SEC-2230: Polish pull request
This commit is contained in:
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.security.web.headers;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
import java.util.ArrayList;
|
||||
@@ -33,27 +33,26 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
* Tests for the {@code HeadersFilter}
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class HeadersFilterTest {
|
||||
public class HeadersFilterTests {
|
||||
@Mock
|
||||
private HeaderWriter writer1;
|
||||
|
||||
@Mock
|
||||
private HeaderWriter writer2;
|
||||
|
||||
@Test
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void noHeadersConfigured() throws Exception {
|
||||
List<HeaderWriter> headerWriters = new ArrayList<HeaderWriter>();
|
||||
HeadersFilter filter = new HeadersFilter(headerWriters);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain filterChain = new MockFilterChain();
|
||||
new HeadersFilter(headerWriters);
|
||||
}
|
||||
|
||||
filter.doFilter(request, response, filterChain);
|
||||
|
||||
assertTrue(response.getHeaderNames().isEmpty());
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullWriters() throws Exception {
|
||||
new HeadersFilter(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -72,5 +71,6 @@ public class HeadersFilterTest {
|
||||
|
||||
verify(writer1).writeHeaders(request, response);
|
||||
verify(writer2).writeHeaders(request, response);
|
||||
assertThat(filterChain.getRequest()).isEqualTo(request); // verify the filterChain continued
|
||||
}
|
||||
}
|
||||
@@ -1,3 +1,18 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.headers;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
@@ -13,6 +28,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
* Test for the {@code StaticHeadersWriter}
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
public class StaticHeaderWriterTests {
|
||||
@@ -25,6 +41,21 @@ public class StaticHeaderWriterTests {
|
||||
response = new MockHttpServletResponse();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullHeaderName() {
|
||||
new StaticHeadersWriter(null, "value1");
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullHeaderValues() {
|
||||
new StaticHeadersWriter("name", (String[]) null);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorContainsNullHeaderValue() {
|
||||
new StaticHeadersWriter("name", "value1", null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sameHeaderShouldBeReturned() {
|
||||
String headerName = "X-header";
|
||||
|
||||
@@ -0,0 +1,101 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
public class AbstractRequestParameterAllowFromStrategyTests {
|
||||
private MockHttpServletRequest request;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nullAllowFromParameterValue() {
|
||||
RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
|
||||
|
||||
assertThat(
|
||||
strategy
|
||||
.getAllowFromValue(request)).isEqualTo("DENY");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void emptyAllowFromParameterValue() {
|
||||
request.setParameter("x-frames-allow-from", "");
|
||||
RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
|
||||
|
||||
assertThat(
|
||||
strategy
|
||||
.getAllowFromValue(request)).isEqualTo("DENY");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void emptyAllowFromCustomParameterValue() {
|
||||
String customParam = "custom";
|
||||
request.setParameter(customParam, "");
|
||||
RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
|
||||
strategy.setAllowFromParameterName(customParam);
|
||||
|
||||
assertThat(
|
||||
strategy
|
||||
.getAllowFromValue(request)).isEqualTo("DENY");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allowFromParameterValueAllowed() {
|
||||
String value = "https://example.com";
|
||||
request.setParameter("x-frames-allow-from", value);
|
||||
RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(true);
|
||||
|
||||
assertThat(
|
||||
strategy
|
||||
.getAllowFromValue(request)).isEqualTo("ALLOW-FROM "+value);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allowFromParameterValueDenied() {
|
||||
String value = "https://example.com";
|
||||
request.setParameter("x-frames-allow-from", value);
|
||||
RequestParameterAllowFromStrategyStub strategy = new RequestParameterAllowFromStrategyStub(false);
|
||||
|
||||
assertThat(
|
||||
strategy
|
||||
.getAllowFromValue(request)).isEqualTo("DENY");
|
||||
}
|
||||
|
||||
private static class RequestParameterAllowFromStrategyStub extends AbstractRequestParameterAllowFromStrategy {
|
||||
private boolean match;
|
||||
|
||||
RequestParameterAllowFromStrategyStub(boolean match) {
|
||||
this.match = match;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean allowed(String allowFromOrigin) {
|
||||
return match;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,109 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.Collections;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.headers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class FrameOptionsHeaderWriterTests {
|
||||
@Mock
|
||||
private AllowFromStrategy strategy;
|
||||
|
||||
private MockHttpServletResponse response;
|
||||
|
||||
private MockHttpServletRequest request;
|
||||
|
||||
private XFrameOptionsHeaderWriter writer;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullMode() {
|
||||
new XFrameOptionsHeaderWriter((XFrameOptionsMode)null);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorAllowFromNoAllowFromStrategy() {
|
||||
new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullAllowFromStrategy() {
|
||||
new XFrameOptionsHeaderWriter((AllowFromStrategy)null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersAllowFromReturnsNull() {
|
||||
writer = new XFrameOptionsHeaderWriter(strategy);
|
||||
|
||||
writer.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames().isEmpty()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersAllowFrom() {
|
||||
String allowFromValue = "https://example.com/";
|
||||
when(strategy.getAllowFromValue(request)).thenReturn(allowFromValue);
|
||||
writer = new XFrameOptionsHeaderWriter(strategy);
|
||||
|
||||
writer.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames().size()).isEqualTo(1);
|
||||
assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("ALLOW-FROM " + allowFromValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void writeHeadersDeny() {
|
||||
writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
|
||||
|
||||
writer.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames().size()).isEqualTo(1);
|
||||
assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void writeHeadersSameOrigin() {
|
||||
writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
|
||||
|
||||
writer.writeHeaders(request, response);
|
||||
|
||||
assertThat(response.getHeaderNames().size()).isEqualTo(1);
|
||||
assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
|
||||
}
|
||||
}
|
||||
@@ -1,23 +1,18 @@
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
import java.util.regex.PatternSyntaxException;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.regex.PatternSyntaxException;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* Created with IntelliJ IDEA.
|
||||
* User: marten
|
||||
* Date: 01-02-13
|
||||
* Time: 20:25
|
||||
* To change this template use File | Settings | File Templates.
|
||||
*
|
||||
* @author Marten Deinum
|
||||
*/
|
||||
public class RegExpAllowFromStrategyTest {
|
||||
public class RegExpAllowFromStrategyTests {
|
||||
|
||||
@Test(expected = PatternSyntaxException.class)
|
||||
public void invalidRegularExpressionShouldLeadToException() {
|
||||
@@ -32,18 +27,19 @@ public class RegExpAllowFromStrategyTest {
|
||||
@Test
|
||||
public void subdomainMatchingRegularExpression() {
|
||||
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
|
||||
strategy.setAllowFromParameterName("from");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
request.setParameter("from", "http://abc.test.com");
|
||||
String result1 = strategy.apply(request);
|
||||
String result1 = strategy.getAllowFromValue(request);
|
||||
assertThat(result1, is("ALLOW-FROM http://abc.test.com"));
|
||||
|
||||
request.setParameter("from", "http://foo.test.com");
|
||||
String result2 = strategy.apply(request);
|
||||
String result2 = strategy.getAllowFromValue(request);
|
||||
assertThat(result2, is("ALLOW-FROM http://foo.test.com"));
|
||||
|
||||
request.setParameter("from", "http://test.foobar.com");
|
||||
String result3 = strategy.apply(request);
|
||||
String result3 = strategy.getAllowFromValue(request);
|
||||
assertThat(result3, is("DENY"));
|
||||
}
|
||||
|
||||
@@ -51,16 +47,7 @@ public class RegExpAllowFromStrategyTest {
|
||||
public void noParameterShouldDeny() {
|
||||
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
String result1 = strategy.apply(request);
|
||||
String result1 = strategy.getAllowFromValue(request);
|
||||
assertThat(result1, is("DENY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void test() {
|
||||
String pattern = "^http://([a-z0-9]*?\\.)test\\.com";
|
||||
Pattern p = Pattern.compile(pattern);
|
||||
String url = "http://abc.test.com";
|
||||
assertTrue(p.matcher(url).matches());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -13,12 +13,12 @@ import static org.junit.Assert.assertEquals;
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
*/
|
||||
public class StaticAllowFromStrategyTest {
|
||||
public class StaticAllowFromStrategyTests {
|
||||
|
||||
@Test
|
||||
public void shouldReturnUri() {
|
||||
String uri = "http://www.test.com";
|
||||
StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
|
||||
assertEquals(uri, strategy.apply(new MockHttpServletRequest()));
|
||||
assertEquals(uri, strategy.getAllowFromValue(new MockHttpServletRequest()));
|
||||
}
|
||||
}
|
||||
@@ -15,7 +15,7 @@ import static org.springframework.test.util.MatcherAssertionErrors.assertThat;
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
*/
|
||||
public class WhiteListedAllowFromStrategyTest {
|
||||
public class WhiteListedAllowFromStrategyTests {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void emptyListShouldThrowException() {
|
||||
@@ -32,10 +32,11 @@ public class WhiteListedAllowFromStrategyTest {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
strategy.setAllowFromParameterName("from");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
String result = strategy.getAllowFromValue(request);
|
||||
assertThat(result, is("ALLOW-FROM http://www.test.com"));
|
||||
}
|
||||
|
||||
@@ -45,10 +46,11 @@ public class WhiteListedAllowFromStrategyTest {
|
||||
allowed.add("http://www.test.com");
|
||||
allowed.add("http://www.springsource.org");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
strategy.setAllowFromParameterName("from");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
String result = strategy.getAllowFromValue(request);
|
||||
assertThat(result, is("ALLOW-FROM http://www.test.com"));
|
||||
}
|
||||
|
||||
@@ -57,10 +59,11 @@ public class WhiteListedAllowFromStrategyTest {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
strategy.setAllowFromParameterName("from");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test123.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
String result = strategy.getAllowFromValue(request);
|
||||
assertThat(result, is("DENY"));
|
||||
}
|
||||
|
||||
@@ -69,9 +72,10 @@ public class WhiteListedAllowFromStrategyTest {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
strategy.setAllowFromParameterName("from");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
String result = strategy.apply(request);
|
||||
String result = strategy.getAllowFromValue(request);
|
||||
assertThat(result, is("DENY"));
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user