FELIX-6688 - Context path of outer servlet container is not respected for authentication (#306)
Co-authored-by: Sagar Miglani <saga@adobe.com>
diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
index 966e588..4f8b9fc 100644
--- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
+++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
@@ -791,7 +791,7 @@
}
if (this.servletContextRegistration == null) {
- final ServletContextHelper httpContext = new OsgiManagerHttpContext(this.bundleContext.getBundle(), securityProviderTracker);
+ final ServletContextHelper httpContext = new OsgiManagerHttpContext(this.bundleContext.getBundle(), securityProviderTracker, this.webManagerRoot);
final Dictionary<String, Object> props = new Hashtable<>();
if (httpServiceSelector != null) {
props.put(HttpWhiteboardConstants.HTTP_WHITEBOARD_TARGET, httpServiceSelector);
diff --git a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java
index bbf104b..c5fcc5f 100644
--- a/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java
+++ b/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java
@@ -35,11 +35,14 @@
private final Bundle bundle;
+ private final String webManagerRoot;
+
OsgiManagerHttpContext(final Bundle webConsoleBundle,
- final ServiceTracker<SecurityProvider, SecurityProvider> tracker) {
+ final ServiceTracker<SecurityProvider, SecurityProvider> tracker, final String webManagerRoot) {
super(webConsoleBundle);
this.tracker = tracker;
this.bundle = webConsoleBundle;
+ this.webManagerRoot = webManagerRoot;
}
public URL getResource(final String name) {
@@ -60,12 +63,14 @@
@Override
public String getContextPath() {
- return "";
+ int managerRootIndex = r.getContextPath().lastIndexOf(webManagerRoot);
+ return r.getContextPath().substring(0, managerRootIndex);
}
@Override
public String getServletPath() {
- return r.getContextPath();
+ int managerRootIndex = r.getContextPath().lastIndexOf(webManagerRoot);
+ return r.getContextPath().substring(managerRootIndex);
}
@Override
diff --git a/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java b/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java
new file mode 100644
index 0000000..cb40c49
--- /dev/null
+++ b/webconsole/src/test/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContextTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.felix.webconsole.internal.servlet;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.felix.webconsole.spi.SecurityProvider;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+import org.osgi.framework.Bundle;
+import org.osgi.util.tracker.ServiceTracker;
+
+import static org.junit.Assert.assertEquals;
+
+public class OsgiManagerHttpContextTest {
+
+ @Test
+ public void testPathsInHandleSecurity() throws Exception {
+
+ Bundle bundle = Mockito.mock(Bundle.class);
+ SecurityProvider provider = Mockito.mock(SecurityProvider.class);
+ ServiceTracker<SecurityProvider, SecurityProvider> tracker = Mockito.mock(ServiceTracker.class);
+ Mockito.when(tracker.getService()).thenReturn(provider);
+
+ OsgiManagerHttpContext ctx = new OsgiManagerHttpContext(bundle, tracker, "/system/console");
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+ Mockito.when(request.getContextPath()).thenReturn("/ctx/path/system/console");
+ Mockito.when(request.getServletPath()).thenReturn("/bin/servlet");
+
+
+ ctx.handleSecurity(request, response);
+
+ ArgumentCaptor<HttpServletRequest> authenticationRequest = ArgumentCaptor.forClass(HttpServletRequest.class);
+ ArgumentCaptor<HttpServletResponse> authenticationResponse = ArgumentCaptor.forClass(HttpServletResponse.class);
+ Mockito.verify(provider, Mockito.times(1)).authenticate(authenticationRequest.capture(), authenticationResponse.capture());
+
+ assertEquals("/ctx/path", authenticationRequest.getValue().getContextPath());
+ assertEquals("/system/console", authenticationRequest.getValue().getServletPath());
+ assertEquals("/bin/servlet", authenticationRequest.getValue().getPathInfo());
+ assertEquals(response, authenticationResponse.getValue());
+ }
+
+}
