- Created HeaderFactory abstraction
- Implemented different ALLOW-FROM strategies as specified in the proposal. Conflicts: config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
This commit is contained in:
@@ -20,9 +20,9 @@ import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.*;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
@@ -39,7 +39,8 @@ public class HeadersFilterTest {
|
||||
|
||||
@Test
|
||||
public void noHeadersConfigured() throws Exception {
|
||||
HeadersFilter filter = new HeadersFilter();
|
||||
List<HeaderFactory> factories = new ArrayList();
|
||||
HeadersFilter filter = new HeadersFilter(factories);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain filterChain = new MockFilterChain();
|
||||
@@ -51,11 +52,18 @@ public class HeadersFilterTest {
|
||||
|
||||
@Test
|
||||
public void additionalHeadersShouldBeAddedToTheResponse() throws Exception {
|
||||
HeadersFilter filter = new HeadersFilter();
|
||||
Map<String, String> headers = new HashMap<String, String>();
|
||||
headers.put("X-Header1", "foo");
|
||||
headers.put("X-Header2", "bar");
|
||||
filter.setHeaders(headers);
|
||||
List<HeaderFactory> factories = new ArrayList();
|
||||
MockHeaderFactory factory1 = new MockHeaderFactory();
|
||||
factory1.setName("X-Header1");
|
||||
factory1.setValue("foo");
|
||||
MockHeaderFactory factory2 = new MockHeaderFactory();
|
||||
factory2.setName("X-Header2");
|
||||
factory2.setValue("bar");
|
||||
|
||||
factories.add(factory1);
|
||||
factories.add(factory2);
|
||||
|
||||
HeadersFilter filter = new HeadersFilter(factories);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -70,4 +78,24 @@ public class HeadersFilterTest {
|
||||
assertThat(response.getHeader("X-Header2"), is("bar"));
|
||||
|
||||
}
|
||||
|
||||
private static final class MockHeaderFactory implements HeaderFactory {
|
||||
|
||||
private String name;
|
||||
private String value;
|
||||
|
||||
@Override
|
||||
public Header create(HttpServletRequest request, HttpServletResponse response) {
|
||||
return new Header(name, value);
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name=name;
|
||||
}
|
||||
|
||||
public void setValue(String value) {
|
||||
this.value=value;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
package org.springframework.security.web.headers;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertSame;
|
||||
import static org.springframework.test.util.MatcherAssertionErrors.assertThat;
|
||||
|
||||
/**
|
||||
* Test for the {@code StaticHeaderFactory}
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
*/
|
||||
public class StaticHeaderFactoryTest {
|
||||
|
||||
@Test
|
||||
public void sameHeaderShouldBeReturned() {
|
||||
StaticHeaderFactory factory = new StaticHeaderFactory("X-header", "foo");
|
||||
Header header = factory.create(null, null);
|
||||
assertThat(header.getName(), is("X-header"));
|
||||
assertThat(header.getValues()[0], is("foo"));
|
||||
|
||||
assertSame(header, factory.create(null, null));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.regex.PatternSyntaxException;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* Created with IntelliJ IDEA.
|
||||
* User: marten
|
||||
* Date: 01-02-13
|
||||
* Time: 20:25
|
||||
* To change this template use File | Settings | File Templates.
|
||||
*/
|
||||
public class RegExpAllowFromStrategyTest {
|
||||
|
||||
@Test(expected = PatternSyntaxException.class)
|
||||
public void invalidRegularExpressionShouldLeadToException() {
|
||||
new RegExpAllowFromStrategy("[a-z");
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void nullRegularExpressionShouldLeadToException() {
|
||||
new RegExpAllowFromStrategy(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void subdomainMatchingRegularExpression() {
|
||||
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
request.setParameter("from", "http://abc.test.com");
|
||||
String result1 = strategy.apply(request);
|
||||
assertThat(result1, is("ALLOW-FROM http://abc.test.com"));
|
||||
|
||||
request.setParameter("from", "http://foo.test.com");
|
||||
String result2 = strategy.apply(request);
|
||||
assertThat(result2, is("ALLOW-FROM http://foo.test.com"));
|
||||
|
||||
request.setParameter("from", "http://test.foobar.com");
|
||||
String result3 = strategy.apply(request);
|
||||
assertThat(result3, is("DENY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noParameterShouldDeny() {
|
||||
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
String result1 = strategy.apply(request);
|
||||
assertThat(result1, is("DENY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void test() {
|
||||
String pattern = "^http://([a-z0-9]*?\\.)test\\.com";
|
||||
Pattern p = Pattern.compile(pattern);
|
||||
String url = "http://abc.test.com";
|
||||
assertTrue(p.matcher(url).matches());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
/**
|
||||
* Test for the StaticAllowFromStrategy.
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
*/
|
||||
public class StaticAllowFromStrategyTest {
|
||||
|
||||
@Test
|
||||
public void shouldReturnUri() {
|
||||
String uri = "http://www.test.com";
|
||||
StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
|
||||
assertEquals(uri, strategy.apply(new MockHttpServletRequest()));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,80 @@
|
||||
package org.springframework.security.web.headers.frameoptions;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.springframework.test.util.MatcherAssertionErrors.assertThat;
|
||||
|
||||
/**
|
||||
* Test for the {@code WhiteListedAllowFromStrategy}.
|
||||
*
|
||||
* @author Marten Deinum
|
||||
* @since 3.2
|
||||
*/
|
||||
public class WhiteListedAllowFromStrategyTest {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void emptyListShouldThrowException() {
|
||||
new WhiteListedAllowFromStrategy(new ArrayList<String>());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void nullListShouldThrowException() {
|
||||
new WhiteListedAllowFromStrategy(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void listWithSingleElementShouldMatch() {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
assertThat(result, is("ALLOW-FROM http://www.test.com"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void listWithMultipleElementShouldMatch() {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
allowed.add("http://www.springsource.org");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
assertThat(result, is("ALLOW-FROM http://www.test.com"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void listWithSingleElementShouldNotMatch() {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setParameter("from", "http://www.test123.com");
|
||||
|
||||
String result = strategy.apply(request);
|
||||
assertThat(result, is("DENY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWithoutParameterShouldNotMatch() {
|
||||
List<String> allowed = new ArrayList<String>();
|
||||
allowed.add("http://www.test.com");
|
||||
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
String result = strategy.apply(request);
|
||||
assertThat(result, is("DENY"));
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user