geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject geode git commit: GEODE-2212: request headers are case-insensitive
Date Thu, 15 Dec 2016 17:40:58 GMT
Repository: geode
Updated Branches:
  refs/heads/develop 6d1afc5e0 -> 4696d1b31


GEODE-2212: request headers are case-insensitive


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/4696d1b3
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/4696d1b3
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/4696d1b3

Branch: refs/heads/develop
Commit: 4696d1b315ed56ccae90592bed6dd662f17597e0
Parents: 6d1afc5
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Wed Dec 14 21:37:44 2016 -0800
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Thu Dec 15 09:40:38 2016 -0800

----------------------------------------------------------------------
 .../support/LoginHandlerInterceptor.java        |  5 +-
 ...andlerInterceptorRequestHeaderJUnitTest.java | 50 ++++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/4696d1b3/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
index ccc2856..79c8c27 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
@@ -99,12 +99,13 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter
{
     for (Enumeration<String> requestHeaders = request.getHeaderNames(); requestHeaders
         .hasMoreElements();) {
 
-      final String requestHeader = requestHeaders.nextElement();
+      // since http request headers are case-insensitive and all our security-* properties
+      // are in lower case, it's safe to do toLowerCase here.
+      final String requestHeader = requestHeaders.nextElement().toLowerCase();
 
       if (requestHeader.startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
         requestParameterValues.put(requestHeader, request.getHeader(requestHeader));
       }
-
     }
 
     String username = requestParameterValues.get(ResourceConstants.USER_NAME);

http://git-wip-us.apache.org/repos/asf/geode/blob/4696d1b3/geode-web/src/test/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptorRequestHeaderJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptorRequestHeaderJUnitTest.java
b/geode-web/src/test/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptorRequestHeaderJUnitTest.java
new file mode 100644
index 0000000..a7190f9
--- /dev/null
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptorRequestHeaderJUnitTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.geode.management.internal.web.controllers.support;
+
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.apache.geode.test.junit.categories.UnitTest;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import java.util.Map;
+
+@Category(UnitTest.class)
+public class LoginHandlerInterceptorRequestHeaderJUnitTest {
+
+  @Test
+  public void testCaseInsensitive() throws Exception {
+    LoginHandlerInterceptor interceptor = new LoginHandlerInterceptor();
+    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
+    mockRequest.addHeader("Security-Username", "John");
+    mockRequest.addHeader("Security-Password", "Password");
+    mockRequest.addHeader("security-something", "anything");
+    mockRequest.addHeader("Content-Type", "application/json");
+
+    interceptor.preHandle(mockRequest, null, null);
+    Map<String, String> env = interceptor.getEnvironment();
+
+    // make sure only security-* are put in the environment variable
+    assertThat(env).hasSize(3);
+    assertThat(env.get("security-username")).isEqualTo("John");
+    assertThat(env.get("security-password")).isEqualTo("Password");
+    assertThat(env.get("security-something")).isEqualTo("anything");
+  }
+
+}


Mime
View raw message