Don't let /APP requests continue to the BootstrapHandler (#9553)7.0.0.beta5

* Change ApplicationConstants.APP_REQUEST_PATH to not include an ending slash so it can be used by the new check as well. Change-Id: If613e339b0e1ef4fd9e4f07d7567cd381678b912
author: Leif Åstrand <leif@vaadin.com> 2012-10-16 16:46:45 +0300
committer: Leif Åstrand <leif@vaadin.com> 2012-10-16 16:46:45 +0300
commit: ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb (patch)
tree: cca84debb9f62d84e7d72e0c26b8b1f765141758 /server
parent: ed8f82e6ab390a4139af8440896ee9574a734894 (diff)
download: vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.tar.gz
vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.zip
4 files changed, 15 insertions, 5 deletions
diff --git a/server/src/com/vaadin/server/ConnectorResourceHandler.java b/server/src/com/vaadin/server/ConnectorResourceHandler.java
index 6d375aaa50..dc112a2d5b 100644
--- a/server/src/com/vaadin/server/ConnectorResourceHandler.java
+++ b/server/src/com/vaadin/server/ConnectorResourceHandler.java
@@ -14,7 +14,7 @@ import com.vaadin.ui.UI;
 public class ConnectorResourceHandler implements RequestHandler {
     // APP/connector/[uiid]/[cid]/[filename.xyz]
     private static final Pattern CONNECTOR_RESOURCE_PATTERN = Pattern
-            .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH
+            .compile("^/?" + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + ConnectorResource.CONNECTOR_REQUEST_PATH
                     + "(\\d+)/(\\d+)/(.*)");
 
@@ -62,6 +62,15 @@ public class ConnectorResourceHandler implements RequestHandler {
             }
 
             return true;
+        } else if (requestPath.matches('/'
+                + ApplicationConstants.APP_REQUEST_PATH + "(/.*)?")) {
+            /*
+             * This should be the last request handler before we get to
+             * bootstrap logic. Prevent /APP requests from reaching bootstrap
+             * handlers to help protect the /APP name space for framework usage.
+             */
+            return error(request, response,
+                    "Returning 404 for /APP request not yet handled.");
         } else {
             return false;
         }
diff --git a/server/src/com/vaadin/server/GlobalResourceHandler.java b/server/src/com/vaadin/server/GlobalResourceHandler.java
index ad276dc77a..5b89408d01 100644
--- a/server/src/com/vaadin/server/GlobalResourceHandler.java
+++ b/server/src/com/vaadin/server/GlobalResourceHandler.java
@@ -60,7 +60,7 @@ public class GlobalResourceHandler implements RequestHandler {
 
     // APP/global/[uiid]/[type]/[id]
     private static final Matcher matcher = Pattern.compile(
-            "^/?" + ApplicationConstants.APP_REQUEST_PATH
+            "^/?" + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + RESOURCE_REQUEST_PATH + "(\\d+)/(([^/]+)(/.*))").matcher(
             "");
 
@@ -188,7 +188,7 @@ public class GlobalResourceHandler implements RequestHandler {
         String uri = legacyResourceKeys.get(resource);
         if (uri != null && !uri.isEmpty()) {
             return ApplicationConstants.APP_PROTOCOL_PREFIX
-                    + ApplicationConstants.APP_REQUEST_PATH
+                    + ApplicationConstants.APP_REQUEST_PATH + '/'
                     + RESOURCE_REQUEST_PATH + connector.getUI().getUIId() + '/'
                     + uri;
         } else {
diff --git a/server/src/com/vaadin/server/ResourceReference.java b/server/src/com/vaadin/server/ResourceReference.java
index 815cbee275..b6a0cfda92 100644
--- a/server/src/com/vaadin/server/ResourceReference.java
+++ b/server/src/com/vaadin/server/ResourceReference.java
@@ -103,7 +103,7 @@ public class ResourceReference extends URLReference {
     private static String getConnectorResourceBase(String filename,
             ClientConnector connector) {
         String uri = ApplicationConstants.APP_PROTOCOL_PREFIX
-                + ApplicationConstants.APP_REQUEST_PATH
+                + ApplicationConstants.APP_REQUEST_PATH + '/'
                 + ConnectorResource.CONNECTOR_REQUEST_PATH
                 + connector.getUI().getUIId() + '/'
                 + connector.getConnectorId() + '/' + encodeFileName(filename);
diff --git a/server/src/com/vaadin/server/ServletPortletHelper.java b/server/src/com/vaadin/server/ServletPortletHelper.java
index 59c0b382c9..15c3e18959 100644
--- a/server/src/com/vaadin/server/ServletPortletHelper.java
+++ b/server/src/com/vaadin/server/ServletPortletHelper.java
@@ -111,7 +111,8 @@ class ServletPortletHelper implements Serializable {
     }
 
     public static boolean isAppRequest(VaadinRequest request) {
-        return hasPathPrefix(request, ApplicationConstants.APP_REQUEST_PATH);
+        return hasPathPrefix(request,
+                ApplicationConstants.APP_REQUEST_PATH + '/');
     }
 
     public static boolean isHeartbeatRequest(VaadinRequest request) {
author	Leif Åstrand <leif@vaadin.com>	2012-10-16 16:46:45 +0300
committer	Leif Åstrand <leif@vaadin.com>	2012-10-16 16:46:45 +0300
commit	ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb (patch)
tree	cca84debb9f62d84e7d72e0c26b8b1f765141758 /server
parent	ed8f82e6ab390a4139af8440896ee9574a734894 (diff)
download	vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.tar.gz vaadin-framework-ebd86a653a5d646e7d41da4ac7a42a0add1e2fcb.zip