Don't let /APP requests continue to the BootstrapHandler (#9553)7.0.0.beta5

* Change ApplicationConstants.APP_REQUEST_PATH to not include an ending slash so it can be used by the new check as well. Change-Id: If613e339b0e1ef4fd9e4f07d7567cd381678b912
author: Leif Åstrand <leif@vaadin.com> 2012-10-16 16:46:45 +0300
committer: Leif Åstrand <leif@vaadin.com> 2012-10-16 16:46:45 +0300
commit: ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb (patch)
tree: cca84debb9f62d84e7d72e0c26b8b1f765141758
parent: ed8f82e6ab390a4139af8440896ee9574a734894 (diff)
download: vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.tar.gz
vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.zip
7 files changed, 46 insertions, 15 deletions
diff --git a/server/src/com/vaadin/server/ConnectorResourceHandler.java b/server/src/com/vaadin/server/ConnectorResourceHandler.java
index 6d375aaa50..dc112a2d5b 100644
--- a/server/src/com/vaadin/server/ConnectorResourceHandler.java
+++ b/server/src/com/vaadin/server/ConnectorResourceHandler.java
@@ -14,7 +14,7 @@ import com.vaadin.ui.UI;
 public class ConnectorResourceHandler implements RequestHandler {
     // APP/connector/[uiid]/[cid]/[filename.xyz]
     private static final Pattern CONNECTOR_RESOURCE_PATTERN = Pattern
-            .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH
+            .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + ConnectorResource.CONNECTOR_REQUEST_PATH
                     + "(\\d+)/(\\d+)/(.*)");
 
@@ -62,6 +62,15 @@ public class ConnectorResourceHandler implements RequestHandler {
             }
 
             return true;
+        } else if (requestPath.matches('/'
+                + ApplicationConstants.APP_REQUEST_PATH + "(/.*)?")) {
+            /*
+             * This should be the last request handler before we get to
+             * bootstrap logic. Prevent /APP requests from reaching bootstrap
+             * handlers to help protect the /APP name space for framework usage.
+             */
+            return error(request, response,
+                    "Returning 404 for /APP request not yet handled.");
         } else {
             return false;
         }
diff --git a/server/src/com/vaadin/server/GlobalResourceHandler.java b/server/src/com/vaadin/server/GlobalResourceHandler.java
index ad276dc77a..5b89408d01 100644
--- a/server/src/com/vaadin/server/GlobalResourceHandler.java
+++ b/server/src/com/vaadin/server/GlobalResourceHandler.java
@@ -60,7 +60,7 @@ public class GlobalResourceHandler implements RequestHandler {
 
     // APP/global/[uiid]/[type]/[id]
     private static final Matcher matcher = Pattern.compile(
-            "^/?" + ApplicationConstants.APP_REQUEST_PATH
+            "^/?" + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + RESOURCE_REQUEST_PATH + "(\\d+)/(([^/]+)(/.*))").matcher(
             "");
 
@@ -188,7 +188,7 @@ public class GlobalResourceHandler implements RequestHandler {
         String uri = legacyResourceKeys.get(resource);
         if (uri != null && !uri.isEmpty()) {
             return ApplicationConstants.APP_PROTOCOL_PREFIX
-                    + ApplicationConstants.APP_REQUEST_PATH
+                    + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + RESOURCE_REQUEST_PATH + connector.getUI().getUIId() + '/'
                     + uri;
         } else {
diff --git a/server/src/com/vaadin/server/ResourceReference.java b/server/src/com/vaadin/server/ResourceReference.java
index 815cbee275..b6a0cfda92 100644
--- a/server/src/com/vaadin/server/ResourceReference.java
+++ b/server/src/com/vaadin/server/ResourceReference.java
@@ -103,7 +103,7 @@ public class ResourceReference extends URLReference {
     private static String getConnectorResourceBase(String filename,
             ClientConnector connector) {
         String uri = ApplicationConstants.APP_PROTOCOL_PREFIX
-                + ApplicationConstants.APP_REQUEST_PATH
+                + ApplicationConstants.APP_REQUEST_PATH + '/'
                 + ConnectorResource.CONNECTOR_REQUEST_PATH
                 + connector.getUI().getUIId() + '/'
                 + connector.getConnectorId() + '/' + encodeFileName(filename);
diff --git a/server/src/com/vaadin/server/ServletPortletHelper.java b/server/src/com/vaadin/server/ServletPortletHelper.java
index 59c0b382c9..15c3e18959 100644
--- a/server/src/com/vaadin/server/ServletPortletHelper.java
+++ b/server/src/com/vaadin/server/ServletPortletHelper.java
@@ -111,7 +111,8 @@ class ServletPortletHelper implements Serializable {
     }
 
     public static boolean isAppRequest(VaadinRequest request) {
-        return hasPathPrefix(request, ApplicationConstants.APP_REQUEST_PATH);
+        return hasPathPrefix(request,
+                ApplicationConstants.APP_REQUEST_PATH + '/');
     }
 
     public static boolean isHeartbeatRequest(VaadinRequest request) {
diff --git a/shared/src/com/vaadin/shared/ApplicationConstants.java b/shared/src/com/vaadin/shared/ApplicationConstants.java
index 61b57687bd..80b05d6021 100644
--- a/shared/src/com/vaadin/shared/ApplicationConstants.java
+++ b/shared/src/com/vaadin/shared/ApplicationConstants.java
@@ -20,14 +20,14 @@ public class ApplicationConstants {
     // This indicates the whole page is generated by us (not embedded)
     public static final String GENERATED_BODY_CLASSNAME = "v-generated-body";
 
-    public static final String APP_REQUEST_PATH = "APP/";
+    public static final String APP_REQUEST_PATH = "APP";
 
     public static final String UIDL_REQUEST_PATH = "UIDL/";
 
     public static final String HEARTBEAT_REQUEST_PATH = "HEARTBEAT/";
 
     public static final String DEPENDENCY_RESOURCE_PREFIX = APP_REQUEST_PATH
-            + "DEPENDENCY";
+            + '/' + "DEPENDENCY";
 
     public static final String APP_PROTOCOL_PREFIX = "app://";
     public static final String DEPENDENCY_PROTOCOL_NAME = "dependency";
diff --git a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html
index da050b3aaa..16f3db6a1a 100644
--- a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html
+++ b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.html
@@ -38,7 +38,7 @@
 </tr>
 <tr>
 	<td>assertTextPresent</td>
-	<td>RequestURI=/run/com.vaadin.tests.requesthandlers.AppResource404/APP/12341234/</td>
+	<td>/APP/connector/0/4/asdfasdf can not be found</td>
 	<td></td>
 </tr>
 <tr>
@@ -47,18 +47,28 @@
 	<td></td>
 </tr>
 <tr>
-	<td>click</td>
-	<td>vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/ChildComponentContainer[1]/VVerticalLayout[0]/ChildComponentContainer[2]/VButton[0]/domChild[0]/domChild[0]</td>
+	<td>mouseClickAndWait</td>
+	<td>vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/VOrderedLayout$Slot[1]/VVerticalLayout[0]/VOrderedLayout$Slot[2]/VLink[0]/domChild[0]/domChild[0]</td>
+	<td>97,5</td>
+</tr>
+<tr>
+	<td>assertTextPresent</td>
+	<td>/APP can not be found</td>
+	<td></td>
+</tr>
+<tr>
+	<td>open</td>
+	<td>/run/com.vaadin.tests.requesthandlers.AppResource404</td>
 	<td></td>
 </tr>
 <tr>
 	<td>mouseClickAndWait</td>
-	<td>vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/ChildComponentContainer[1]/VVerticalLayout[0]/ChildComponentContainer[0]/VLink[0]/domChild[0]/domChild[0]</td>
-	<td>47,9</td>
+	<td>vaadin=runcomvaadintestsrequesthandlersAppResource404::/VVerticalLayout[0]/VOrderedLayout$Slot[1]/VVerticalLayout[0]/VOrderedLayout$Slot[3]/VLink[0]/domChild[0]/domChild[0]</td>
+	<td>99,7</td>
 </tr>
 <tr>
-	<td>assertTextPresent</td>
-	<td>RequestURI=/run/com.vaadin.tests.requesthandlers.AppResource404/APP/1//com/vaadin/tests/integration/se.gif</td>
+	<td>assertTextNotPresent</td>
+	<td>can not be found</td>
 	<td></td>
 </tr>
 </tbody></table>
diff --git a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java
index ebccba74fb..dfd664c9cf 100644
--- a/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java
+++ b/uitest/src/com/vaadin/tests/requesthandlers/AppResource404.java
@@ -1,6 +1,9 @@
 package com.vaadin.tests.requesthandlers;
 
+import javax.servlet.http.HttpServletRequest;
+
 import com.vaadin.server.ExternalResource;
+import com.vaadin.server.VaadinServletService;
 import com.vaadin.tests.components.TestBase;
 import com.vaadin.tests.integration.FlagSeResource;
 import com.vaadin.ui.Link;
@@ -13,9 +16,17 @@ public class AppResource404 extends TestBase {
         final FlagSeResource resource = new FlagSeResource();
         resource.setCacheTime(0);
 
+        HttpServletRequest request = VaadinServletService
+                .getCurrentServletRequest();
+        String baseUrl = request.getContextPath() + request.getServletPath();
+
         addComponent(new Link("Existing resource", resource));
         addComponent(new Link("Non-existing resource", new ExternalResource(
-                getURL().toString() + "APP/12341234/")));
+                baseUrl + "/APP/connector/0/4/asdfasdf")));
+        addComponent(new Link("/APP url that should give 404",
+                new ExternalResource(baseUrl + "/APP")));
+        addComponent(new Link("/APPLE url that should go to UI providers",
+                new ExternalResource(baseUrl + "/APPLE")));
     }
 
     @Override
author	Leif Åstrand <leif@vaadin.com>	2012-10-16 16:46:45 +0300
committer	Leif Åstrand <leif@vaadin.com>	2012-10-16 16:46:45 +0300
commit	ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb (patch)
tree	cca84debb9f62d84e7d72e0c26b8b1f765141758
parent	ed8f82e6ab390a4139af8440896ee9574a734894 (diff)
download	vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.tar.gz vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.zip