Add preload support to Strict-Transport-Security

1. Preload support in Servlet Security(XML & Java)
2. Preload support in Reactive Security
3. Test for preload support in Servlet Security
4. Test for preload support in Reactive Security

Fixes: gh-6312
This commit is contained in:
Ankur Pathak
2018-12-21 21:59:54 +05:30
committed by Rob Winch
parent 739594dee8
commit b7ed919cee
13 changed files with 3860 additions and 21 deletions

View File

@@ -50,7 +50,7 @@ public class XsdDocumentedTests {
String referenceLocation = "../docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc";
String schema31xDocumentLocation = "org/springframework/security/config/spring-security-3.1.xsd";
String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.1.xsd";
String schemaDocumentLocation = "org/springframework/security/config/spring-security-5.2.xsd";
XmlSupport xml = new XmlSupport();
@@ -142,8 +142,8 @@ public class XsdDocumentedTests {
String[] schemas = resource.getFile().getParentFile().list((dir, name) -> name.endsWith(".xsd"));
assertThat(schemas.length).isEqualTo(13)
.withFailMessage("the count is equal to 12, if not then schemaDocument needs updating");
assertThat(schemas.length).isEqualTo(14)
.withFailMessage("the count is equal to 14, if not then schemaDocument needs updating");
}
/**

View File

@@ -125,6 +125,17 @@ public class HeaderSpecTests {
assertHeaders();
}
@Test
public void headersWhenHstsCustomWithPreloadThenCustomHstsWritten() {
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60 ; includeSubDomains ; preload");
this.headers.hsts()
.maxAge(Duration.ofSeconds(60))
.preload(true);
assertHeaders();
}
@Test
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
expectHeaderNamesNotPresent(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);