- Created HeaderFactory abstraction

- Implemented different ALLOW-FROM strategies as specified in the proposal.

Conflicts:
	config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
	config/src/test/groovy/org/springframework/security/config/http/HttpHeadersConfigTests.groovy
This commit is contained in:
Marten Deinum
2013-02-22 20:43:29 +01:00
committed by Rob Winch
parent a63baa8391
commit d0b40cd2ae
21 changed files with 740 additions and 67 deletions

View File

@@ -20,9 +20,9 @@ import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.*;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
@@ -39,7 +39,8 @@ public class HeadersFilterTest {
@Test
public void noHeadersConfigured() throws Exception {
HeadersFilter filter = new HeadersFilter();
List<HeaderFactory> factories = new ArrayList();
HeadersFilter filter = new HeadersFilter(factories);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
@@ -51,11 +52,18 @@ public class HeadersFilterTest {
@Test
public void additionalHeadersShouldBeAddedToTheResponse() throws Exception {
HeadersFilter filter = new HeadersFilter();
Map<String, String> headers = new HashMap<String, String>();
headers.put("X-Header1", "foo");
headers.put("X-Header2", "bar");
filter.setHeaders(headers);
List<HeaderFactory> factories = new ArrayList();
MockHeaderFactory factory1 = new MockHeaderFactory();
factory1.setName("X-Header1");
factory1.setValue("foo");
MockHeaderFactory factory2 = new MockHeaderFactory();
factory2.setName("X-Header2");
factory2.setValue("bar");
factories.add(factory1);
factories.add(factory2);
HeadersFilter filter = new HeadersFilter(factories);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
@@ -70,4 +78,24 @@ public class HeadersFilterTest {
assertThat(response.getHeader("X-Header2"), is("bar"));
}
private static final class MockHeaderFactory implements HeaderFactory {
private String name;
private String value;
@Override
public Header create(HttpServletRequest request, HttpServletResponse response) {
return new Header(name, value);
}
public void setName(String name) {
this.name=name;
}
public void setValue(String value) {
this.value=value;
}
}
}

View File

@@ -0,0 +1,26 @@
package org.springframework.security.web.headers;
import org.junit.Test;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertSame;
import static org.springframework.test.util.MatcherAssertionErrors.assertThat;
/**
* Test for the {@code StaticHeaderFactory}
*
* @author Marten Deinum
* @since 3.2
*/
public class StaticHeaderFactoryTest {
@Test
public void sameHeaderShouldBeReturned() {
StaticHeaderFactory factory = new StaticHeaderFactory("X-header", "foo");
Header header = factory.create(null, null);
assertThat(header.getName(), is("X-header"));
assertThat(header.getValues()[0], is("foo"));
assertSame(header, factory.create(null, null));
}
}

View File

@@ -0,0 +1,66 @@
package org.springframework.security.web.headers.frameoptions;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
/**
* Created with IntelliJ IDEA.
* User: marten
* Date: 01-02-13
* Time: 20:25
* To change this template use File | Settings | File Templates.
*/
public class RegExpAllowFromStrategyTest {
@Test(expected = PatternSyntaxException.class)
public void invalidRegularExpressionShouldLeadToException() {
new RegExpAllowFromStrategy("[a-z");
}
@Test(expected = IllegalArgumentException.class)
public void nullRegularExpressionShouldLeadToException() {
new RegExpAllowFromStrategy(null);
}
@Test
public void subdomainMatchingRegularExpression() {
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter("from", "http://abc.test.com");
String result1 = strategy.apply(request);
assertThat(result1, is("ALLOW-FROM http://abc.test.com"));
request.setParameter("from", "http://foo.test.com");
String result2 = strategy.apply(request);
assertThat(result2, is("ALLOW-FROM http://foo.test.com"));
request.setParameter("from", "http://test.foobar.com");
String result3 = strategy.apply(request);
assertThat(result3, is("DENY"));
}
@Test
public void noParameterShouldDeny() {
RegExpAllowFromStrategy strategy = new RegExpAllowFromStrategy("^http://([a-z0-9]*?\\.)test\\.com");
MockHttpServletRequest request = new MockHttpServletRequest();
String result1 = strategy.apply(request);
assertThat(result1, is("DENY"));
}
@Test
public void test() {
String pattern = "^http://([a-z0-9]*?\\.)test\\.com";
Pattern p = Pattern.compile(pattern);
String url = "http://abc.test.com";
assertTrue(p.matcher(url).matches());
}
}

View File

@@ -0,0 +1,24 @@
package org.springframework.security.web.headers.frameoptions;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import java.net.URI;
import static org.junit.Assert.assertEquals;
/**
* Test for the StaticAllowFromStrategy.
*
* @author Marten Deinum
* @since 3.2
*/
public class StaticAllowFromStrategyTest {
@Test
public void shouldReturnUri() {
String uri = "http://www.test.com";
StaticAllowFromStrategy strategy = new StaticAllowFromStrategy(URI.create(uri));
assertEquals(uri, strategy.apply(new MockHttpServletRequest()));
}
}

View File

@@ -0,0 +1,80 @@
package org.springframework.security.web.headers.frameoptions;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import static org.hamcrest.CoreMatchers.is;
import static org.springframework.test.util.MatcherAssertionErrors.assertThat;
/**
* Test for the {@code WhiteListedAllowFromStrategy}.
*
* @author Marten Deinum
* @since 3.2
*/
public class WhiteListedAllowFromStrategyTest {
@Test(expected = IllegalArgumentException.class)
public void emptyListShouldThrowException() {
new WhiteListedAllowFromStrategy(new ArrayList<String>());
}
@Test(expected = IllegalArgumentException.class)
public void nullListShouldThrowException() {
new WhiteListedAllowFromStrategy(null);
}
@Test
public void listWithSingleElementShouldMatch() {
List<String> allowed = new ArrayList<String>();
allowed.add("http://www.test.com");
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter("from", "http://www.test.com");
String result = strategy.apply(request);
assertThat(result, is("ALLOW-FROM http://www.test.com"));
}
@Test
public void listWithMultipleElementShouldMatch() {
List<String> allowed = new ArrayList<String>();
allowed.add("http://www.test.com");
allowed.add("http://www.springsource.org");
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter("from", "http://www.test.com");
String result = strategy.apply(request);
assertThat(result, is("ALLOW-FROM http://www.test.com"));
}
@Test
public void listWithSingleElementShouldNotMatch() {
List<String> allowed = new ArrayList<String>();
allowed.add("http://www.test.com");
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter("from", "http://www.test123.com");
String result = strategy.apply(request);
assertThat(result, is("DENY"));
}
@Test
public void requestWithoutParameterShouldNotMatch() {
List<String> allowed = new ArrayList<String>();
allowed.add("http://www.test.com");
WhiteListedAllowFromStrategy strategy = new WhiteListedAllowFromStrategy(allowed);
MockHttpServletRequest request = new MockHttpServletRequest();
String result = strategy.apply(request);
assertThat(result, is("DENY"));
}
}