RequestWrapperTests.java

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.web.firewall;

import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;

import java.util.LinkedHashMap;
import java.util.Map;

import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;

/**
 * @author Luke Taylor
 */
public class RequestWrapperTests {
	private static Map<String, String> testPaths = new LinkedHashMap<String, String>();

	@BeforeClass
	// Some of these may be unrealistic values, but we can't be sure because of the
	// inconsistency in the spec.
	public static void createTestMap() {
		testPaths.put("/path1;x=y;z=w/path2;x=y/path3;x=y", "/path1/path2/path3");
		testPaths.put("/path1;x=y/path2;x=y/", "/path1/path2/");
		testPaths.put("/path1//path2/", "/path1/path2/");
		testPaths.put("//path1/path2//", "/path1/path2/");
		testPaths.put(";x=y;z=w", "");
	}

	@Test
	public void pathParametersAreRemovedFromServletPath() {
		MockHttpServletRequest request = new MockHttpServletRequest();

		for (Map.Entry<String, String> entry : testPaths.entrySet()) {
			String path = entry.getKey();
			String expectedResult = entry.getValue();
			request.setServletPath(path);
			RequestWrapper wrapper = new RequestWrapper(request);
			assertThat(wrapper.getServletPath()).isEqualTo(expectedResult);
			wrapper.reset();
			assertThat(wrapper.getServletPath()).isEqualTo(path);
		}
	}

	@Test
	public void pathParametersAreRemovedFromPathInfo() {
		MockHttpServletRequest request = new MockHttpServletRequest();

		for (Map.Entry<String, String> entry : testPaths.entrySet()) {
			String path = entry.getKey();
			String expectedResult = entry.getValue();
			// Should be null when stripped value is empty
			if (expectedResult.length() == 0) {
				expectedResult = null;
			}
			request.setPathInfo(path);
			RequestWrapper wrapper = new RequestWrapper(request);
			assertThat(wrapper.getPathInfo()).isEqualTo(expectedResult);
			wrapper.reset();
			assertThat(wrapper.getPathInfo()).isEqualTo(path);
		}
	}

	@Test
	public void resetWhenForward() throws Exception {
		String denormalizedPath = testPaths.keySet().iterator().next();
		String forwardPath = "/forward/path";
		HttpServletRequest mockRequest = mock(HttpServletRequest.class);
		HttpServletResponse mockResponse = mock(HttpServletResponse.class);
		RequestDispatcher mockDispatcher = mock(RequestDispatcher.class);
		when(mockRequest.getServletPath()).thenReturn("");
		when(mockRequest.getPathInfo()).thenReturn(denormalizedPath);
		when(mockRequest.getRequestDispatcher(forwardPath)).thenReturn(mockDispatcher);

		RequestWrapper wrapper = new RequestWrapper(mockRequest);
		RequestDispatcher dispatcher = wrapper.getRequestDispatcher(forwardPath);
		dispatcher.forward(mockRequest, mockResponse);

		verify(mockRequest).getRequestDispatcher(forwardPath);
		verify(mockDispatcher).forward(mockRequest, mockResponse);
		assertThat(wrapper.getPathInfo()).isEqualTo(denormalizedPath);
		verify(mockRequest, times(2)).getPathInfo();
		// validate wrapper.getServletPath() delegates to the mock
		wrapper.getServletPath();
		verify(mockRequest, times(2)).getServletPath();
		verifyNoMoreInteractions(mockRequest, mockResponse, mockDispatcher);
	}

	@Test
	public void requestDispatcherNotWrappedAfterReset() {
		String path = "/forward/path";
		HttpServletRequest request = mock(HttpServletRequest.class);
		RequestDispatcher dispatcher = mock(RequestDispatcher.class);
		when(request.getRequestDispatcher(path)).thenReturn(dispatcher);
		RequestWrapper wrapper = new RequestWrapper(request);
		wrapper.reset();
		assertThat(wrapper.getRequestDispatcher(path)).isSameAs(dispatcher);
	}
}