private void addParam(UriBuilder uri, String key, String data, boolean templated, boolean fragment) { String value; if (templated) { value = tplKey(key); } else { value = data; } if (!fragment) { uri.addQueryParameter(key, value); } else { uri.addFragmentParameter(key, value); } }
uri.setPath(getReqVal(container, IFRAME_BASE_PATH_KEY)); if (usingLockedDomain(gadget, container)) { host = ldGen.getLockedDomainPrefix(gadget.getSpec().getUrl()) + getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY); } else { host = getReqVal(container, UNLOCKED_DOMAIN_KEY); uri.setScheme(getScheme(gadget, container)); addParam(uri, Param.VIEW.getKey(), view.getName(), useTpl, false); addParam(uri, Param.LANG.getKey(), context.getLocale().getLanguage(), useTpl, false); addParam(uri, Param.COUNTRY.getKey(), context.getLocale().getCountry(), useTpl, false); addParam(uri, Param.DEBUG.getKey(), context.getDebug() ? "1" : "0", useTpl, false); addParam(uri, Param.NO_CACHE.getKey(), context.getIgnoreCache() ? "1" : "0", useTpl, false); addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data, useTpl, upInFragment); addParam(uri, Param.VERSION.getKey(), versioner.version(gadget.getSpec().getUrl(), container), false, false); if (wantsSecurityToken(gadget)) { boolean securityTokenOnQuery = isTokenNeededForRendering(gadget); String securityToken = generateSecurityToken(gadget); addParam(uri, Param.SECURITY_TOKEN.getKey(), securityToken, securityToken == null, !securityTokenOnQuery); addExtras(uri);
@Test public void validUnversionedNoVersion() throws Exception { Uri uri = makeValidationTestUri(LD_PREFIX + LD_SUFFIX, null); DefaultIframeUriManager manager = makeManager(false, false); manager.setVersioner(this.mockVersioner("version", false)); // Invalid, if present. assertEquals(UriStatus.VALID_UNVERSIONED, manager.validateRenderingUri(uri)); }
uri = this.processUriForUrlTypeView(view, gadget); } else { uri = this.processUriForHtmlTypeView(view, gadget); this.addDefaultUriParameters(uri, gadget, view, useTpl); this.addAllUserPrefs(uri, gadget, view, useTpl); addParam(uri, Param.VERSION.getKey(), versioner.version(gadget.getSpec().getUrl(), container), false, false); if (wantsSecurityToken(gadget)) { boolean securityTokenOnQuery = isTokenNeededForRendering(gadget); String securityToken = generateSecurityToken(gadget); addParam(uri, Param.SECURITY_TOKEN.getKey(), securityToken, securityToken == null, !securityTokenOnQuery); addExtras(uri, gadget);
protected void addExtrasForTypeUrl(UriBuilder uri, Gadget gadget, String container) { Set<String> features = gadget.getViewFeatures().keySet(); String jsHost = getReqVal(container, DefaultJsUriManager.JS_HOST_PARAM); String jsPathBase = getReqVal(container, DefaultJsUriManager.JS_PATH_PARAM); UriBuilder jsuri = null; if (features.size() > 0) { // We somewhat cheat in that jsHost may contain protocol/scheme as well. jsuri = new UriBuilder(Uri.parse(jsHost)); // Add JS info to path and set it in URI. StringBuilder builder = new StringBuilder(jsPathBase); if (!jsPathBase.endsWith("/")) { builder.append('/'); } builder.append(DefaultJsUriManager.addJsLibs(features)); builder.append(DefaultJsUriManager.JS_SUFFIX); jsuri.setPath(builder.toString()); } addParam(uri, Param.LIBS.getKey(), jsuri == null ? "" : jsuri.toString(), false, false); }
if (ldEnabled && !lockedDomainExclusion()) { if (host.startsWith(gadgetLdPrefix)) { String ldSuffix = getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY); if (!ldSuffix.equalsIgnoreCase(host)) { return UriStatus.INVALID_DOMAIN;
@Test public void invalidLockedDomainInvalidSuffix() { Uri uri = makeValidationTestUri(LD_PREFIX + ".bad." + LD_SUFFIX, null); DefaultIframeUriManager manager = makeManager(false, false); assertEquals(UriStatus.INVALID_DOMAIN, manager.validateRenderingUri(uri)); }
@Test public void invalidLockedDomainInvalidSuffixLdDisabled() { Uri uri = makeValidationTestUri(LD_PREFIX + ".bad." + LD_SUFFIX, null); DefaultIframeUriManager manager = makeManager(false, false); manager.setLockedDomainEnabled(false); assertEquals(UriStatus.VALID_UNVERSIONED, manager.validateRenderingUri(uri)); }
protected void addDefaultUriParameters(UriBuilder uri, Gadget gadget, View view, boolean useTpl) { GadgetContext context = gadget.getContext(); String container = context.getContainer(); // Add container, whose input derived other components of the URI. uri.addQueryParameter(Param.CONTAINER.getKey(), container); // Add remaining non-url standard parameters, in templated or filled form. addParam(uri, Param.VIEW.getKey(), view.getName(), useTpl, false); addParam(uri, Param.LANG.getKey(), context.getLocale().getLanguage(), useTpl, false); addParam(uri, Param.COUNTRY.getKey(), context.getLocale().getCountry(), useTpl, false); addParam(uri, Param.DEBUG.getKey(), context.getDebug() ? "1" : "0", useTpl, false); addParam(uri, Param.NO_CACHE.getKey(), context.getIgnoreCache() ? "1" : "0", useTpl, false); addParam(uri, Param.SANITIZE.getKey(), context.getSanitize() ? "1" : "0", useTpl, false); if (context.getCajoled()) { addParam(uri, Param.CAJOLE.getKey(), "1", useTpl, false); } }
@Inject public DefaultIframeUriManager(ContainerConfig config, LockedDomainPrefixGenerator ldGen, SecurityTokenCodec securityTokenCodec) { this.config = config; this.ldGen = ldGen; this.securityTokenCodec = securityTokenCodec; Collection<String> containers = config.getContainers(); List<String> ldSuffixes = Lists.newArrayListWithCapacity(containers.size()); for (String container : containers) { ldSuffixes.add(getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY)); } this.ldSuffixes = Collections.unmodifiableList(ldSuffixes); }
if (ldEnabled && !lockedDomainExclusion()) { if (host.startsWith(gadgetLdPrefix)) { String ldSuffix = getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY); if (!ldSuffix.equalsIgnoreCase(host)) { return UriStatus.INVALID_DOMAIN;
@Test public void validUnversionedNoVersioner() throws Exception { Uri uri = makeValidationTestUri(LD_PREFIX + LD_SUFFIX, "version"); DefaultIframeUriManager manager = makeManager(false, false); assertEquals(UriStatus.VALID_UNVERSIONED, manager.validateRenderingUri(uri)); }
@Test public void invalidLockedDomainValidSuffixLdDisabled() { Uri uri = makeValidationTestUri(LD_PREFIX + LD_SUFFIX_ALT, null); DefaultIframeUriManager manager = makeManager(false, false); manager.setLockedDomainEnabled(false); assertEquals(UriStatus.VALID_UNVERSIONED, manager.validateRenderingUri(uri)); }
protected void addAllUserPrefs(UriBuilder uri, Gadget gadget, View view, boolean useTpl) { GadgetContext context = gadget.getContext(); UserPrefs prefs = context.getUserPrefs(); for (UserPref up : gadget.getSpec().getUserPrefs().values()) { String name = up.getName(); String data = prefs.getPref(name); if (data == null) { data = up.getDefaultValue(); } boolean upInFragment = !view.needsUserPrefSubstitution(); addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data, useTpl, upInFragment); } }
@Inject public DefaultIframeUriManager(ContainerConfig config, LockedDomainPrefixGenerator ldGen, SecurityTokenCodec securityTokenCodec) { this.config = config; this.ldGen = ldGen; this.securityTokenCodec = securityTokenCodec; Collection<String> containers = config.getContainers(); List<String> ldSuffixes = Lists.newArrayListWithCapacity(containers.size()); for (String container : containers) { ldSuffixes.add(getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY)); } this.ldSuffixes = Collections.unmodifiableList(ldSuffixes); }
uri.setPath(getReqVal(container, IFRAME_BASE_PATH_KEY)); if (usingLockedDomain(gadget, container)) { host = ldGen.getLockedDomainPrefix(gadget.getSpec().getUrl()) + getReqVal(container, LOCKED_DOMAIN_SUFFIX_KEY); } else { host = getReqVal(container, UNLOCKED_DOMAIN_KEY); if (StringUtils.isBlank(gadgetUri.getScheme())) { uri.setAuthority(host); uri.setScheme(getScheme(gadget, container)); } else { uri.setAuthority(gadgetUri.getAuthority()); addParam(uri, Param.VIEW.getKey(), view.getName(), useTpl, false); addParam(uri, Param.LANG.getKey(), context.getLocale().getLanguage(), useTpl, false); addParam(uri, Param.COUNTRY.getKey(), context.getLocale().getCountry(), useTpl, false); addParam(uri, Param.DEBUG.getKey(), context.getDebug() ? "1" : "0", useTpl, false); addParam(uri, Param.NO_CACHE.getKey(), context.getIgnoreCache() ? "1" : "0", useTpl, false); addParam(uri, UriCommon.USER_PREF_PREFIX + up.getName(), data, useTpl, upInFragment); addParam(uri, Param.VERSION.getKey(), versioner.version(gadget.getSpec().getUrl(), container), false, false); if (wantsSecurityToken(gadget)) { boolean securityTokenOnQuery = isTokenNeededForRendering(gadget); String securityToken = generateSecurityToken(gadget);
private void addParam(UriBuilder uri, String key, String data, boolean templated, boolean fragment) { String value; if (templated) { value = tplKey(key); } else { value = data; } if (!fragment) { uri.addQueryParameter(key, value); } else { uri.addFragmentParameter(key, value); } }
@Test public void versionerVersionInvalid() throws Exception { Uri uri = makeValidationTestUri(LD_PREFIX + LD_SUFFIX, "in-version"); DefaultIframeUriManager manager = makeManager(false, false); manager.setVersioner(mockVersioner("test-version", false)); // Invalid, if present. assertEquals(UriStatus.INVALID_VERSION, manager.validateRenderingUri(uri)); }
@Test public void validUnversionedNoVersioner() throws Exception { Uri uri = makeValidationTestUri(LD_PREFIX + LD_SUFFIX, "version"); DefaultIframeUriManager manager = makeManager(false, false); assertEquals(UriStatus.VALID_UNVERSIONED, manager.validateRenderingUri(uri)); }