NIFI-7993 - Upgraded Jetty dependency and fixed a minor issue with Jetty security filter tests.

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com> This closes #4658.
2020-11-12 14:32:18 -05:00 · 2020-11-12 14:32:18 -05:00 · 8a4079cd78
parent c79ad1502e
commit 8a4079cd78
2 changed files with 21 additions and 14 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/headers/HTTPHeaderFiltersTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/headers/HTTPHeaderFiltersTest.java
@ -18,6 +18,7 @@ package org.apache.nifi.web.security.headers;

 import org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter;
 import org.eclipse.jetty.servlet.FilterHolder;
+import org.eclipse.jetty.servlet.ServletHandler;
 import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.mock.web.MockHttpServletResponse;
@ -35,7 +36,7 @@ public class HTTPHeaderFiltersTest {
    public void testCSPHeaderApplied() throws ServletException, IOException, Exception {
        // Arrange

-        FilterHolder originFilter = new FilterHolder(new ContentSecurityPolicyFilter());
+        FilterHolder cspFilter = new FilterHolder(new ContentSecurityPolicyFilter());

        // Set up request
        HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
@ -43,9 +44,10 @@ public class HTTPHeaderFiltersTest {
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
-        originFilter.start();
-        originFilter.initialize();
-        originFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
+        cspFilter.setServletHandler(new ServletHandler());
+        cspFilter.start();
+        cspFilter.initialize();
+        cspFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);

        // Verify
        assertEquals("frame-ancestors 'self'", mockResponse.getHeader("Content-Security-Policy"));
@ -55,7 +57,7 @@ public class HTTPHeaderFiltersTest {
    public void testCSPHeaderAppliedOnlyOnce() throws ServletException, IOException, Exception {
        // Arrange

-        FilterHolder originFilter = new FilterHolder(new ContentSecurityPolicyFilter());
+        FilterHolder cspFilter = new FilterHolder(new ContentSecurityPolicyFilter());

        // Set up request
        HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
@ -63,10 +65,11 @@ public class HTTPHeaderFiltersTest {
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
-        originFilter.start();
-        originFilter.initialize();
-        originFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
-        originFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
+        cspFilter.setServletHandler(new ServletHandler());
+        cspFilter.start();
+        cspFilter.initialize();
+        cspFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
+        cspFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);

        // Verify
        assertEquals("frame-ancestors 'self'", mockResponse.getHeader("Content-Security-Policy"));
@ -85,6 +88,7 @@ public class HTTPHeaderFiltersTest {
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
+        xfoFilter.setServletHandler(new ServletHandler());
        xfoFilter.start();
        xfoFilter.initialize();
        xfoFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
@ -105,6 +109,7 @@ public class HTTPHeaderFiltersTest {
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
+        hstsFilter.setServletHandler(new ServletHandler());
        hstsFilter.start();
        hstsFilter.initialize();
        hstsFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
@ -125,6 +130,7 @@ public class HTTPHeaderFiltersTest {
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
+        xssFilter.setServletHandler(new ServletHandler());
        xssFilter.start();
        xssFilter.initialize();
        xssFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
@ -136,16 +142,17 @@ public class HTTPHeaderFiltersTest {
    @Test
    public void testXContentTypeOptionsHeaderApplied() throws Exception {
        // Arrange
-        FilterHolder xssFilter = new FilterHolder(new XContentTypeOptionsFilter());
+        FilterHolder xContentTypeFilter = new FilterHolder(new XContentTypeOptionsFilter());

        HttpServletRequest mockRequest = Mockito.mock(HttpServletRequest.class);
        MockHttpServletResponse mockResponse = new MockHttpServletResponse();
        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);

        // Action
-        xssFilter.start();
-        xssFilter.initialize();
-        xssFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);
+        xContentTypeFilter.setServletHandler(new ServletHandler());
+        xContentTypeFilter.start();
+        xContentTypeFilter.initialize();
+        xContentTypeFilter.getFilter().doFilter(mockRequest, mockResponse, mockFilterChain);

        // Verify
        assertEquals("nosniff", mockResponse.getHeader("X-Content-Type-Options"));
--- a/pom.xml
+++ b/pom.xml
@ -90,7 +90,7 @@
        <inceptionYear>2014</inceptionYear>
        <org.slf4j.version>1.7.30</org.slf4j.version>
        <ranger.version>2.1.0</ranger.version>
-        <jetty.version>9.4.26.v20200117</jetty.version>
+        <jetty.version>9.4.34.v20201102</jetty.version>
        <jackson.version>2.9.10</jackson.version>
        <jackson-databind.version>2.9.10.5</jackson-databind.version>
        <nifi.registry.version>0.8.0</nifi.registry.version>