Allow skipping JSON prefix in MockMvc result matchers

JSON payloads are sometimes prepended with a static string prefix
to prevent Cross Site Scripting Inclusion attacks (XSSI).
Prior to this commit, doing so would fail the MockMvc
`JsonPathResultMatchers` since they're considering the whole response as
the JSON payload.

This commit adds a new `JsonPathResultMatchers.prefix` method that
configures the matchers to check for the presence of that string (i.e.
fail if it's not there) and only consider the rest of the response body
as the JSON payload for other assertions.

Issue: SPR-13577
This commit is contained in:
Brian Clozel
2016-03-14 15:39:54 +01:00
parent 4a6c2dbb15
commit 7ae44c2565
3 changed files with 94 additions and 17 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2015 the original author or authors.
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@ import org.springframework.test.web.servlet.StubMvcResult;
* @author Rossen Stoyanchev
* @author Craig Andrews
* @author Sam Brannen
* @author Brian Clozel
*/
public class JsonPathResultMatchersTests {
@@ -41,7 +42,7 @@ public class JsonPathResultMatchersTests {
"'emptyString': '', " + //
"'emptyArray': [], " + //
"'emptyMap': {} " + //
"}";
"}";
private static final StubMvcResult stubMvcResult;
@@ -57,7 +58,6 @@ public class JsonPathResultMatchersTests {
}
}
@Test
public void value() throws Exception {
new JsonPathResultMatchers("$.str").value("foo").match(stubMvcResult);
@@ -233,4 +233,42 @@ public class JsonPathResultMatchersTests {
new JsonPathResultMatchers("$.arr").isString().match(stubMvcResult);
}
@Test(expected = AssertionError.class)
public void valueWithJsonPrefixNotConfigured() throws Exception {
String jsonPrefix = "prefix";
StubMvcResult result = createPrefixedStubMvcResult(jsonPrefix);
new JsonPathResultMatchers("$.str").value("foo").match(result);
}
@Test(expected = AssertionError.class)
public void valueWithJsonWrongPrefix() throws Exception {
String jsonPrefix = "prefix";
StubMvcResult result = createPrefixedStubMvcResult(jsonPrefix);
new JsonPathResultMatchers("$.str").prefix("wrong").value("foo").match(result);
}
@Test
public void valueWithJsonPrefix() throws Exception {
String jsonPrefix = "prefix";
StubMvcResult result = createPrefixedStubMvcResult(jsonPrefix);
new JsonPathResultMatchers("$.str").prefix(jsonPrefix).value("foo").match(result);
}
@Test(expected = AssertionError.class)
public void prefixWithPayloadNotLongEnough() throws Exception {
MockHttpServletResponse response = new MockHttpServletResponse();
response.addHeader("Content-Type", "application/json");
response.getWriter().print(new String("test".getBytes("ISO-8859-1")));
StubMvcResult result = new StubMvcResult(null, null, null, null, null, null, response);
new JsonPathResultMatchers("$.str").prefix("prefix").value("foo").match(result);
}
private StubMvcResult createPrefixedStubMvcResult(String jsonPrefix) throws Exception {
MockHttpServletResponse response = new MockHttpServletResponse();
response.addHeader("Content-Type", "application/json");
response.getWriter().print(jsonPrefix + new String(RESPONSE_CONTENT.getBytes("ISO-8859-1")));
return new StubMvcResult(null, null, null, null, null, null, response);
}
}