Author: jboynes
Date: Tue Dec 2 05:09:47 2014
New Revision: 1642801
URL: http://svn.apache.org/r1642801
Log:
Cleanup warnings and add test for issue 57290
Added:
tomcat/taglibs/standard/trunk/spec/src/test/
tomcat/taglibs/standard/trunk/spec/src/test/java/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java
(with props)
Modified:
tomcat/taglibs/standard/trunk/spec/pom.xml
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
Modified: tomcat/taglibs/standard/trunk/spec/pom.xml
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/pom.xml?rev=1642801&r1=1642800&r2=1642801&view=diff
==============================================================================
--- tomcat/taglibs/standard/trunk/spec/pom.xml (original)
+++ tomcat/taglibs/standard/trunk/spec/pom.xml Tue Dec 2 05:09:47 2014
@@ -80,6 +80,19 @@
<version>1.0</version>
<scope>provided</scope>
</dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <version>3.0</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
Modified:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java?rev=1642801&r1=1642800&r2=1642801&view=diff
==============================================================================
---
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
(original)
+++
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
Tue Dec 2 05:09:47 2014
@@ -18,6 +18,7 @@ package javax.servlet.jsp.jstl.tlv;
import java.io.IOException;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
@@ -40,6 +41,10 @@ import org.xml.sax.helpers.DefaultHandle
* to tag libraries permitted to be imported on the page in addition to the tag
* library that references PermittedTaglibsTLV (which is allowed implicitly).
* </ul>
+ * <p>This implementation only detects tag libraries declared on the {@code
<jsp:root>} element,
+ * including libraries in regular JSP files or JSP Documents with a specific
{@code <jsp:root>}.
+ * It does not detect libraries declared on other elements as supported by JSP
2.0.
+ * </p>
*
* @author Shawn Bayern
*/
@@ -62,56 +67,31 @@ public class PermittedTaglibsTLV extends
private static final PageParser parser = new PageParser(false);
- //*********************************************************************
- // Validation and configuration state (protected)
-
- private Set permittedTaglibs; // what URIs are allowed?
- private boolean failed; // did the page fail?
- private String uri; // our taglib's URI
-
- //*********************************************************************
- // Constructor and lifecycle management
+ private final Set<String> permittedTaglibs; // what URIs are
allowed?
public PermittedTaglibsTLV() {
- super();
- init();
- }
-
- private void init() {
- permittedTaglibs = null;
+ permittedTaglibs = new HashSet<String>();
}
@Override
- public void release() {
- super.release();
- init();
+ public void setInitParameters(Map<String, Object> initParams) {
+ super.setInitParameters(initParams);
+ permittedTaglibs.clear();
+ String uris = (String) initParams.get(PERMITTED_TAGLIBS_PARAM);
+ if (uris != null) {
+ StringTokenizer st = new StringTokenizer(uris);
+ while (st.hasMoreTokens()) {
+ permittedTaglibs.add(st.nextToken());
+ }
+ }
}
-
- //*********************************************************************
- // Validation entry point
-
@Override
- public synchronized ValidationMessage[] validate(String prefix, String
uri, PageData page) {
+ public ValidationMessage[] validate(String prefix, String uri, PageData
page) {
try {
- // initialize
- this.uri = uri;
- permittedTaglibs = readConfiguration();
-
- // get a handler
- DefaultHandler h = new PermittedTaglibsHandler();
-
- // parse the page
+ PermittedTaglibsHandler h = new PermittedTaglibsHandler(prefix,
uri);
parser.parse(page, h);
-
- if (failed) {
- return vmFromString(
- "taglib " + prefix + " (" + uri + ") allows only the "
- + "following taglibs to be imported: " +
permittedTaglibs);
- } else {
- return null;
- }
-
+ return h.getResult();
} catch (SAXException ex) {
return vmFromString(ex.toString());
} catch (ParserConfigurationException ex) {
@@ -125,78 +105,62 @@ public class PermittedTaglibsTLV extends
//*********************************************************************
// Utility functions
- /**
- * Returns Set of permitted taglibs, based on configuration data.
- */
- private Set readConfiguration() {
-
- // initialize the Set
- Set s = new HashSet();
-
- // get the space-separated list of taglibs
- String uris = (String)
getInitParameters().get(PERMITTED_TAGLIBS_PARAM);
-
- // separate the list into individual uris and store them
- StringTokenizer st = new StringTokenizer(uris);
- while (st.hasMoreTokens()) {
- s.add(st.nextToken());
- }
-
- // return the new Set
- return s;
-
- }
-
// constructs a ValidationMessage[] from a single String and no ID
-
private ValidationMessage[] vmFromString(String message) {
- return new ValidationMessage[]{
- new ValidationMessage(null, message)
- };
+ return new ValidationMessage[]{new ValidationMessage(null, message)};
}
-
- //*********************************************************************
- // SAX handler
-
/**
* The handler that provides the base of our implementation.
*/
private class PermittedTaglibsHandler extends DefaultHandler {
+ private final String prefix;
+ private final String uri;
- // if the element is <jsp:root>, check its "xmlns:" attributes
-
- @Override
- public void startElement(
- String ns, String ln, String qn, Attributes a) {
+ private boolean failed;
- // ignore all but <jsp:root>
- if (!qn.equals(JSP_ROOT_QN) &&
- (!ns.equals(JSP_ROOT_URI) || !ln.equals(JSP_ROOT_NAME))) {
- return;
- }
-
- // for <jsp:root>, check the attributes
- for (int i = 0; i < a.getLength(); i++) {
- String name = a.getQName(i);
-
- // ignore non-namespace attributes, and xmlns:jsp
- if (!name.startsWith("xmlns:") || name.equals("xmlns:jsp")) {
- continue;
- }
+ public PermittedTaglibsHandler(String prefix, String uri) {
+ this.prefix = prefix;
+ this.uri = uri;
+ }
- String value = a.getValue(i);
- // ignore our own namespace declaration
- if (value.equals(uri)) {
- continue;
+ // TODO: https://issues.apache.org/bugzilla/show_bug.cgi?id=57290
(JSP2.0 Documents)
+ // If we had a way of determining if a namespace referred to a taglib
as opposed to being
+ // part of XML output we might be able to simplify this using
startPrefixMapping events.
+ @Override
+ public void startElement(String ns, String ln, String qn, Attributes
a) {
+ // look at namespaces declared on the <jsp:root> element
+ if (qn.equals(JSP_ROOT_QN) || (ns.equals(JSP_ROOT_URI) &&
ln.equals(JSP_ROOT_NAME))) {
+ for (int i = 0; i < a.getLength(); i++) {
+ String name = a.getQName(i);
+
+ // ignore non-namespace attributes
+ if (!name.startsWith("xmlns:")) {
+ continue;
+ }
+
+ String value = a.getValue(i);
+ // ignore any declaration for our taglib or the JSP
namespace
+ if (value.equals(uri) || value.equals(JSP_ROOT_URI)) {
+ continue;
+ }
+
+ // otherwise, ensure that 'value' is in 'permittedTaglibs'
set
+ if (!permittedTaglibs.contains(value)) {
+ failed = true;
+ }
}
+ }
+ }
- // otherwise, ensure that 'value' is in 'permittedTaglibs' set
- if (!permittedTaglibs.contains(value)) {
- failed = true;
- }
+ private ValidationMessage[] getResult() {
+ if (failed) {
+ return vmFromString(
+ "taglib " + prefix + " (" + uri + ") allows only the "
+ + "following taglibs to be imported: " +
permittedTaglibs);
+ } else {
+ return null;
}
}
}
-
}
Added:
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java?rev=1642801&view=auto
==============================================================================
---
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java
(added)
+++
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java
Tue Dec 2 05:09:47 2014
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package javax.servlet.jsp.jstl.tlv;
+
+import java.io.StringBufferInputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.jsp.tagext.PageData;
+import javax.servlet.jsp.tagext.ValidationMessage;
+
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import org.easymock.EasyMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class PermittedTaglibsTLVTest {
+
+ private static final String URI =
"http://jakarta.apache.org/taglibs/standard/permittedTaglibs";;
+
+ private PermittedTaglibsTLV tlv;
+ private PageData page;
+ private Map<String, Object> initParams = new HashMap<String, Object>();
+
+ @Before
+ public void createTlv() {
+ tlv = new PermittedTaglibsTLV();
+ page = EasyMock.createMock(PageData.class);
+ }
+
+ @Test
+ public void tagPermittedWhenDeclaredAtRoot() {
+ initParams.put("permittedTaglibs", "urn:test");
+ String xmlView = "<jsp:root xmlns:jsp='http://java.sun.com/JSP/Page'
xmlns:x='urn:test'
xmlns:p='http://jakarta.apache.org/taglibs/standard/permittedTaglibs'></jsp:root>";
+ expect(page.getInputStream()).andStubReturn(new
StringBufferInputStream(xmlView));
+
+ replay(page);
+ tlv.setInitParameters(initParams);
+ ValidationMessage[] messages = tlv.validate(null, URI, page);
+ assertTrue(messages == null || messages.length == 0);
+ }
+
+ @Test
+ public void tagNotPermittedWhenDeclaredAtRoot() {
+ initParams.put("permittedTaglibs", "urn:none");
+ String xmlView = "<jsp:root xmlns:jsp='http://java.sun.com/JSP/Page'
xmlns:x='urn:test'
xmlns:p='http://jakarta.apache.org/taglibs/standard/permittedTaglibs'></jsp:root>";
+ expect(page.getInputStream()).andStubReturn(new
StringBufferInputStream(xmlView));
+
+ replay(page);
+ tlv.setInitParameters(initParams);
+ ValidationMessage[] messages = tlv.validate(null, URI, page);
+ assertNotNull(messages);
+ assertEquals(1, messages.length);
+ }
+
+ @Ignore("https://issues.apache.org/bugzilla/show_bug.cgi?id=57290";)
+ @Test
+ public void tagNotPermittedWhenDeclaredInPage() {
+ initParams.put("permittedTaglibs", "urn:none");
+ // In the page for this XML view, 'd' and 'x' are taglibs but 'o' is
not
+ String xmlView = "<?xml version='1.0' encoding='UTF-8' ?>\n" +
+ "<jsp:root version='2.0'
xmlns:jsp='http://java.sun.com/JSP/Page' jsp:id='0'>\n" +
+ "<jsp:directive.page jsp:id='1' pageEncoding='UTF-8'
contentType='text/xml;charset=UTF-8'/>\n" +
+ "<o:doc xmlns:d='urn:dump' xmlns:o='urn:out' jsp:id='2'>\n" +
+ " <x:hello xmlns:x='urn:jsptagdir:/WEB-INF/tags/test'
jsp:id='3'/>\n" +
+ "</o:doc>\n" +
+ "</jsp:root>";
+ expect(page.getInputStream()).andStubReturn(new
StringBufferInputStream(xmlView));
+
+ replay(page);
+ tlv.setInitParameters(initParams);
+ ValidationMessage[] messages = tlv.validate(null, URI, page);
+ assertNotNull(messages);
+ assertEquals(1, messages.length);
+ }
+
+
+}
Propchange:
tomcat/taglibs/standard/trunk/spec/src/test/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLVTest.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
