sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From asa...@apache.org
Subject svn commit: r1616677 - in /sling/trunk/bundles/engine/src: main/java/org/apache/sling/engine/impl/ main/java/org/apache/sling/engine/impl/request/ test/java/org/apache/sling/engine/impl/
Date Fri, 08 Aug 2014 05:31:49 GMT
Author: asanso
Date: Fri Aug  8 05:31:48 2014
New Revision: 1616677

URL: http://svn.apache.org/r1616677
Log:
SLING-3815 - Add support for X-Content-Type-Options: nosniff 

Added:
    sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/StaticResponseHeader.java
    sling/trunk/bundles/engine/src/test/java/org/apache/sling/engine/impl/StaticResponseHeaderTest.java
Modified:
    sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
    sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
    sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/request/RequestData.java

Modified: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java?rev=1616677&r1=1616676&r2=1616677&view=diff
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
(original)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingHttpServletResponseImpl.java
Fri Aug  8 05:31:48 2014
@@ -43,6 +43,12 @@ public class SlingHttpServletResponseImp
         super(response);
         this.requestData = requestData;
         this.firstSlingResponse = !(response instanceof SlingHttpServletResponse);
+        
+        if (firstSlingResponse && RequestData.getAdditionalResponseHeaders() != null)
{
+            for (StaticResponseHeader mapping: RequestData.getAdditionalResponseHeaders())
{
+                response.addHeader(mapping.getResponseHeaderName(), mapping.getResponseHeaderValue());
+            }
+        }
     }
 
     protected final RequestData getRequestData() {

Modified: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java?rev=1616677&r1=1616676&r2=1616677&view=diff
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
(original)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
Fri Aug  8 05:31:48 2014
@@ -110,6 +110,14 @@ public class SlingMainServlet extends Ge
 
     @Property
     private static final String PROP_SERVER_INFO = "sling.serverinfo";
+    
+
+    @Property(value = {"X-Content-Type-Options=nosniff"},
+            label = "Additional response headers",
+            description = "Provides mappings for additional response headers "
+                + "Each entry is of the form 'bundleId [ \":\" responseHeaderName ] \"=\"
responseHeaderValue' ",
+            unbounded = PropertyUnbounded.ARRAY)
+    private static final String PROP_ADDITIONAL_RESPONSE_HEADERS = "sling.additional.response.headers";
 
     @Reference
     private HttpService httpService;
@@ -173,7 +181,7 @@ public class SlingMainServlet extends Ge
     private ServiceRegistration requestProcessorMBeanRegistration;
 
     private String configuredServerInfo;
-
+    
     // ---------- Servlet API -------------------------------------------------
 
     @Override
@@ -334,6 +342,22 @@ public class SlingMainServlet extends Ge
     @Activate
     protected void activate(final BundleContext bundleContext,
             final Map<String, Object> componentConfig) {
+        
+        final String[] props = PropertiesUtil.toStringArray(componentConfig.get(PROP_ADDITIONAL_RESPONSE_HEADERS));
+        
+        final ArrayList<StaticResponseHeader> mappings = new ArrayList<StaticResponseHeader>(props.length);
+        for (final String prop : props) {
+            if (prop != null && prop.trim().length() > 0 ) {
+                try {
+                    final StaticResponseHeader mapping = new StaticResponseHeader(prop.trim());
+                    mappings.add(mapping);
+                } catch (final IllegalArgumentException iae) {
+                    log.info("configure: Ignoring '{}': {}", prop, iae.getMessage());
+                }
+            }
+        }
+        RequestData.setAdditionalResponseHeaders(mappings);
+        
         configuredServerInfo = PropertiesUtil.toString(componentConfig.get(PROP_SERVER_INFO),
null);
 
         // setup server info

Added: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/StaticResponseHeader.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/StaticResponseHeader.java?rev=1616677&view=auto
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/StaticResponseHeader.java
(added)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/StaticResponseHeader.java
Fri Aug  8 05:31:48 2014
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.engine.impl;
+
+/**
+ * The <code>Mapping</code> class defines the mapping of a optional additional

+ * response headers
+ */
+public class StaticResponseHeader {
+
+    private final String responseHeaderName;
+
+    private final String responseHeaderValue;
+
+    /**
+     * Creates a mapping entry for the entry specification of the form:
+     *
+     * <pre>
+     * spec = responseHeaderName "=" responseHeaderValue .
+     * </pre>
+     *
+     * @param spec The mapping specification.
+     * @throws NullPointerException if {@code spec} is {@code null}.
+     * @throws IllegalArgumentException if {@code spec} does not match the
+     *             expected pattern.
+     */
+    StaticResponseHeader(final String spec) {
+
+        if (spec.length() == 0) {
+            throw new IllegalArgumentException("responseHeader must not be empty");
+        }
+
+        final int equals = spec.indexOf('=');
+
+        if (equals <= 0) {
+            throw new IllegalArgumentException("responseHeaderName is required");
+        } else if (equals == spec.length() - 1) {
+            throw new IllegalArgumentException("responseHeaderValue is required");
+        }
+
+        this.responseHeaderName = spec.substring(0, equals);
+        this.responseHeaderValue = spec.substring(equals + 1);
+    }
+
+    public String getResponseHeaderName() {
+        return responseHeaderName;
+    }
+
+    public String getResponseHeaderValue() {
+        return responseHeaderValue;
+    } 
+}

Modified: sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/request/RequestData.java?rev=1616677&r1=1616676&r2=1616677&view=diff
==============================================================================
--- sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
(original)
+++ sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/request/RequestData.java
Fri Aug  8 05:31:48 2014
@@ -23,6 +23,7 @@ import static org.apache.sling.api.Sling
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
 
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
@@ -46,6 +47,7 @@ import org.apache.sling.api.resource.Res
 import org.apache.sling.api.servlets.ServletResolver;
 import org.apache.sling.api.wrappers.SlingHttpServletRequestWrapper;
 import org.apache.sling.api.wrappers.SlingHttpServletResponseWrapper;
+import org.apache.sling.engine.impl.StaticResponseHeader;
 import org.apache.sling.engine.impl.SlingHttpServletRequestImpl;
 import org.apache.sling.engine.impl.SlingHttpServletRequestImpl3;
 import org.apache.sling.engine.impl.SlingHttpServletResponseImpl;
@@ -108,6 +110,8 @@ public class RequestData {
     private static SlingMainServlet SLING_MAIN_SERVLET;
 
     private static SlingHttpServletRequestFactory REQUEST_FACTORY;
+    
+    private static ArrayList<StaticResponseHeader> ADDITIONAL_RESPONSE_HEADERS;
 
     /** The SlingMainServlet used for request dispatching and other stuff */
     private final SlingRequestProcessorImpl slingRequestProcessor;
@@ -180,6 +184,14 @@ public class RequestData {
         RequestData.SLING_MAIN_SERVLET = slingMainServlet;
         RequestData.REQUEST_FACTORY = null;
     }
+    
+    public static void setAdditionalResponseHeaders(ArrayList<StaticResponseHeader>
mappings){
+        RequestData.ADDITIONAL_RESPONSE_HEADERS = mappings;
+    }    
+    
+    public static ArrayList<StaticResponseHeader> getAdditionalResponseHeaders() {
+        return ADDITIONAL_RESPONSE_HEADERS;
+    }
 
     public RequestData(SlingRequestProcessorImpl slingRequestProcessor,
             HttpServletRequest request, HttpServletResponse response) {

Added: sling/trunk/bundles/engine/src/test/java/org/apache/sling/engine/impl/StaticResponseHeaderTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/test/java/org/apache/sling/engine/impl/StaticResponseHeaderTest.java?rev=1616677&view=auto
==============================================================================
--- sling/trunk/bundles/engine/src/test/java/org/apache/sling/engine/impl/StaticResponseHeaderTest.java
(added)
+++ sling/trunk/bundles/engine/src/test/java/org/apache/sling/engine/impl/StaticResponseHeaderTest.java
Fri Aug  8 05:31:48 2014
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.engine.impl;
+
+import junit.framework.TestCase;
+import org.junit.Test;
+
+public class StaticResponseHeaderTest {
+
+    @Test
+    public void test_constructor_null() {
+        try {
+            new StaticResponseHeader(null);
+            TestCase.fail("NullPointerException expected");
+        } catch (NullPointerException npe) {
+            // expected
+        }
+    }
+
+    @Test
+    public void test_constructor_empty() {
+        try {
+            new StaticResponseHeader("");
+            TestCase.fail("IllegalArgumentException expected");
+        } catch (IllegalArgumentException iae) {
+            // expected
+        }
+    }
+
+    @Test
+    public void test_constructor_missing_responseHeaderValue() {
+        try {
+            new StaticResponseHeader("responseHeader");
+            TestCase.fail("IllegalArgumentException expected");
+        } catch (IllegalArgumentException iae) {
+            // expected
+        }
+
+        try {
+            new StaticResponseHeader("responseHeaderName=");
+            TestCase.fail("IllegalArgumentException expected");
+        } catch (IllegalArgumentException iae) {
+            // expected
+        }
+    }
+
+    @Test
+    public void test_constructor_missing_responseHeaderName() {
+        try {
+            new StaticResponseHeader("=user");
+            TestCase.fail("IllegalArgumentException expected");
+        } catch (IllegalArgumentException iae) {
+            // expected
+        }
+    }
+
+    @Test
+    public void test_constructor_and_map() {
+        assertMapping("responseHeaderName", "responseHeaderValue");
+    }
+
+    private void assertMapping(final String responseHeaderName, final String responseHeaderValue)
{
+        StringBuilder spec = new StringBuilder();
+        spec.append(responseHeaderName);
+        spec.append('=').append(responseHeaderValue);
+
+        // spec analysis
+        final StaticResponseHeader mapping = new StaticResponseHeader(spec.toString());
+        TestCase.assertEquals(responseHeaderName, mapping.getResponseHeaderName());
+        TestCase.assertEquals(responseHeaderValue, mapping.getResponseHeaderValue());
+    }
+}



Mime
View raw message