This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git


The following commit(s) were added to refs/heads/master by this push:
     new fde0d09  Testing other common cases for the CMS Security Filter
fde0d09 is described below

commit fde0d090bd412caa67fcecb61aa62dc6c8c704ea
Author: Dan Klco <dklco@apache.org>
AuthorDate: Wed Sep 23 22:49:00 2020 -0400

    Testing other common cases for the CMS Security Filter
---
 .../internal/filters/CMSSecurityFilterTest.java    | 90 ++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
index 7edc430..c8c853a 100644
--- a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
+++ b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
@@ -26,6 +26,8 @@ import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.cms.PublishableResource;
 import org.apache.sling.cms.core.helpers.SlingCMSTestHelper;
 import org.apache.sling.cms.publication.PUBLICATION_MODE;
 import org.apache.sling.cms.publication.PublicationManagerFactory;
@@ -99,4 +101,92 @@ public class CMSSecurityFilterTest {
         securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
         assertEquals(200, context.response().getStatus());
     }
+
+    @Test
+    public void testAllowedPath() throws IOException, ServletException {
+
+        PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+        Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+        context.registerService(PublicationManagerFactory.class, factory);
+
+        CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+        config.activate(new CMSSecurityFilterConfig() {
+
+            @Override
+            public Class<? extends Annotation> annotationType() {
+                return null;
+            }
+
+            @Override
+            public String[] hostDomains() {
+                return new String[] { "cms.apache.org" };
+            }
+
+            @Override
+            public String[] allowedPatterns() {
+                return new String[] { "\\/static\\/.*" };
+            }
+
+            @Override
+            public String group() {
+                return null;
+            }
+
+        });
+        context.registerService(CMSSecurityConfigInstance.class, config);
+
+        securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+        context.request().setRemoteHost("cms.apache.org");
+        context.request().setServletPath("/static/test1.txt");
+
+        securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+        assertEquals(200, context.response().getStatus());
+    }
+
+    @Test
+    public void testPublished() throws IOException, ServletException {
+
+        PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+        Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+        context.registerService(PublicationManagerFactory.class, factory);
+
+        CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+        config.activate(new CMSSecurityFilterConfig() {
+
+            @Override
+            public Class<? extends Annotation> annotationType() {
+                return null;
+            }
+
+            @Override
+            public String[] hostDomains() {
+                return new String[] { "cms.apache.org" };
+            }
+
+            @Override
+            public String[] allowedPatterns() {
+                return new String[] { "\\/static\\/.*" };
+            }
+
+            @Override
+            public String group() {
+                return null;
+            }
+
+        });
+        context.registerService(CMSSecurityConfigInstance.class, config);
+
+        securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+        context.request().setRemoteHost("cms.apache.org");
+        context.request().setServletPath("/content/test1.txt");
+
+        PublishableResource published = Mockito.mock(PublishableResource.class);
+        Mockito.when(published.isPublished()).thenReturn(true);
+        context.registerAdapter(Resource.class, PublishableResource.class, published);
+
+        securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+        assertEquals(200, context.response().getStatus());
+    }
 }
\ No newline at end of file