/com.vaadin.tests.requesthandlers.AppResource404/APP/12341234/ + /APP/connector/0/4/asdfasdf can not be found @@ -47,18 +47,28 @@ - click - vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/ChildComponentContainer[1]/VVerticalLayout[0]/ChildComponentContainer[2]/VButton[0]/domChild[0]/domChild[0] + mouseClickAndWait + vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/VOrderedLayout$Slot[1]/VVerticalLayout[0]/VOrderedLayout$Slot[2]/VLink[0]/domChild[0]/domChild[0] + 97,5 + + + assertTextPresent + /APP can not be found + + + + open + /run/com.vaadin.tests.requesthandlers.AppResource404 mouseClickAndWait - vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/ChildComponentContainer[1]/VVerticalLayout[0]/ChildComponentContainer[0]/VLink[0]/domChild[0]/domChild[0] - 47,9 + vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/VOrderedLayout$Slot[1]/VVerticalLayout[0]/VOrderedLayout$Slot[3]/VLink[0]/domChild[0]/domChild[0] + 99,7 - assertTextPresent - RequestURI=/run/com.vaadin.tests.requesthandlers.AppResource404/APP/1//com/vaadin/tests/integration/se.gif + assertTextNotPresent + can not be found diff --git a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java index ebccba74fb..dfd664c9cf 100644 --- a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java +++ b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java @@ -1,6 +1,9 @@ package com.vaadin.tests.requesthandlers; +import javax.servlet.http.HttpServletRequest; + import com.vaadin.server.ExternalResource; +import com.vaadin.server.VaadinServletService; import com.vaadin.tests.components.TestBase; import com.vaadin.tests.integration.FlagSeResource; import com.vaadin.ui.Link; @@ -13,9 +16,17 @@ public class AppResource404 extends TestBase { final FlagSeResource resource = new FlagSeResource(); resource.setCacheTime(0); + HttpServletRequest request = VaadinServletService + .getCurrentServletRequest(); + String baseUrl = request.getContextPath() + request.getServletPath(); + addComponent(new Link("Existing resource", resource)); addComponent(new Link("Non-existing resource", new ExternalResource( - getURL().toString() + "APP/12341234/"))); + baseUrl + "/APP/connector/0/4/asdfasdf"))); + addComponent(new Link("/APP url that should give 404", + new ExternalResource(baseUrl + "/APP"))); + addComponent(new Link("/APPLE url that should go to UI providers", + new ExternalResource(baseUrl + "/APPLE"))); } @Override -- 2.39.5