Add global CORS configuration capabilities

This commit adds JavaConfig based global CORS configuration
capabilities to Spring MVC. It is now possible to specify
multiple CORS configurations, each mapped on a path pattern,
by overriding
WebMvcConfigurerAdapter#configureCrossOrigin(CrossOriginConfigurer).

It is also possible to combine global and @CrossOrigin based
CORS configuration.

Issue: SPR-12933
This commit is contained in:
Sebastien Deleuze
2015-05-16 00:52:51 +02:00
parent 696a010e81
commit 49fff7513d
14 changed files with 548 additions and 13 deletions

View File

@@ -20,8 +20,7 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Test;
@@ -40,6 +39,115 @@ public class CorsConfigurationTests {
public void setup() {
config = new CorsConfiguration();
}
@Test
public void setNullValues() {
config.setAllowedOrigins(null);
assertNull(config.getAllowedOrigins());
config.setAllowedHeaders(null);
assertNull(config.getAllowedHeaders());
config.setAllowedMethods(null);
assertNull(config.getAllowedMethods());
config.setExposedHeaders(null);
assertNull(config.getExposedHeaders());
config.setAllowCredentials(null);
assertNull(config.getAllowCredentials());
config.setMaxAge(null);
assertNull(config.getMaxAge());
}
@Test
public void setValues() {
config.addAllowedOrigin("*");
assertEquals(Arrays.asList("*"), config.getAllowedOrigins());
config.addAllowedHeader("*");
assertEquals(Arrays.asList("*"), config.getAllowedHeaders());
config.addAllowedMethod("*");
assertEquals(Arrays.asList("*"), config.getAllowedMethods());
config.addExposedHeader("header1");
config.addExposedHeader("header2");
assertEquals(Arrays.asList("header1", "header2"), config.getExposedHeaders());
config.setAllowCredentials(true);
assertTrue(config.getAllowCredentials());
config.setMaxAge(123L);
assertEquals(new Long(123), config.getMaxAge());
}
@Test(expected = IllegalArgumentException.class)
public void asteriskWildCardOnAddExposedHeader() {
config.addExposedHeader("*");
}
@Test(expected = IllegalArgumentException.class)
public void asteriskWildCardOnSetExposedHeaders() {
config.setExposedHeaders(Arrays.asList("*"));
}
@Test
public void combineWithNull() {
config.setAllowedOrigins(Arrays.asList("*"));
config.combine(null);
assertEquals(Arrays.asList("*"), config.getAllowedOrigins());
}
@Test
public void combineWithNullProperties() {
config.addAllowedOrigin("*");
config.addAllowedHeader("header1");
config.addExposedHeader("header3");
config.addAllowedMethod(HttpMethod.GET.name());
config.setMaxAge(123L);
config.setAllowCredentials(true);
CorsConfiguration other = new CorsConfiguration();
config = config.combine(other);
assertEquals(Arrays.asList("*"), config.getAllowedOrigins());
assertEquals(Arrays.asList("header1"), config.getAllowedHeaders());
assertEquals(Arrays.asList("header3"), config.getExposedHeaders());
assertEquals(Arrays.asList(HttpMethod.GET.name()), config.getAllowedMethods());
assertEquals(new Long(123), config.getMaxAge());
assertTrue(config.getAllowCredentials());
}
@Test
public void combineWithAsteriskWildCard() {
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
CorsConfiguration other = new CorsConfiguration();
other.addAllowedOrigin("http://domain.com");
other.addAllowedHeader("header1");
other.addExposedHeader("header2");
other.addAllowedMethod(HttpMethod.PUT.name());
config = config.combine(other);
assertEquals(Arrays.asList("http://domain.com"), config.getAllowedOrigins());
assertEquals(Arrays.asList("header1"), config.getAllowedHeaders());
assertEquals(Arrays.asList("header2"), config.getExposedHeaders());
assertEquals(Arrays.asList(HttpMethod.PUT.name()), config.getAllowedMethods());
}
@Test
public void combine() {
config.addAllowedOrigin("http://domain1.com");
config.addAllowedHeader("header1");
config.addExposedHeader("header3");
config.addAllowedMethod(HttpMethod.GET.name());
config.setMaxAge(123L);
config.setAllowCredentials(true);
CorsConfiguration other = new CorsConfiguration();
other.addAllowedOrigin("http://domain2.com");
other.addAllowedHeader("header2");
other.addExposedHeader("header4");
other.addAllowedMethod(HttpMethod.PUT.name());
other.setMaxAge(456L);
other.setAllowCredentials(false);
config = config.combine(other);
assertEquals(Arrays.asList("http://domain1.com", "http://domain2.com"), config.getAllowedOrigins());
assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders());
assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders());
assertEquals(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()), config.getAllowedMethods());
assertEquals(new Long(456), config.getMaxAge());
assertFalse(config.getAllowCredentials());
}
@Test
public void checkOriginAllowed() {