From 9c8f99e0f5ef0c962a59d25269118d76c80e6a06 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 26 Apr 2022 10:29:08 +0200 Subject: [PATCH 1/2] Fix #7918 Root path spec Handle root pathspec in PathMappings.asPathSpec Signed-off-by: Greg Wilkins --- .../jetty/http/pathmap/PathMappings.java | 2 + .../jetty/http/pathmap/PathMappingsTest.java | 15 ++++++++ .../jetty/security/ConstraintTest.java | 38 +++++++++++++++++++ 3 files changed, 55 insertions(+) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java index 49e8eb5c212b..fbc9db0bf740 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java @@ -201,6 +201,8 @@ public static PathSpec asPathSpec(String pathSpecString) { if ((pathSpecString == null) || (pathSpecString.length() < 1)) { + if (pathSpecString != null) + return new ServletPathSpec(""); throw new RuntimeException("Path Spec String must start with '^', '/', or '*.': got [" + pathSpecString + "]"); } return pathSpecString.charAt(0) == '^' ? new RegexPathSpec(pathSpecString) : new ServletPathSpec(pathSpecString); diff --git a/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java b/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java index 845161e950cf..55cd69397b79 100644 --- a/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java +++ b/jetty-http/src/test/java/org/eclipse/jetty/http/pathmap/PathMappingsTest.java @@ -25,6 +25,7 @@ import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -461,4 +462,18 @@ public void testRemoveServletPathSpec() assertThat(p.remove(new ServletPathSpec("/a/b/c")), is(true)); assertThat(p.remove(new ServletPathSpec("/a/b/c")), is(false)); } + + @Test + public void testAsPathSpec() + { + assertThat(PathMappings.asPathSpec(""), instanceOf(ServletPathSpec.class)); + assertThat(PathMappings.asPathSpec("/"), instanceOf(ServletPathSpec.class)); + assertThat(PathMappings.asPathSpec("/*"), instanceOf(ServletPathSpec.class)); + assertThat(PathMappings.asPathSpec("/foo/*"), instanceOf(ServletPathSpec.class)); + assertThat(PathMappings.asPathSpec("*.jsp"), instanceOf(ServletPathSpec.class)); + + assertThat(PathMappings.asPathSpec("^$"), instanceOf(RegexPathSpec.class)); + assertThat(PathMappings.asPathSpec("^.*"), instanceOf(RegexPathSpec.class)); + assertThat(PathMappings.asPathSpec("^/"), instanceOf(RegexPathSpec.class)); + } } diff --git a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java index e4f3d005a46d..8ef002f4ae2b 100644 --- a/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java +++ b/jetty-security/src/test/java/org/eclipse/jetty/security/ConstraintTest.java @@ -1864,6 +1864,44 @@ public void testForbidTraceAndOptions() throws Exception assertThat(response, startsWith("HTTP/1.1 403 ")); } + @Test + public void testDefaultConstraint() throws Exception + { + _security.setAuthenticator(new BasicAuthenticator()); + + ConstraintMapping forbidDefault = new ConstraintMapping(); + forbidDefault.setPathSpec("/"); + forbidDefault.setConstraint(_forbidConstraint); + _security.addConstraintMapping(forbidDefault); + + ConstraintMapping allowRoot = new ConstraintMapping(); + allowRoot.setPathSpec(""); + allowRoot.setConstraint(_relaxConstraint); + _security.addConstraintMapping(allowRoot); + + _server.start(); + String response; + + response = _connector.getResponse("GET /ctx/ HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 200 OK")); + + response = _connector.getResponse("GET /ctx/anything HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 403 Forbidden")); + + response = _connector.getResponse("GET /ctx/noauth/info HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 403 Forbidden")); + + response = _connector.getResponse("GET /ctx/forbid/info HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 403 Forbidden")); + + response = _connector.getResponse("GET /ctx/auth/info HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 401 Unauthorized")); + assertThat(response, containsString("WWW-Authenticate: basic realm=\"TestRealm\"")); + + response = _connector.getResponse("GET /ctx/admin/relax/info HTTP/1.0\r\n\r\n"); + assertThat(response, startsWith("HTTP/1.1 200 OK")); + } + private static String authBase64(String authorization) { byte[] raw = authorization.getBytes(ISO_8859_1); From 4fe55e2ae4a73ba9fc24dc2dc73f44cd9f8d48fa Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Tue, 26 Apr 2022 14:11:44 +0200 Subject: [PATCH 2/2] Fix #7918 Root path spec cleaner logic Signed-off-by: Greg Wilkins --- .../org/eclipse/jetty/http/pathmap/PathMappings.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java index fbc9db0bf740..ed7f83b354ff 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/pathmap/PathMappings.java @@ -199,12 +199,12 @@ public Iterator> iterator() public static PathSpec asPathSpec(String pathSpecString) { - if ((pathSpecString == null) || (pathSpecString.length() < 1)) - { - if (pathSpecString != null) - return new ServletPathSpec(""); + if (pathSpecString == null) throw new RuntimeException("Path Spec String must start with '^', '/', or '*.': got [" + pathSpecString + "]"); - } + + if (pathSpecString.length() == 0) + return new ServletPathSpec(""); + return pathSpecString.charAt(0) == '^' ? new RegexPathSpec(pathSpecString) : new ServletPathSpec(pathSpecString); }