Make DefaultCorsProcessor Servlet 2.5 compliant
This commit adds CORS related headers to HttpHeaders and update DefaultCorsProcessor implementation to use ServerHttpRequest and ServerHttpResponse instead of HttpServletRequest and HttpServletResponse. Usage of ServerHttpResponse allows to avoid using Servlet 3.0 specific methods in order keep CORS support Servlet 2.5 compliant. Issue: SPR-12885
This commit is contained in:
@@ -33,7 +33,6 @@ import org.springframework.http.server.ServerHttpResponse;
|
||||
import org.springframework.http.server.ServletServerHttpResponse;
|
||||
import org.springframework.scheduling.TaskScheduler;
|
||||
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
|
||||
import org.springframework.web.cors.CorsUtils;
|
||||
import org.springframework.web.socket.AbstractHttpRequestTests;
|
||||
import org.springframework.web.socket.WebSocketHandler;
|
||||
import org.springframework.web.socket.sockjs.SockJsException;
|
||||
@@ -87,8 +86,8 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
|
||||
assertEquals("application/json;charset=UTF-8", this.servletResponse.getContentType());
|
||||
assertEquals("no-store, no-cache, must-revalidate, max-age=0", this.servletResponse.getHeader(HttpHeaders.CACHE_CONTROL));
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.VARY));
|
||||
|
||||
String body = this.servletResponse.getContentAsString();
|
||||
@@ -106,8 +105,8 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
|
||||
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com"));
|
||||
resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK);
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.VARY));
|
||||
}
|
||||
|
||||
@@ -137,11 +136,11 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
public void handleInfoGetCorsFilter() throws Exception {
|
||||
|
||||
// Simulate scenario where Filter would have already set CORS headers
|
||||
this.servletResponse.setHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN, "foobar:123");
|
||||
this.servletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foobar:123");
|
||||
|
||||
handleRequest("GET", "/echo/info", HttpStatus.OK);
|
||||
|
||||
assertEquals("foobar:123", this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertEquals("foobar:123", this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
}
|
||||
|
||||
@Test // SPR-11919
|
||||
@@ -149,7 +148,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
public void handleInfoGetWildflyNPE() throws Exception {
|
||||
HttpServletResponse mockResponse = mock(HttpServletResponse.class);
|
||||
ServletOutputStream ous = mock(ServletOutputStream.class);
|
||||
given(mockResponse.getHeaders(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN)).willThrow(NullPointerException.class);
|
||||
given(mockResponse.getHeaders(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).willThrow(NullPointerException.class);
|
||||
given(mockResponse.getOutputStream()).willReturn(ous);
|
||||
this.response = new ServletServerHttpResponse(mockResponse);
|
||||
|
||||
@@ -160,7 +159,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
|
||||
@Test // SPR-12660
|
||||
public void handleInfoOptions() throws Exception {
|
||||
this.servletRequest.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
|
||||
assertNull(this.service.getCorsConfiguration(this.servletRequest));
|
||||
|
||||
@@ -173,8 +172,8 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
public void handleInfoOptionsWithOrigin() throws Exception {
|
||||
this.servletRequest.setServerName("mydomain2.com");
|
||||
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
|
||||
this.servletRequest.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.servletRequest.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
|
||||
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
|
||||
assertNotNull(this.service.getCorsConfiguration(this.servletRequest));
|
||||
|
||||
@@ -196,7 +195,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests {
|
||||
this.service.setAllowedOrigins(Arrays.asList("*"));
|
||||
this.service.setSuppressCors(true);
|
||||
|
||||
this.servletRequest.addHeader(CorsUtils.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified");
|
||||
resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT);
|
||||
assertNull(this.service.getCorsConfiguration(this.servletRequest));
|
||||
|
||||
|
||||
@@ -31,7 +31,6 @@ import org.mockito.MockitoAnnotations;
|
||||
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.scheduling.TaskScheduler;
|
||||
import org.springframework.web.cors.CorsUtils;
|
||||
import org.springframework.web.socket.AbstractHttpRequestTests;
|
||||
import org.springframework.web.socket.WebSocketHandler;
|
||||
import org.springframework.web.socket.handler.TestPrincipal;
|
||||
@@ -149,8 +148,8 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests {
|
||||
verify(taskScheduler).scheduleAtFixedRate(any(Runnable.class), eq(service.getDisconnectDelay()));
|
||||
|
||||
assertEquals("no-store, no-cache, must-revalidate, max-age=0", this.response.getHeaders().getCacheControl());
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(CorsUtils.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
||||
assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
||||
}
|
||||
|
||||
@Test // SPR-12226
|
||||
|
||||
Reference in New Issue
Block a user