public void NoAllowFromSpecified()
{
string policy = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<grant-to>
<socket-resource port=""4502-4531"" protocol=""tcp"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(p4519), "http / 4502");
Assert.IsFalse(cap.IsAllowed(p4520), "http / 4531");
ClientAccessPolicy.ApplicationUri = https;
Assert.IsFalse(cap.IsAllowed(p4519), "https / 4503");
Assert.IsFalse(cap.IsAllowed(p4520), "https / 4530");
ClientAccessPolicy.ApplicationUri = file;
Assert.IsFalse(cap.IsAllowed(p4519), "file / 4504");
Assert.IsFalse(cap.IsAllowed(p4520), "file / 4529");
ClientAccessPolicy.ApplicationUri = http_non_standard_port;
Assert.IsFalse(cap.IsAllowed(p4502), "http:8080 / 4505");
Assert.IsFalse(cap.IsAllowed(p4503), "http:8080 / 4528");
}
public void NoGrantTo()
{
string policy = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""*"" />
</allow-from>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(p4519), "http / 4502");
Assert.IsFalse(cap.IsAllowed(p4520), "http / 4531");
ClientAccessPolicy.ApplicationUri = https;
Assert.IsFalse(cap.IsAllowed(p4519), "https / 4503");
Assert.IsFalse(cap.IsAllowed(p4520), "https / 4530");
ClientAccessPolicy.ApplicationUri = file;
Assert.IsFalse(cap.IsAllowed(p4519), "file / 4504");
Assert.IsFalse(cap.IsAllowed(p4520), "file / 4529");
ClientAccessPolicy.ApplicationUri = http_non_standard_port;
Assert.IsFalse(cap.IsAllowed(p4502), "http:8080 / 4505");
Assert.IsFalse(cap.IsAllowed(p4503), "http:8080 / 4528");
}
public void SocketSingleAllowLocalOnly()
{
string policy = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""file:///"" />
</allow-from>
<grant-to>
<socket-resource port=""4520"" protocol=""tcp"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(p4519), "http / 4519");
Assert.IsFalse(cap.IsAllowed(p4520), "http / 4520");
ClientAccessPolicy.ApplicationUri = https;
Assert.IsFalse(cap.IsAllowed(p4519), "https / 4519");
Assert.IsFalse(cap.IsAllowed(p4520), "https / 4520");
ClientAccessPolicy.ApplicationUri = file;
Assert.IsFalse(cap.IsAllowed(p4519), "file / 4519");
Assert.IsTrue(cap.IsAllowed(p4520), "file / 4520");
}
public void TextBetweenElements_681699()
{
string policy = @"<access-policy>
-
<cross-domain-access>
-
<policy>
-
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
<domain uri=""http://*""/>
</allow-from>
-
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
// note the '-' on the, otherwise empty, lines
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsTrue(cap.IsAllowed(new Uri("http://server/data/file.txt"), "GET", null), "http/granted");
}
public void SocketProtocolCasing()
{
string policy = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<grant-to>
<socket-resource port='4529-4531' protocol='Tcp'/>
</grant-to>
<allow-from>
<domain uri='*'/>
</allow-from>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(p4529), "http / 4529");
ClientAccessPolicy.ApplicationUri = https;
Assert.IsFalse(cap.IsAllowed(p4530), "http / 4530");
ClientAccessPolicy.ApplicationUri = file;
Assert.IsFalse(cap.IsAllowed(p4531), "file / 4531");
}
public void MultiScheme()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""http://*"" />
<domain uri=""https://*"" />
</allow-from>
<grant-to>
<resource path=""/data/"" include-subpaths=""true"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsTrue(cap.IsAllowed(new Uri("http://server/data/file.txt"), "GET", null), "http/granted");
Assert.IsFalse(cap.IsAllowed(new Uri("http://server/file.txt"), "GET", null), "http/not-granted-parent");
Assert.IsTrue(cap.IsAllowed(new Uri("https://server/data/file.txt"), "GET", null), "https/granted");
Assert.IsFalse(cap.IsAllowed(new Uri("https://server/file.txt"), "GET", null), "https/not-granted-parent");
}
public void AllowSuffixRequestHeaders()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*Suffix"">
<domain uri=""*"" />
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsTrue(cap.IsAllowed(http, "GET", null), "null");
Assert.IsTrue(cap.IsAllowed(http, "GET", new string [0]), "none");
Assert.IsTrue(cap.IsAllowed(http, "GET", "Content-Type"), "Content-Type");
Assert.IsTrue(cap.IsAllowed(http, "GET", "content-type"), "content-type");
Assert.IsTrue(cap.IsAllowed(http, "GET", "CONTENT-TYPE"), "CONTENT-TYPE");
Assert.IsFalse(cap.IsAllowed(http, "GET", "Content-*"), "Content-*");
Assert.IsFalse(cap.IsAllowed(http, "GET", "LengthSuffix"), "LengthSuffix");
Assert.IsFalse(cap.IsAllowed(http, "GET", "suffix"), "suffix");
Assert.IsFalse(cap.IsAllowed(http, "GET", "SUFFIX"), "SUFFIX");
}
public void NoRequestHeadersAllowed()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""*"" />
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
// without a http-request-headers no headers (expect for Content-Type) are allowed
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsTrue(cap.IsAllowed(http, "GET", null), "null");
Assert.IsTrue(cap.IsAllowed(http, "GET", new string [0]), "none");
Assert.IsTrue(cap.IsAllowed(http, "GET", "Content-Type"), "Content-Type");
Assert.IsTrue(cap.IsAllowed(http, "GET", "content-type"), "content-type");
Assert.IsTrue(cap.IsAllowed(http, "GET", "CONTENT-TYPE"), "CONTENT-TYPE");
Assert.IsFalse(cap.IsAllowed(http, "GET", "Content-*"), "Content-*");
}
public void AllowSingleHost()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri='http://localhost/'/>
</allow-from>
<grant-to>
<resource path='/' include-subpaths='true'/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
";
// the policy allows callers from http://localhost only
ClientAccessPolicy cap = GetPolicy(policy);
// and this is not localhost, the url we want to access is not helpful
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(new Uri("http://localhost/some/data/file.txt"), "GET", null), "");
Uri localhost = new Uri("http://localhost/local.xap");
ClientAccessPolicy.ApplicationUri = localhost;
Assert.IsTrue(cap.IsAllowed(new Uri("http://localhost/some/data/file.txt"), "GET", null), "");
}
public void All()
{
string policy = @"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri=""*"" />
</allow-from>
<grant-to>
<socket-resource port=""4502-4534"" protocol=""tcp"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsFalse(cap.IsAllowed(p4501), "http / 4501");
Assert.IsTrue(cap.IsAllowed(p4502), "http / 4502");
Assert.IsTrue(cap.IsAllowed(p4503), "http / 4503");
Assert.IsTrue(cap.IsAllowed(p4504), "http / 4504");
Assert.IsTrue(cap.IsAllowed(p4505), "http / 4505");
Assert.IsTrue(cap.IsAllowed(p4506), "http / 4506");
Assert.IsTrue(cap.IsAllowed(p4507), "http / 4507");
Assert.IsTrue(cap.IsAllowed(p4508), "http / 4508");
Assert.IsTrue(cap.IsAllowed(p4509), "http / 4509");
Assert.IsTrue(cap.IsAllowed(p4510), "http / 4510");
Assert.IsTrue(cap.IsAllowed(p4511), "http / 4511");
ClientAccessPolicy.ApplicationUri = https;
Assert.IsTrue(cap.IsAllowed(p4512), "https / 4512");
Assert.IsTrue(cap.IsAllowed(p4513), "https / 4513");
Assert.IsTrue(cap.IsAllowed(p4514), "https / 4514");
Assert.IsTrue(cap.IsAllowed(p4515), "https / 4515");
Assert.IsTrue(cap.IsAllowed(p4516), "https / 4516");
Assert.IsTrue(cap.IsAllowed(p4517), "https / 4517");
Assert.IsTrue(cap.IsAllowed(p4518), "https / 4518");
Assert.IsTrue(cap.IsAllowed(p4519), "https / 4519");
Assert.IsTrue(cap.IsAllowed(p4520), "https / 4520");
Assert.IsTrue(cap.IsAllowed(p4521), "https / 4521");
Assert.IsTrue(cap.IsAllowed(p4522), "https / 4522");
ClientAccessPolicy.ApplicationUri = file;
Assert.IsTrue(cap.IsAllowed(p4523), "file / 4523");
Assert.IsTrue(cap.IsAllowed(p4524), "file / 4524");
Assert.IsTrue(cap.IsAllowed(p4525), "file / 4525");
Assert.IsTrue(cap.IsAllowed(p4526), "file / 4526");
Assert.IsTrue(cap.IsAllowed(p4527), "file / 4527");
Assert.IsTrue(cap.IsAllowed(p4528), "file / 4528");
Assert.IsTrue(cap.IsAllowed(p4529), "file / 4529");
Assert.IsTrue(cap.IsAllowed(p4530), "file / 4530");
Assert.IsTrue(cap.IsAllowed(p4531), "file / 4531");
Assert.IsTrue(cap.IsAllowed(p4532), "file / 4532");
Assert.IsTrue(cap.IsAllowed(p4533), "file / 4533");
Assert.IsTrue(cap.IsAllowed(p4534), "file / 4534");
Assert.IsFalse(cap.IsAllowed(p4535), "file / 4535");
}
public void AllDomainsAllSubPaths()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri='*'/>
</allow-from>
<grant-to>
<resource path='/' include-subpaths='true'/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = new Uri("http://localhost/");
Assert.IsTrue(cap.IsAllowed(new Uri("http://jolt-web01-a03/Resources/test.txt"), "GET", null), "");
}
public void GrantSpecificPathAndSubpaths()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri='*'/>
</allow-from>
<grant-to>
<resource path='/data' include-subpaths='true'/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
Assert.IsTrue(cap.IsAllowed(new Uri("http://localhost/data/file.txt"), "GET", null), "");
Assert.IsFalse(cap.IsAllowed(new Uri("http://localhost/data/./file.txt"), "GET", null), "");
}
public void AllDomainsNoSubPaths()
{
string policy = @"<?xml version='1.0'?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri='*'/>
</allow-from>
<grant-to>
<resource path='/'/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
";
ClientAccessPolicy cap = GetPolicy(policy);
ClientAccessPolicy.ApplicationUri = http;
// this one needs validation
Assert.IsFalse(cap.IsAllowed(new Uri("http://local/file.txt"), "GET", null), "");
Assert.IsFalse(cap.IsAllowed(new Uri("http://local/dir/file.txt"), "GET", null), "");
}
static ClientAccessPolicy GetPolicy(string policy)
{
using (MemoryStream ms = new MemoryStream(Encoding.UTF8.GetBytes(policy))) {
return((ClientAccessPolicy)ClientAccessPolicy.FromStream(ms));
}
}