diff --git a/rest/headers/README.adoc b/rest/headers/README.adoc index 7e4e3bd3..3438decd 100644 --- a/rest/headers/README.adoc +++ b/rest/headers/README.adoc @@ -38,6 +38,26 @@ HTTP/1.1 304 Not Modified ---- ==== +== Cross-Origin Resource Sharing + +Client-side JavaScript that issue cross-origin requests require the server to evaluate cross-origin requests and respond appropriately. + +.Cross-Origin Request +==== +[source,bash] +---- +$ curl 'http://localhost:8080/customers/' -i -H 'Origin: http://localhost' +---- + +[source,http] +---- +HTTP/1.1 200 OK +Access-Control-Allow-Origin: http://localhost +Vary: Origin +Access-Control-Allow-Credentials: true +---- +==== + == Spring RESTDocs The sample uses https://github.com/wilkinsona/spring-restdocs[Spring RESTDocs] to document the HTTP interaction implemented using the test cases. See `WebIntegrationTests.setUp()` for general setup and the individual test methods with their usage of `….andDo(document(…))`. \ No newline at end of file diff --git a/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java b/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java index db632cc5..bf61f768 100644 --- a/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java +++ b/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java @@ -16,11 +16,14 @@ package example.springdata.rest.headers; import org.springframework.data.repository.CrudRepository; +import org.springframework.web.bind.annotation.CrossOrigin; /** * Spring Data repository interface to manage {@link Customer} instances. * * @author Oliver Gierke + * @author Mark Paluch * @soundtrack The Intersphere - Out of phase (Live at Alte Feuerwache Mannheim) */ +@CrossOrigin public interface CustomerRepository extends CrudRepository {} diff --git a/rest/headers/src/test/java/example/springdata/rest/headers/CrossOriginIntegrationTests.java b/rest/headers/src/test/java/example/springdata/rest/headers/CrossOriginIntegrationTests.java new file mode 100644 index 00000000..906c4805 --- /dev/null +++ b/rest/headers/src/test/java/example/springdata/rest/headers/CrossOriginIntegrationTests.java @@ -0,0 +1,72 @@ +/* + * Copyright 2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package example.springdata.rest.headers; + +import static org.hamcrest.CoreMatchers.*; +import static org.springframework.http.HttpHeaders.*; +import static org.springframework.restdocs.RestDocumentation.*; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; + +import java.net.URI; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.restdocs.config.RestDocumentationConfigurer; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; + +/** + * Integration test for Cross-origin resource sharing. + * + * @author Mark Paluch + */ +@RunWith(SpringRunner.class) +@SpringBootTest +public class CrossOriginIntegrationTests { + + @Autowired WebApplicationContext context; + @Autowired CustomerRepository customers; + + MockMvc mvc; + + @Before + public void setUp() { + + this.mvc = MockMvcBuilders.webAppContextSetup(context).// + apply(new RestDocumentationConfigurer()).// + build(); + } + + @Test + public void executeCrossOriginRequest() throws Exception { + + String origin = "http://localhost"; + URI uri = URI.create("/customers"); + + MockHttpServletResponse response = mvc.perform(get(uri).header(ORIGIN, origin)).// + andExpect(header().string(ACCESS_CONTROL_ALLOW_CREDENTIALS, is("true"))).// + andExpect(header().string(ACCESS_CONTROL_ALLOW_ORIGIN, is(origin))).// + andDo(document("cors")).// + andReturn().getResponse(); + } +}