Return-Path: X-Original-To: apmail-sling-commits-archive@www.apache.org Delivered-To: apmail-sling-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 29467EB6A for ; Wed, 5 Dec 2012 13:33:36 +0000 (UTC) Received: (qmail 13611 invoked by uid 500); 5 Dec 2012 13:33:35 -0000 Delivered-To: apmail-sling-commits-archive@sling.apache.org Received: (qmail 13524 invoked by uid 500); 5 Dec 2012 13:33:34 -0000 Mailing-List: contact commits-help@sling.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sling.apache.org Delivered-To: mailing list commits@sling.apache.org Received: (qmail 13491 invoked by uid 99); 5 Dec 2012 13:33:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2012 13:33:33 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2012 13:33:32 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7061A238896F; Wed, 5 Dec 2012 13:33:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1417415 - in /sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal: SlingServletResolver.java helper/AbstractResourceCollector.java helper/NamedScriptResourceCollector.java Date: Wed, 05 Dec 2012 13:33:12 -0000 To: commits@sling.apache.org From: fmeschbe@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121205133312.7061A238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: fmeschbe Date: Wed Dec 5 13:33:11 2012 New Revision: 1417415 URL: http://svn.apache.org/viewvc?rev=1417415&view=rev Log: Add JavaDoc on isPathAllowed method and normalize paths before checking whether they are allowed Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java?rev=1417415&r1=1417414&r2=1417415&view=diff ============================================================================== --- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java (original) +++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/SlingServletResolver.java Wed Dec 5 13:33:11 2012 @@ -364,8 +364,9 @@ public class SlingServletResolver // first check whether the type of a resource is the absolute // path of a servlet (or script) if (scriptName.charAt(0) == '/') { - if ( this.isPathAllowed(scriptName) ) { - final Resource res = resolver.getResource(scriptName); + final String scriptPath = ResourceUtil.normalize(scriptName); + if ( this.isPathAllowed(scriptPath) ) { + final Resource res = resolver.getResource(scriptPath); if (res != null) { servlet = res.adaptTo(Servlet.class); } @@ -399,8 +400,9 @@ public class SlingServletResolver SlingScript script = null; if (name.startsWith("/")) { - if ( this.isPathAllowed(name) ) { - final Resource resource = resourceResolver.getResource(name); + final String path = ResourceUtil.normalize(name); + if ( this.isPathAllowed(path) ) { + final Resource resource = resourceResolver.getResource(path); if (resource != null) { script = resource.adaptTo(SlingScript.class); } @@ -410,7 +412,7 @@ public class SlingServletResolver // relative script resolution against search path final String[] path = resourceResolver.getSearchPath(); for (int i = 0; script == null && i < path.length; i++) { - final String scriptPath = path[i] + name; + final String scriptPath = ResourceUtil.normalize(path[i] + name); if ( this.isPathAllowed(scriptPath) ) { final Resource resource = resourceResolver.getResource(scriptPath); if (resource != null) { @@ -579,12 +581,12 @@ public class SlingServletResolver // first check whether the type of a resource is the absolute // path of a servlet (or script) if (type.charAt(0) == '/') { - if ( this.isPathAllowed(type) ) { - String path = type; + String scriptPath = ResourceUtil.normalize(type); + if ( this.isPathAllowed(scriptPath) ) { if ( workspaceName != null ) { - path = workspaceName + ':' + type; + scriptPath = workspaceName + ':' + type; } - final Resource res = resolver.getResource(path); + final Resource res = resolver.getResource(scriptPath); if (res != null) { servlet = res.adaptTo(Servlet.class); } Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java?rev=1417415&r1=1417414&r2=1417415&view=diff ============================================================================== --- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java (original) +++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/AbstractResourceCollector.java Wed Dec 5 13:33:11 2012 @@ -191,23 +191,46 @@ public abstract class AbstractResourceCo /** * This method checks whether a path is allowed to be executed. + * + * @param path The path to check (must not be {@code null} or empty) + * @param executionPaths The path to check against + * @return {@code true} if the executionPaths is {@code null} or empty or if + * the path equals one entry or one of the executionPaths entries is + * a prefix to the path. Otherwise or if path is {@code null} + * {@code false} is returned. */ public static boolean isPathAllowed(final String path, final String[] executionPaths) { - if ( executionPaths == null ) { + if (executionPaths == null || executionPaths.length == 0) { + SlingServletResolver.LOGGER.debug("Accepting servlet at '{}' as there are no configured execution paths.", + path); return true; } - for(final String config : executionPaths ) { - if ( config.endsWith("/") ) { - if ( path.startsWith(config) ) { + + if (path == null || path.length() == 0) { + SlingServletResolver.LOGGER.debug("Ignoring servlet with empty path."); + return false; + } + + for (final String config : executionPaths) { + if (config.endsWith("/")) { + if (path.startsWith(config)) { + SlingServletResolver.LOGGER.debug( + "Accepting servlet at '{}' as the path is prefixed with configured execution path '{}'.", path, + config); return true; } - } else if ( path.equals(config) ) { + } else if (path.equals(config)) { + SlingServletResolver.LOGGER.debug( + "Accepting servlet at '{}' as the path equals configured execution path '{}'.", path, config); return true; } } - if ( SlingServletResolver.LOGGER.isDebugEnabled() ) { - SlingServletResolver.LOGGER.debug("Ignoring servlet at '{}' as the path is not in the configured execution paths.", path); + + if (SlingServletResolver.LOGGER.isDebugEnabled()) { + SlingServletResolver.LOGGER.debug( + "Ignoring servlet at '{}' as the path is not in the configured execution paths.", path); } + return false; } Modified: sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java?rev=1417415&r1=1417414&r2=1417415&view=diff ============================================================================== --- sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java (original) +++ sling/trunk/bundles/servlets/resolver/src/main/java/org/apache/sling/servlets/resolver/internal/helper/NamedScriptResourceCollector.java Wed Dec 5 13:33:11 2012 @@ -88,7 +88,7 @@ public class NamedScriptResourceCollecto final ResourceResolver resolver = location.getResourceResolver(); // if extension is set, we first check for an exact script match if ( this.extension != null ) { - final String path = location.getPath() + '/' + this.scriptName; + final String path = ResourceUtil.normalize(location.getPath() + '/' + this.scriptName); if ( this.isPathAllowed(path) ) { final Resource current = resolver.getResource(path); if ( current != null ) {