Add reactive support for Feature-Policy security header

Closes gh-5672
This commit is contained in:
Vedran Pavic
2018-08-20 05:30:54 +02:00
committed by Rob Winch
parent eecb01abb2
commit 29cfc3dd1d
4 changed files with 231 additions and 35 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,36 +16,41 @@
package org.springframework.security.config.web.server;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import java.time.Duration;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
/**
* Tests for {@link ServerHttpSecurity.HeaderSpec}.
*
* @author Rob Winch
* @author Vedran Pavic
* @since 5.0
*/
public class HeaderSpecTests {
ServerHttpSecurity.HeaderSpec headers = ServerHttpSecurity.http().headers();
private ServerHttpSecurity.HeaderSpec headers = ServerHttpSecurity.http().headers();
HttpHeaders expectedHeaders = new HttpHeaders();
private HttpHeaders expectedHeaders = new HttpHeaders();
Set<String> headerNamesNotPresent = new HashSet<>();
private Set<String> headerNamesNotPresent = new HashSet<>();
@Before
public void setup() {
@@ -143,6 +148,16 @@ public class HeaderSpecTests {
assertHeaders();
}
@Test
public void headersWhenFeaturePolicyEnabledThenFeaturePolicyWritten() {
String policyDirectives = "Feature-Policy";
this.expectedHeaders.add(FeaturePolicyServerHttpHeadersWriter.FEATURE_POLICY,
policyDirectives);
this.headers.featurePolicy(policyDirectives);
assertHeaders();
}
private void expectHeaderNamesNotPresent(String... headerNames) {
for(String headerName : headerNames) {
this.expectedHeaders.remove(headerName);