This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch fix/WW-5374-context
in repository https://gitbox.apache.org/repos/asf/struts.git
commit dc96c257d4198f1b255728f878c48840de13a3f4
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Wed Jan 17 13:22:09 2024 +0100
WW-5374 Allows to prepend reportUri with Servlet context
---
.../struts2/interceptor/csp/CspInterceptor.java | 42 ++++++++++++++++------
.../struts2/interceptor/CspInterceptorTest.java | 37 +++++++++++++------
2 files changed, 57 insertions(+), 22 deletions(-)
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
index 8e4356646..aca583a32 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
@@ -43,7 +43,8 @@ public final class CspInterceptor extends AbstractInterceptor
{
private static final Logger LOG =
LogManager.getLogger(CspInterceptor.class);
- private Boolean enforcingMode;
+ private boolean prependServletContext = true;
+ private boolean enforcingMode;
private String reportUri;
@Override
@@ -60,17 +61,22 @@ public final class CspInterceptor extends
AbstractInterceptor {
}
private void applySettings(ActionInvocation invocation, CspSettings
cspSettings) {
- if (enforcingMode != null) {
- LOG.trace("Applying: {} to enforcingMode", enforcingMode);
- cspSettings.setEnforcingMode(enforcingMode);
- }
+ HttpServletRequest request =
invocation.getInvocationContext().getServletRequest();
+ HttpServletResponse response =
invocation.getInvocationContext().getServletResponse();
+
+ LOG.trace("Applying: {} to enforcingMode", enforcingMode);
+ cspSettings.setEnforcingMode(enforcingMode);
+
if (reportUri != null) {
LOG.trace("Applying: {} to reportUri", reportUri);
- cspSettings.setReportUri(reportUri);
- }
+ String finalReportUri = reportUri;
- HttpServletRequest request =
invocation.getInvocationContext().getServletRequest();
- HttpServletResponse response =
invocation.getInvocationContext().getServletResponse();
+ if (prependServletContext && (request.getContextPath() != null) &&
(!request.getContextPath().isEmpty())) {
+ finalReportUri = request.getContextPath() + finalReportUri;
+ }
+
+ cspSettings.setReportUri(finalReportUri);
+ }
invocation.addPreResultListener((actionInvocation, resultCode) -> {
LOG.trace("Applying CSP header: {} to the request", cspSettings);
@@ -99,8 +105,22 @@ public final class CspInterceptor extends
AbstractInterceptor {
}
}
- public void setEnforcingMode(String value) {
- this.enforcingMode = Boolean.parseBoolean(value);
+ /**
+ * Enables enforcing mode, by default all exceptions are only reported
+ *
+ * @param enforcingMode <tt>true</tt> to enable enforcing mode,
<tt>false</tt> to keep reporting mode.
+ */
+ public void setEnforcingMode(boolean enforcingMode) {
+ this.enforcingMode = enforcingMode;
+ }
+
+ /**
+ * Sets whether to prepend the servlet context path to the {@link
#reportUri}.
+ *
+ * @param prependServletContext true</tt> to prepend the location with the
servlet context path, <tt>false</tt> otherwise.
+ */
+ public void setPrependServletContext(boolean prependServletContext) {
+ this.prependServletContext = prependServletContext;
}
}
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java
index 2811b289f..38ef25b82 100644
--- a/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java
+++ b/core/src/test/java/org/apache/struts2/interceptor/CspInterceptorTest.java
@@ -22,6 +22,7 @@ import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.mock.MockActionInvocation;
import org.apache.logging.log4j.util.Strings;
import org.apache.struts2.StrutsInternalTestCase;
+import org.apache.struts2.TestAction;
import org.apache.struts2.action.CspSettingsAware;
import org.apache.struts2.dispatcher.SessionMap;
import org.apache.struts2.interceptor.csp.CspInterceptor;
@@ -45,7 +46,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
public void
test_whenRequestReceived_thenNonceIsSetInSession_andCspHeaderContainsIt()
throws Exception {
String reportUri = "/barfoo";
- String reporting = "false";
+ boolean reporting = false;
interceptor.setReportUri(reportUri);
interceptor.setEnforcingMode(reporting);
@@ -58,7 +59,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
public void
test_whenNonceAlreadySetInSession_andRequestReceived_thenNewNonceIsSet() throws
Exception {
String reportUri = "https://www.google.com/";;
- String enforcingMode = "true";
+ boolean enforcingMode = true;
interceptor.setReportUri(reportUri);
interceptor.setEnforcingMode(enforcingMode);
session.setAttribute("nonce", "foo");
@@ -73,7 +74,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
public void testEnforcingCspHeadersSet() throws Exception {
String reportUri = "/csp-reports";
- String enforcingMode = "true";
+ boolean enforcingMode = true;
interceptor.setReportUri(reportUri);
interceptor.setEnforcingMode(enforcingMode);
session.setAttribute("nonce", "foo");
@@ -88,7 +89,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
public void testReportingCspHeadersSet() throws Exception {
String reportUri = "/csp-reports";
- String enforcingMode = "false";
+ boolean enforcingMode = false;
interceptor.setReportUri(reportUri);
interceptor.setEnforcingMode(enforcingMode);
session.setAttribute("nonce", "foo");
@@ -101,7 +102,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
}
public void test_uriSetOnlyWhenSetIsCalled() throws Exception {
- String enforcingMode = "false";
+ boolean enforcingMode = false;
interceptor.setEnforcingMode(enforcingMode);
interceptor.intercept(mai);
@@ -115,7 +116,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
}
public void testCannotParseUri() {
- String enforcingMode = "false";
+ boolean enforcingMode = false;
interceptor.setEnforcingMode(enforcingMode);
try {
@@ -127,7 +128,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
}
public void testCannotParseRelativeUri() {
- String enforcingMode = "false";
+ boolean enforcingMode = false;
interceptor.setEnforcingMode(enforcingMode);
try {
@@ -139,13 +140,27 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
}
public void testCustomPreResultListener() throws Exception {
+ boolean enforcingMode = false;
mai.setAction(new CustomerCspAction("/report-uri"));
- interceptor.setEnforcingMode("false");
+ interceptor.setEnforcingMode(enforcingMode);
+ interceptor.intercept(mai);
+ checkHeader("/report-uri", enforcingMode);
+ }
+
+ public void testPrependContext() throws Exception {
+ boolean enforcingMode = true;
+ mai.setAction(new TestAction());
+ request.setContextPath("/app");
+
+ interceptor.setEnforcingMode(enforcingMode);
+ interceptor.setReportUri("/report-uri");
+
interceptor.intercept(mai);
- checkHeader("/report-uri", "false");
+
+ checkHeader("/app/report-uri", enforcingMode);
}
- public void checkHeader(String reportUri, String enforcingMode) {
+ public void checkHeader(String reportUri, boolean enforcingMode) {
String expectedCspHeader;
if (Strings.isEmpty(reportUri)) {
expectedCspHeader = String.format("%s '%s'; %s 'nonce-%s' '%s' %s
%s; %s '%s'; ",
@@ -163,7 +178,7 @@ public class CspInterceptorTest extends
StrutsInternalTestCase {
}
String header;
- if (enforcingMode.equals("true")) {
+ if (enforcingMode) {
header = response.getHeader(CspSettings.CSP_ENFORCE_HEADER);
} else {
header = response.getHeader(CspSettings.CSP_REPORT_HEADER);
