private ResourceUrlProvider createUrlProvider(List<ResourceResolver> resolvers) { ResourceHttpRequestHandler resourceHandler = new ResourceHttpRequestHandler(); resourceHandler.setResourceResolvers(resolvers); resourceHandler.setLocations(Collections.singletonList(new ClassPathResource("test/", getClass()))); ResourceUrlProvider resourceUrlProvider = new ResourceUrlProvider(); resourceUrlProvider.setHandlerMap(Collections.singletonMap("/static/**", resourceHandler)); return resourceUrlProvider; }
@Before public void setUp() throws Exception { this.locations.add(new ClassPathResource("test/", getClass())); this.locations.add(new ClassPathResource("testalternatepath/", getClass())); this.handler.setServletContext(new MockServletContext()); this.handler.setLocations(locations); this.handler.afterPropertiesSet(); this.handlerMap.put("/resources/**", this.handler); this.urlProvider.setHandlerMap(this.handlerMap); }
private ResourceUrlProvider createResourceUrlProvider(List<ResourceResolver> resolvers) { ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setLocations(Collections.singletonList(new ClassPathResource("test/", getClass()))); handler.setResourceResolvers(resolvers); ResourceUrlProvider urlProvider = new ResourceUrlProvider(); urlProvider.setHandlerMap(Collections.singletonMap("/resources/**", handler)); return urlProvider; }
private ResourceUrlProvider createUrlProvider(List<ResourceResolver> resolvers) { ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setLocations(Collections.singletonList(new ClassPathResource("test/", getClass()))); handler.setResourceResolvers(resolvers); ResourceUrlProvider urlProvider = new ResourceUrlProvider(); urlProvider.setHandlerMap(Collections.singletonMap("/resources/**", handler)); return urlProvider; }
private ResourceUrlProvider createUrlProvider(List<ResourceResolver> resolvers) { ClassPathResource allowedLocation = new ClassPathResource("test/", getClass()); ResourceHttpRequestHandler resourceHandler = new ResourceHttpRequestHandler(); resourceHandler.setResourceResolvers(resolvers); resourceHandler.setLocations(Collections.singletonList(allowedLocation)); ResourceUrlProvider resourceUrlProvider = new ResourceUrlProvider(); resourceUrlProvider.setHandlerMap(Collections.singletonMap("/static/**", resourceHandler)); return resourceUrlProvider; }
@Before public void setup() throws Exception { List<Resource> paths = new ArrayList<>(2); paths.add(new ClassPathResource("test/", getClass())); paths.add(new ClassPathResource("testalternatepath/", getClass())); paths.add(new ClassPathResource("META-INF/resources/webjars/")); this.handler = new ResourceHttpRequestHandler(); this.handler.setLocations(paths); this.handler.setCacheSeconds(3600); this.handler.setServletContext(new TestServletContext()); this.handler.afterPropertiesSet(); this.request = new MockHttpServletRequest("GET", ""); this.response = new MockHttpServletResponse(); }
@Test public void testInvalidPath() throws Exception { // Use mock ResourceResolver: i.e. we're only testing upfront validations... Resource resource = mock(Resource.class); when(resource.getFilename()).thenThrow(new AssertionError("Resource should not be resolved")); when(resource.getInputStream()).thenThrow(new AssertionError("Resource should not be resolved")); ResourceResolver resolver = mock(ResourceResolver.class); when(resolver.resolveResource(any(), any(), any(), any())).thenReturn(resource); ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setLocations(Collections.singletonList(new ClassPathResource("test/", getClass()))); handler.setResourceResolvers(Collections.singletonList(resolver)); handler.setServletContext(new TestServletContext()); handler.afterPropertiesSet(); testInvalidPath("../testsecret/secret.txt", handler); testInvalidPath("test/../../testsecret/secret.txt", handler); testInvalidPath(":/../../testsecret/secret.txt", handler); Resource location = new UrlResource(getClass().getResource("./test/")); this.handler.setLocations(Collections.singletonList(location)); Resource secretResource = new UrlResource(getClass().getResource("testsecret/secret.txt")); String secretPath = secretResource.getURL().getPath(); testInvalidPath("file:" + secretPath, handler); testInvalidPath("/file:" + secretPath, handler); testInvalidPath("url:" + secretPath, handler); testInvalidPath("/url:" + secretPath, handler); testInvalidPath("/../.." + secretPath, handler); testInvalidPath("/%2E%2E/testsecret/secret.txt", handler); testInvalidPath("/%2E%2E/testsecret/secret.txt", handler); testInvalidPath("%2F%2F%2E%2E%2F%2F%2E%2E" + secretPath, handler); }
@Test // SPR-12647 public void bestPatternMatch() throws Exception { ResourceHttpRequestHandler otherHandler = new ResourceHttpRequestHandler(); otherHandler.setLocations(this.locations); Map<String, VersionStrategy> versionStrategyMap = new HashMap<>(); versionStrategyMap.put("/**", new ContentVersionStrategy()); VersionResourceResolver versionResolver = new VersionResourceResolver(); versionResolver.setStrategyMap(versionStrategyMap); List<ResourceResolver> resolvers = new ArrayList<>(); resolvers.add(versionResolver); resolvers.add(new PathResourceResolver()); otherHandler.setResourceResolvers(resolvers); this.handlerMap.put("/resources/*.css", otherHandler); this.urlProvider.setHandlerMap(this.handlerMap); String url = this.urlProvider.getForLookupPath("/resources/foo.css"); assertEquals("/resources/foo-e36d2e05253c6c7085a91522ce43a0b4.css", url); }
private void testResolvePathWithTraversal(HttpMethod httpMethod) throws Exception { this.request.setMethod(httpMethod.name()); Resource location = new ClassPathResource("test/", getClass()); this.handler.setLocations(Collections.singletonList(location)); testResolvePathWithTraversal(location, "../testsecret/secret.txt"); testResolvePathWithTraversal(location, "test/../../testsecret/secret.txt"); testResolvePathWithTraversal(location, ":/../../testsecret/secret.txt"); location = new UrlResource(getClass().getResource("./test/")); this.handler.setLocations(Collections.singletonList(location)); Resource secretResource = new UrlResource(getClass().getResource("testsecret/secret.txt")); String secretPath = secretResource.getURL().getPath(); testResolvePathWithTraversal(location, "file:" + secretPath); testResolvePathWithTraversal(location, "/file:" + secretPath); testResolvePathWithTraversal(location, "url:" + secretPath); testResolvePathWithTraversal(location, "/url:" + secretPath); testResolvePathWithTraversal(location, "/" + secretPath); testResolvePathWithTraversal(location, "////../.." + secretPath); testResolvePathWithTraversal(location, "/%2E%2E/testsecret/secret.txt"); testResolvePathWithTraversal(location, "%2F%2F%2E%2E%2F%2Ftestsecret/secret.txt"); testResolvePathWithTraversal(location, "/ " + secretPath); }
@Test public void initAllowedLocationsWithExplicitConfiguration() throws Exception { ClassPathResource location1 = new ClassPathResource("test/", getClass()); ClassPathResource location2 = new ClassPathResource("testalternatepath/", getClass()); PathResourceResolver pathResolver = new PathResourceResolver(); pathResolver.setAllowedLocations(location1); ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setResourceResolvers(Collections.singletonList(pathResolver)); handler.setServletContext(new MockServletContext()); handler.setLocations(Arrays.asList(location1, location2)); handler.afterPropertiesSet(); Resource[] locations = pathResolver.getAllowedLocations(); assertEquals(1, locations.length); assertEquals("test/", ((ClassPathResource) locations[0]).getPath()); }
@Test // SPR-14368 public void getResourceWithMediaTypeResolvedThroughServletContext() throws Exception { MockServletContext servletContext = new MockServletContext() { @Override public String getMimeType(String filePath) { return "foo/bar"; } @Override public String getVirtualServerName() { return ""; } }; List<Resource> paths = Collections.singletonList(new ClassPathResource("test/", getClass())); ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setServletContext(servletContext); handler.setLocations(paths); handler.afterPropertiesSet(); this.request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "foo.css"); handler.handleRequest(this.request, this.response); assertEquals("foo/bar", this.response.getContentType()); assertEquals("h1 { color:red; }", this.response.getContentAsString()); }
@Test // SPR-14577 public void getMediaTypeWithFavorPathExtensionOff() throws Exception { ContentNegotiationManagerFactoryBean factory = new ContentNegotiationManagerFactoryBean(); factory.setFavorPathExtension(false); factory.afterPropertiesSet(); ContentNegotiationManager manager = factory.getObject(); List<Resource> paths = Collections.singletonList(new ClassPathResource("test/", getClass())); ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setServletContext(new MockServletContext()); handler.setLocations(paths); handler.setContentNegotiationManager(manager); handler.afterPropertiesSet(); this.request.addHeader("Accept", "application/json,text/plain,*/*"); this.request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "foo.html"); handler.handleRequest(this.request, this.response); assertEquals("text/html", this.response.getContentType()); }
@Test // SPR-13658 public void getResourceWithRegisteredMediaType() throws Exception { ContentNegotiationManagerFactoryBean factory = new ContentNegotiationManagerFactoryBean(); factory.addMediaType("bar", new MediaType("foo", "bar")); factory.afterPropertiesSet(); ContentNegotiationManager manager = factory.getObject(); List<Resource> paths = Collections.singletonList(new ClassPathResource("test/", getClass())); ResourceHttpRequestHandler handler = new ResourceHttpRequestHandler(); handler.setServletContext(new MockServletContext()); handler.setLocations(paths); handler.setContentNegotiationManager(manager); handler.afterPropertiesSet(); this.request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "foo.bar"); handler.handleRequest(this.request, this.response); assertEquals("foo/bar", this.response.getContentType()); assertEquals("h1 { color:red; }", this.response.getContentAsString()); }