[CONF] Confluence Changes in the last 24 hours
- This is a daily summary of all recent changes in Confluence. - Updated Spaces: - Apache Felix (FELIX) http://cwiki.apache.org/confluence/display/FELIX | |-Pages Added or Edited in This Space |-- Apache Felix Remote Shell was last edited by fmeschbe (12:31 AM). | http://cwiki.apache.org/confluence/display/FELIX/Apache+Felix+Remote+Shell |-- Felix R4 contributions was last edited by fmeschbe (12:29 AM). | http://cwiki.apache.org/confluence/display/FELIX/Felix+R4+contributions Apache Geronimo Documentation (geronimo) http://cwiki.apache.org/confluence/display/geronimo | |-Pages Added or Edited in This Space |-- Index was last edited by jbohn (01:26 PM). | http://cwiki.apache.org/confluence/display/geronimo/Index OpenEJB (OPENEJB) http://cwiki.apache.org/confluence/display/OPENEJB | |-Pages Added or Edited in This Space |-- Functional testing with OpenEJB, Jetty and Selenium was created by jgallimore (02:01 PM). | http://cwiki.apache.org/confluence/display/OPENEJB/Functional+testing+with+OpenEJB%2C+Jetty+and+Selenium Apache CXF Documentation (CXF20DOC) http://cwiki.apache.org/confluence/display/CXF20DOC | |-Pages Added or Edited in This Space |-- Aegis Default Mappings was created by [EMAIL PROTECTED] (06:29 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Aegis+Default+Mappings |-- AppServerGuide was last edited by [EMAIL PROTECTED] (06:12 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/AppServerGuide |-- How do I develop a service? was last edited by [EMAIL PROTECTED] (06:10 PM). | http://cwiki.apache.org/confluence/pages/viewpage.action?pageId=59841 |-- Aegis (2.1) was last edited by [EMAIL PROTECTED] (06:02 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Aegis+%282.1%29 |-- MTOM Attachments with JAXB was last edited by [EMAIL PROTECTED] (04:48 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/MTOM+Attachments+with+JAXB |-- How do I integrate my application with CXF was last edited by [EMAIL PROTECTED] (04:48 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/How+do+I+integrate+my+application+with+CXF |-- Index was last edited by [EMAIL PROTECTED] (04:48 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Index |-- Idea for new Index was last edited by [EMAIL PROTECTED] (04:48 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Idea+for+new+Index |-- XFire Migration Guide was last edited by [EMAIL PROTECTED] (04:48 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/XFire+Migration+Guide |-- DataBindings was last edited by [EMAIL PROTECTED] (04:46 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/DataBindings |-- Aegis Databinding (2.0.x) was last edited by [EMAIL PROTECTED] (04:46 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Aegis+Databinding+%282.0.x%29 |-- Simple Frontend was last edited by [EMAIL PROTECTED] (04:44 PM). | http://cwiki.apache.org/confluence/display/CXF20DOC/Simple+Frontend |-- Why CXF? was last edited by [EMAIL PROTECTED] (04:44 PM). | http://cwiki.apache.org/confluence/pages/viewpage.action?pageId=59611 Apache Qpid (qpid) http://cwiki.apache.org/confluence/display/qpid | |-Pages Added or Edited in This Space |-- Qpid Integrations was created by rajith (02:15 PM). | http://cwiki.apache.org/confluence/display/qpid/Qpid+Integrations |-- Acknowledgment was last edited by rajith (02:01 PM). | http://cwiki.apache.org/confluence/display/qpid/Acknowledgment Apache ActiveMQ (ACTIVEMQ) http://cwiki.apache.org/confluence/display/ACTIVEMQ | |-Pages Added or Edited in This Space |-- Discovery was last edited by jstrachan (11:06 AM). | http://cwiki.apache.org/confluence/display/ACTIVEMQ/Discovery |-- VM Transport Reference was last edited by gtully (01:27 AM). | http://cwiki.apache.org/confluence/display/ACTIVEMQ/VM+Transport+Reference Apache Geronimo v2.2 (GMOxDOC22) http://cwiki.apache.org/confluence/display/GMOxDOC22 | |-Pages Added or Edited in This Space |-- What changed in 2.2 was last edited by jbohn (01:37 PM). | http://cwiki.apache.org/confluence/display/GMOxDOC22/What+changed+in+2.2 |-- Documentation was last edited by jbohn (01:37 PM). | http://cwiki.apache.org/confluence/display/GMOxDOC22/Documentation |-- Quick start - fast and easy development was last edited by mcconne (11:37 AM). | http://cwiki.apache.org/confluence/display/GMOxDOC22/Quick+start+-+fast+and+easy+development Apache Lucene Mahout (MAHOUT) http://cwiki.apache.org/confluence/display/MAHOUT | |-Pages Added or Edited in This Space |-- Fuzzy K-Means was created by pallavipalleti (11:30 PM). | http://cwiki.apache.org/confluence/display/MAHOUT/Fuzzy+K-Means Apache Struts 2 Wiki (S2WIKI) http://cwiki.apache.org/confl
svn commit: r687804 - in /struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent: ./ StaticContentTest.java
Author: musachy
Date: Thu Aug 21 10:11:16 2008
New Revision: 687804
URL: http://svn.apache.org/viewvc?rev=687804&view=rev
Log:
Add content loader test
Added:
struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/
struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/StaticContentTest.java
Added:
struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/StaticContentTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/StaticContentTest.java?rev=687804&view=auto
==
---
struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/StaticContentTest.java
(added)
+++
struts/struts2/trunk/apps/showcase/src/test/java/it/org/apache/struts2/showcase/staticcontent/StaticContentTest.java
Thu Aug 21 10:11:16 2008
@@ -0,0 +1,37 @@
+package it.org.apache.struts2.showcase.staticcontent;
+
+import it.org.apache.struts2.showcase.ITBaseTest;
+
+import java.io.IOException;
+
+import net.sourceforge.jwebunit.exception.TestingEngineResponseException;
+
+public class StaticContentTest extends ITBaseTest {
+
+public void testInvalidRersources1() throws IOException {
+try {
+beginAt("/struts..");
+fail("Previous request should have failed");
+} catch (TestingEngineResponseException ex) {
+// ok
+}
+}
+
+public void testInvalidRersources2() throws IOException {
+try {
+beginAt("/struts/..%252f");
+fail("Previous request should have failed");
+} catch (TestingEngineResponseException ex) {
+// ok
+}
+}
+
+public void testInvalidRersources3() throws IOException {
+try {
+
beginAt("/struts/..%252f..%252f..%252fWEB-INF/classes/org/apache/struts2/showcase/action/EmployeeAction.class/");
+fail("Previous request should have failed");
+} catch (TestingEngineResponseException ex) {
+// ok
+}
+}
+}
svn commit: r687805 - in /struts/struts2/trunk/core/src/test: java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java resources/org/apache/struts2/static/ resources/org/apache/struts2/static/r
Author: musachy
Date: Thu Aug 21 10:11:37 2008
New Revision: 687805
URL: http://svn.apache.org/viewvc?rev=687805&view=rev
Log:
Add content loader test
Added:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/static/
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/static/resource.css
Added:
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java?rev=687805&view=auto
==
---
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
(added)
+++
struts/struts2/trunk/core/src/test/java/org/apache/struts2/dispatcher/StaticContentLoaderTest.java
Thu Aug 21 10:11:37 2008
@@ -0,0 +1,92 @@
+/*
+ * $Id: ServletDispatchedTestAssertInterceptor.java 651946 2008-04-27
13:41:38Z apetrelli $
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.dispatcher;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestCase;
+
+import org.apache.struts2.dispatcher.ng.HostConfig;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockServletContext;
+
+import com.mockobjects.dynamic.C;
+import com.mockobjects.dynamic.Mock;
+
+
+public class StaticContentLoaderTest extends TestCase {
+
+private DefaultStaticContentLoader contentLoader;
+private MockHttpServletRequest req;
+private MockHttpServletResponse res;
+
+public void testCantHandleWithoutServingStatic() {
+StaticContentLoader contentLoader = new DefaultStaticContentLoader();
+
+assertFalse(contentLoader.canHandle("/static/test1.css"));
+assertFalse(contentLoader.canHandle("/struts/test1.css"));
+assertFalse(contentLoader.canHandle("test1.css"));
+}
+
+public void testCanHandle() {
+DefaultStaticContentLoader contentLoader = new
DefaultStaticContentLoader();
+contentLoader.setServeStaticContent("true");
+
+assertTrue(contentLoader.canHandle("/static/test1.css"));
+assertTrue(contentLoader.canHandle("/struts/test1.css"));
+assertFalse(contentLoader.canHandle("test1.css"));
+}
+
+public void testValidRersources() throws IOException {
+contentLoader.findStaticResource("/struts/resource.css", req, res);
+assertEquals("heya!", res.getContentAsString());
+}
+
+public void testInvalidRersources1() throws IOException {
+contentLoader.findStaticResource("/struts..", req, res);
+assertEquals(HttpServletResponse.SC_NOT_FOUND, res.getStatus());
+assertEquals(0, res.getContentLength());
+}
+
+@Override
+protected void setUp() throws Exception {
+super.setUp();
+
+this.contentLoader = new DefaultStaticContentLoader();
+MockServletContext servletContext = new MockServletContext();
+req = new MockHttpServletRequest(servletContext);
+res = new MockHttpServletResponse();
+
+
+Mock hostConfigMock = new Mock(HostConfig.class);
+hostConfigMock.expectAndReturn("getInitParameter",
C.args(C.eq("packages")), null);
+hostConfigMock.expectAndReturn("getInitParameter",
C.args(C.eq("loggerFactory")), null);
+
+contentLoader.setEncoding("utf-8");
+
+contentLoader.setHostConfig((HostConfig) hostConfigMock.proxy());
+}
+
+
+}
Added:
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/static/resource.css
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/test/resources/org/apache/struts2/static/resource.css?rev=687805&view=auto
==
---
struts/struts2/trunk/core/src/test/resources/org/apache/struts2/static/resource.css
(added)
+++
struts/struts2/trunk/core/src/test/resources/org/
svn commit: r687847 - /struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java
Author: rgielen
Date: Thu Aug 21 13:16:02 2008
New Revision: 687847
URL: http://svn.apache.org/viewvc?rev=687847&view=rev
Log:
Javadoc fix
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java
Modified:
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java?rev=687847&r1=687846&r2=687847&view=diff
==
---
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java
(original)
+++
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/StaticContentLoader.java
Thu Aug 21 13:16:02 2008
@@ -29,20 +29,17 @@
/**
* Interface for loading static resources, based on a path
- *
*/
public interface StaticContentLoader {
/**
- * @param path
- *Requested resource path
+ * @param path Requested resource path
* @return true if this loader is able to load this type of resource,
false otherwise
*/
public boolean canHandle(String path);
/**
- * @param filterConfig
- *The filter configuration
+ * @param filterConfig The filter configuration
*/
public abstract void setHostConfig(HostConfig filterConfig);
@@ -50,14 +47,10 @@
* Locate a static resource and copy directly to the response, setting the
* appropriate caching headers.
*
- * @param name
- *The resource name
- * @param request
- *The request
- * @param response
- *The response
- * @throws IOException
- * If anything goes wrong
+ * @param path The resource name
+ * @param request The request
+ * @param response The response
+ * @throws IOException If anything goes wrong
*/
public abstract void findStaticResource(String path, HttpServletRequest
request, HttpServletResponse response)
throws IOException;
svn propchange: r687425 - svn:log
Author: musachy Revision: 687425 Modified property: svn:log Modified: svn:log at Thu Aug 21 14:51:24 2008 -- --- svn:log (original) +++ svn:log Thu Aug 21 14:51:24 2008 @@ -1 +1 @@ -Improve static resource handling +WW-2779 Directory traversal vulnerability while serving static content
svn commit: r687874 - /struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java
Author: rgielen
Date: Thu Aug 21 14:56:46 2008
New Revision: 687874
URL: http://svn.apache.org/viewvc?rev=687874&view=rev
Log:
WW-2779:
Applying Musachy's fix to 2.0.x branch
Modified:
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java
Modified:
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java
URL:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java?rev=687874&r1=687873&r2=687874&view=diff
==
---
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java
(original)
+++
struts/struts2/branches/STRUTS_2_0_X/core/src/main/java/org/apache/struts2/dispatcher/FilterDispatcher.java
Thu Aug 21 14:56:46 2008
@@ -23,7 +23,9 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
+import java.net.URL;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Enumeration;
@@ -431,62 +433,31 @@
* Locate a static resource and copy directly to the response,
* setting the appropriate caching headers.
*
- * @param name The resource name
+ * @param path The resource path
* @param request The request
* @param response The response
* @throws IOException If anything goes wrong
*/
-protected void findStaticResource(String name, HttpServletRequest request,
HttpServletResponse response) throws IOException {
-if (!name.endsWith(".class")) {
-for (String pathPrefix : pathPrefixes) {
-InputStream is = findInputStream(name, pathPrefix);
+public void findStaticResource(String path, HttpServletRequest request,
HttpServletResponse response)
+throws IOException {
+String name = cleanupPath(path);
+for (String pathPrefix : pathPrefixes) {
+URL resourceUrl = findResource(buildPath(name, pathPrefix));
+if (resourceUrl != null) {
+InputStream is = null;
+try {
+//check that the resource path is under the pathPrefix path
+String pathEnding = buildPath(name, pathPrefix);
+if (resourceUrl.getFile().endsWith(pathEnding))
+is = resourceUrl.openStream();
+} catch (Exception ex) {
+// just ignore it
+continue;
+}
+
+//not inside the try block, as this could throw IOExceptions
also
if (is != null) {
-Calendar cal = Calendar.getInstance();
-
-// check for if-modified-since, prior to any other headers
-long ifModifiedSince = 0;
-try {
- ifModifiedSince =
request.getDateHeader("If-Modified-Since");
-} catch (Exception e) {
- LOG.warn("Invalid If-Modified-Since header value: '" +
request.getHeader("If-Modified-Since") + "', ignoring");
-}
- long lastModifiedMillis =
lastModifiedCal.getTimeInMillis();
- long now = cal.getTimeInMillis();
-cal.add(Calendar.DAY_OF_MONTH, 1);
-long expires = cal.getTimeInMillis();
-
- if (ifModifiedSince > 0 && ifModifiedSince <=
lastModifiedMillis) {
- // not modified, content is not sent -
only basic headers and status SC_NOT_MODIFIED
-response.setDateHeader("Expires", expires);
-
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
- is.close();
- return;
- }
-
- // set the content-type header
-String contentType = getContentType(name);
-if (contentType != null) {
-response.setContentType(contentType);
-}
-
-if (serveStaticBrowserCache) {
- // set heading information for caching static content
-response.setDateHeader("Date", now);
-response.setDateHeader("Expires", expires);
-response.setDateHeader("Retry-After", expires);
-response.setHeader("Cache-Control", "public");
-response.setDateHeader("Last-Modified",
lastModifiedMillis);
-} else {
-
