use of io.undertow.server.handlers.CanonicalPathHandler in project undertow by undertow-io.
the class FileHandlerSymlinksTestCase method testExplicitAccessSymlinkGranted.
@Test
public void testExplicitAccessSymlinkGranted() throws IOException, URISyntaxException {
TestHttpClient client = new TestHttpClient();
Path rootPath = Paths.get(getClass().getResource("page.html").toURI()).getParent();
Path newSymlink = rootPath.resolve("newSymlink");
try {
DefaultServer.setRootHandler(new CanonicalPathHandler().setNext(new PathHandler().addPrefixPath("/path", new ResourceHandler(new PathResourceManager(newSymlink, 10485760, true, "/")).setDirectoryListingEnabled(false).addWelcomeFiles("page.html"))));
/**
* This request should return a 200 code as "/" can be used to grant all symbolic links paths
*/
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/innerSymlink/page.html");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
final String response = HttpClientUtils.readResponse(result);
Header[] headers = result.getHeaders("Content-Type");
Assert.assertEquals("text/html", headers[0].getValue());
Assert.assertTrue(response, response.contains("A web page"));
} finally {
client.getConnectionManager().shutdown();
}
}
use of io.undertow.server.handlers.CanonicalPathHandler in project undertow by undertow-io.
the class FileHandlerSymlinksTestCase method testDefaultAccessSymlinkDenied.
@Test
public void testDefaultAccessSymlinkDenied() throws IOException, URISyntaxException {
TestHttpClient client = new TestHttpClient();
Path rootPath = Paths.get(getClass().getResource("page.html").toURI()).getParent();
Path newSymlink = rootPath.resolve("newSymlink");
try {
DefaultServer.setRootHandler(new CanonicalPathHandler().setNext(new PathHandler().addPrefixPath("/path", new ResourceHandler(new PathResourceManager(newSymlink, 10485760)).setDirectoryListingEnabled(false).addWelcomeFiles("page.html"))));
/**
* This request should return a 404 error, as path contains a symbolic link and by default followLinks is false
*/
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/innerSymlink/");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.NOT_FOUND, result.getStatusLine().getStatusCode());
} finally {
client.getConnectionManager().shutdown();
}
}
use of io.undertow.server.handlers.CanonicalPathHandler in project undertow by undertow-io.
the class FileHandlerSymlinksTestCase method testRelativePathSymlinkFilter.
@Test
public void testRelativePathSymlinkFilter() throws IOException, URISyntaxException {
TestHttpClient client = new TestHttpClient();
Path rootPath = Paths.get(getClass().getResource("page.html").toURI()).getParent();
Path newSymlink = rootPath.resolve("newSymlink");
try {
DefaultServer.setRootHandler(new CanonicalPathHandler().setNext(new PathHandler().addPrefixPath("/path", new ResourceHandler(new PathResourceManager(newSymlink, 10485760, true, "innerDir")).setDirectoryListingEnabled(false).addWelcomeFiles("page.html"))));
/**
* This request should return a 200, innerSymlink is a symlink pointed to innerDir
*/
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/innerSymlink/page.html");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
} finally {
client.getConnectionManager().shutdown();
}
}
use of io.undertow.server.handlers.CanonicalPathHandler in project undertow by undertow-io.
the class FileHandlerSymlinksTestCase method testResourceManagerBaseSymlink.
@Test
public void testResourceManagerBaseSymlink() throws IOException, URISyntaxException {
TestHttpClient client = new TestHttpClient();
Path rootPath = Paths.get(getClass().getResource("page.html").toURI()).getParent();
Path newSymlink = rootPath.resolve("newSymlink");
try {
DefaultServer.setRootHandler(new CanonicalPathHandler().setNext(new PathHandler().addPrefixPath("/path", new ResourceHandler(new PathResourceManager(newSymlink, 10485760, true, "")).setDirectoryListingEnabled(false).addWelcomeFiles("page.html"))));
/**
* This request should return a 200, base is a symlink but it should not be checked in the symlinks filter
*/
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/page.html");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
/**
* A readResponse() is needed in order to release connection and execute next get.
*/
HttpClientUtils.readResponse(result);
/**
* This request should return a 404 code as rootPath + "/innerSymlink" is not matching in symlinks filter"
*/
get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/innerSymlink/page.html");
result = client.execute(get);
Assert.assertEquals(StatusCodes.NOT_FOUND, result.getStatusLine().getStatusCode());
} finally {
client.getConnectionManager().shutdown();
}
}
use of io.undertow.server.handlers.CanonicalPathHandler in project undertow by undertow-io.
the class FileHandlerSymlinksTestCase method testExplicitAccessSymlinkDeniedUsingSpecificFilters.
@Test
public void testExplicitAccessSymlinkDeniedUsingSpecificFilters() throws IOException, URISyntaxException {
TestHttpClient client = new TestHttpClient();
Path rootPath = Paths.get(getClass().getResource("page.html").toURI()).getParent();
Path newSymlink = rootPath.resolve("newSymlink");
try {
DefaultServer.setRootHandler(new CanonicalPathHandler().setNext(new PathHandler().addPrefixPath("/path", new ResourceHandler(new PathResourceManager(newSymlink, 10485760, true, rootPath.toAbsolutePath().toString().concat("/otherDir"))).setDirectoryListingEnabled(false).addWelcomeFiles("page.html"))));
/**
* This request should return a 404 code as rootPath + "/otherDir" doesnt match in rootPath + "/path/innerSymlink/page.html"
*/
HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/path/innerSymlink/page.html");
HttpResponse result = client.execute(get);
Assert.assertEquals(StatusCodes.NOT_FOUND, result.getStatusLine().getStatusCode());
} finally {
client.getConnectionManager().shutdown();
}
}
Aggregations