Applied rules to URL that are enforced by browsers/queuefront

Author: malaqueueit

QueueIT.Security/src/queueit/security/DefaultKnownUserUrlProvider.java

@@ -81,14 +81,40 @@ private void parseRequest(HttpServletRequest request) {
         if (request != null) {
             StringBuffer requestURL = request.getRequestURL();
             String queryString = request.getQueryString();
+            
+            String url = null;
 
             if (queryString == null) {
-                this.requestUrl = requestURL.toString();
+                url = requestURL.toString();
             } else {
-                this.requestUrl = requestURL.append('?').append(queryString).toString();
+                url = requestURL.append('?').append(queryString).toString();
             }
 
+            this.requestUrl = RemovePort443OnHttps(RemovePort80OnHttp(UrlMustHaveSlashAfterDomain(url)));
+            
             this.querystringParms = request.getParameterMap();
         }
     }
+    
+    private static String RemovePort443OnHttps(String url)
+    {
+        return url.replaceFirst("^(https://[^/\\?]*):443/", "$1/");
+    }
+
+    private static String RemovePort80OnHttp(String url)
+    {
+        return url.replaceFirst("^(http://[^/\\?]*):80/", "$1/");
+    }
+
+    private static String UrlMustHaveSlashAfterDomain(String url)
+    {
+        // ? comes right after domain but there is no slash between them (http://example.com?a=b => http://example.com/?a=b)
+        url = url.replaceFirst("^(http(s)?://[^/\\?]*)\\?", "$1/?");
+
+        // url with no path / querystring that does not end with / (http://example.com => http://example.com/)
+        url = url.replaceFirst("^(http(s)?://[^/\\?]*)$", "$1/");
+
+        return url;
+    }
+
 }

QueueIT.Security/test/queueit/security/DefaultKnownUserUrlProviderTest.java

@@ -48,6 +48,90 @@ public void DefaultKnownUserUrlProvider_GetUrl_Test() {
         assertEquals(expectedUrl, actualUrl.toString());       
     }
 
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_MissingSlash_Test() {
+        
+        String expectedUrl = "http://some.url/";
+        
+        HttpServletRequest request = new MockHttpServletRequest("http://some.url");
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+    
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_MissingSlashAndQuerystring_Test() {
+        
+        String expectedUrl = "http://some.url/?sed=sdd";
+        
+        HttpServletRequest request = new MockHttpServletRequest("http://some.url?sed=sdd");
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+    
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_HttpWithPort80_Test() {
+        
+        String expectedUrl = "http://some.url/somepath/default.aspx?x=sdfs";
+        
+        HttpServletRequest request = new MockHttpServletRequest("http://some.url:80/somepath/default.aspx?x=sdfs");
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_HttpWithPort443_Test() {
+        
+        String expectedUrl = "http://some.url:443/somepath/default.aspx?x=sdfs";
+        
+        HttpServletRequest request = new MockHttpServletRequest(expectedUrl);
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+    
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_HttpsWithPort443_Test() {
+        
+        String expectedUrl = "https://some.url/somepath/default.aspx?x=sdfs";
+        
+        HttpServletRequest request = new MockHttpServletRequest("https://some.url:443/somepath/default.aspx?x=sdfs");
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+    
+    @Test
+    public void DefaultKnownUserUrlProvider_GetUrl_HttpsWithPort80_Test() {
+        
+        String expectedUrl = "https://some.url:80/somepath/default.aspx?x=sdfs";
+        
+        HttpServletRequest request = new MockHttpServletRequest(expectedUrl);
+        RequestContext.newInstance(request, null);
+        
+        DefaultKnownUserUrlProvider provider = new DefaultKnownUserUrlProvider();
+        String actualUrl = provider.getUrl();
+        
+        assertEquals(expectedUrl, actualUrl.toString());       
+    }
+    
     @Test
     public void DefaultKnownUserUrlProvider_GetUrl_SpecialChars_Test() {