Adapt to Servlet API 6 changes and support Jakarta WebSocket 2.1

Closes gh-12146
Closes gh-12148
This commit is contained in:
Marcus Da Coregio
2022-11-07 13:43:26 -03:00
parent 9e628fb75b
commit 3b5d19c8a4
14 changed files with 59 additions and 142 deletions

View File

@@ -362,28 +362,6 @@ public class AbstractRememberMeServicesTests {
assertThat(cookie.isHttpOnly()).isTrue();
}
// SEC-2791
@Test
public void setCookieMaxAge0VersionSet() {
MockRememberMeServices services = new MockRememberMeServices();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
services.setCookie(new String[] { "value" }, 0, request, response);
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
assertThat(cookie.getVersion()).isEqualTo(1);
}
// SEC-2791
@Test
public void setCookieMaxAgeNegativeVersionSet() {
MockRememberMeServices services = new MockRememberMeServices();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
services.setCookie(new String[] { "value" }, -1, request, response);
Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
assertThat(cookie.getVersion()).isEqualTo(1);
}
// SEC-2791
@Test
public void setCookieMaxAge1VersionSet() {

View File

@@ -540,21 +540,11 @@ public class HttpSessionSecurityContextRepositoryTests {
MockHttpServletRequest request = new MockHttpServletRequest();
final String sessionId = ";jsessionid=id";
MockHttpServletResponse response = new MockHttpServletResponse() {
@Override
public String encodeRedirectUrl(String url) {
return url + sessionId;
}
@Override
public String encodeRedirectURL(String url) {
return url + sessionId;
}
@Override
public String encodeUrl(String url) {
return url + sessionId;
}
@Override
public String encodeURL(String url) {
return url + sessionId;
@@ -563,16 +553,12 @@ public class HttpSessionSecurityContextRepositoryTests {
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
repo.loadContext(holder);
String url = "/aUrl";
assertThat(holder.getResponse().encodeRedirectUrl(url)).isEqualTo(url + sessionId);
assertThat(holder.getResponse().encodeRedirectURL(url)).isEqualTo(url + sessionId);
assertThat(holder.getResponse().encodeUrl(url)).isEqualTo(url + sessionId);
assertThat(holder.getResponse().encodeURL(url)).isEqualTo(url + sessionId);
repo.setDisableUrlRewriting(true);
holder = new HttpRequestResponseHolder(request, response);
repo.loadContext(holder);
assertThat(holder.getResponse().encodeRedirectUrl(url)).isEqualTo(url);
assertThat(holder.getResponse().encodeRedirectURL(url)).isEqualTo(url);
assertThat(holder.getResponse().encodeUrl(url)).isEqualTo(url);
assertThat(holder.getResponse().encodeURL(url)).isEqualTo(url);
}

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -140,14 +140,6 @@ public class FirewalledResponseTests {
.withMessageContaining(CRLF_MESSAGE);
}
@Test
public void addCookieWhenCookieCommentContainsCrlfThenException() {
Cookie cookie = new Cookie("foo", "bar");
cookie.setComment("foo\r\nbar");
assertThatIllegalArgumentException().isThrownBy(() -> this.fwResponse.addCookie(cookie))
.withMessageContaining(CRLF_MESSAGE);
}
@Test
public void rejectAnyLineEndingInNameAndValue() {
validateLineEnding("foo", "foo\rbar");

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2016 the original author or authors.
* Copyright 2002-2022 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,19 +33,35 @@ import static org.assertj.core.api.Assertions.assertThat;
public class CookieMixinTests extends AbstractMixinTests {
// @formatter:off
private static final String COOKIE_JSON = "{"
+ "\"@class\": \"jakarta.servlet.http.Cookie\", "
+ "\"name\": \"demo\", "
+ "\"value\": \"cookie1\","
+ "\"comment\": null, "
+ "\"maxAge\": -1, "
+ "\"path\": null, "
+ "\"secure\": false, "
+ "\"version\": 0, "
+ "\"isHttpOnly\": false, "
+ "\"domain\": null"
+ "}";
private static final String COOKIE_JSON = "{" +
" \"@class\": \"jakarta.servlet.http.Cookie\"," +
" \"name\": \"demo\"," +
" \"value\": \"cookie1\"," +
" \"attributes\":{\"@class\":\"java.util.Collections$EmptyMap\"}," +
" \"comment\": null," +
" \"maxAge\": -1," +
" \"path\": null," +
" \"secure\": false," +
" \"version\": 0," +
" \"domain\": null" +
"}";
// @formatter:on
// @formatter:off
private static final String COOKIE_HTTP_ONLY_JSON = "{" +
" \"@class\": \"jakarta.servlet.http.Cookie\"," +
" \"name\": \"demo\"," +
" \"value\": \"cookie1\"," +
" \"attributes\":{\"@class\":\"java.util.Collections$UnmodifiableMap\", \"HttpOnly\": \"true\"}," +
" \"comment\": null," +
" \"maxAge\": -1," +
" \"path\": null," +
" \"secure\": false," +
" \"version\": 0," +
" \"domain\": null" +
"}";
// @formatter:on
@Test
public void serializeCookie() throws JsonProcessingException, JSONException {
Cookie cookie = new Cookie("demo", "cookie1");
@@ -59,7 +75,23 @@ public class CookieMixinTests extends AbstractMixinTests {
assertThat(cookie).isNotNull();
assertThat(cookie.getName()).isEqualTo("demo");
assertThat(cookie.getDomain()).isEqualTo("");
assertThat(cookie.isHttpOnly()).isEqualTo(false);
}
@Test
public void serializeCookieWithHttpOnly() throws JsonProcessingException, JSONException {
Cookie cookie = new Cookie("demo", "cookie1");
cookie.setHttpOnly(true);
String actualString = this.mapper.writeValueAsString(cookie);
JSONAssert.assertEquals(COOKIE_HTTP_ONLY_JSON, actualString, true);
}
@Test
public void deserializeCookieWithHttpOnly() throws IOException {
Cookie cookie = this.mapper.readValue(COOKIE_HTTP_ONLY_JSON, Cookie.class);
assertThat(cookie).isNotNull();
assertThat(cookie.getName()).isEqualTo("demo");
assertThat(cookie.getDomain()).isEqualTo("");
assertThat(cookie.isHttpOnly()).isEqualTo(true);
}
}

View File

@@ -46,21 +46,11 @@ class DisableEncodeUrlFilterTests {
verifyDoFilterDoesNotInteractWithResponse((httpResponse) -> httpResponse.encodeURL("/"));
}
@Test
void doFilterDisablesEncodeUrl() throws Exception {
verifyDoFilterDoesNotInteractWithResponse((httpResponse) -> httpResponse.encodeUrl("/"));
}
@Test
void doFilterDisablesEncodeRedirectURL() throws Exception {
verifyDoFilterDoesNotInteractWithResponse((httpResponse) -> httpResponse.encodeRedirectURL("/"));
}
@Test
void doFilterDisablesEncodeRedirectUrl() throws Exception {
verifyDoFilterDoesNotInteractWithResponse((httpResponse) -> httpResponse.encodeRedirectUrl("/"));
}
private void verifyDoFilterDoesNotInteractWithResponse(Consumer<HttpServletResponse> toInvoke) throws Exception {
this.filter.doFilter(this.request, this.response, (request, response) -> {
HttpServletResponse httpResponse = (HttpServletResponse) response;