mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
Polish Eager Header Config Tests
In the Java config tests, there is a simplified way to configure Spring, and that is with SpringTestRule. Also, test names typically follow the when-then convention. Issue: gh-6501
This commit is contained in:
parent
ac13b55ecd
commit
2b960b074b
@ -1,131 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2002-2019 the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.springframework.security.config.annotation.authentication.configurers;
|
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.LinkedHashMap;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import org.junit.After;
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
import org.springframework.mock.web.MockFilterChain;
|
|
||||||
import org.springframework.mock.web.MockHttpServletRequest;
|
|
||||||
import org.springframework.mock.web.MockHttpServletResponse;
|
|
||||||
import org.springframework.mock.web.MockServletContext;
|
|
||||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.web.header.HeaderWriterFilter;
|
|
||||||
import org.springframework.web.context.ConfigurableWebApplicationContext;
|
|
||||||
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
|
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Tests for {@link HeadersConfigurer}.
|
|
||||||
*
|
|
||||||
* @author Ankur Pathak
|
|
||||||
*/
|
|
||||||
public class HeadersConfigurerJavaTests {
|
|
||||||
|
|
||||||
private boolean allowCircularReferences = false;
|
|
||||||
private MockServletContext servletContext;
|
|
||||||
private MockHttpServletRequest request;
|
|
||||||
private MockHttpServletResponse response;
|
|
||||||
private MockFilterChain chain;
|
|
||||||
private ConfigurableWebApplicationContext context;
|
|
||||||
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void setUp() {
|
|
||||||
this.servletContext = new MockServletContext();
|
|
||||||
this.request = new MockHttpServletRequest(this.servletContext, "GET", "");
|
|
||||||
this.response = new MockHttpServletResponse();
|
|
||||||
this.chain = new MockFilterChain();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@After
|
|
||||||
public void cleanup(){
|
|
||||||
if (this.context != null){
|
|
||||||
this.context.close();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@EnableWebSecurity
|
|
||||||
public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http
|
|
||||||
.headers()
|
|
||||||
.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
|
|
||||||
@Override
|
|
||||||
public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
|
|
||||||
filter.setShouldWriteHeadersEagerly(true);
|
|
||||||
return filter;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void headersWrittenAtBeginningOfRequest() throws IOException, ServletException {
|
|
||||||
this.context = loadConfig(HeadersAtTheBeginningOfRequestConfig.class);
|
|
||||||
this.request.setSecure(true);
|
|
||||||
getSpringSecurityFilterChain().doFilter(this.request, this.response, this.chain);
|
|
||||||
assertThat(getResponseHeaders()).containsAllEntriesOf(new LinkedHashMap<String, String>(){{
|
|
||||||
put("X-Content-Type-Options", "nosniff");
|
|
||||||
put("X-Frame-Options", "DENY");
|
|
||||||
put("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains");
|
|
||||||
put("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
|
|
||||||
put("Expires", "0");
|
|
||||||
put("Pragma", "no-cache");
|
|
||||||
put("X-XSS-Protection", "1; mode=block");
|
|
||||||
}});
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
|
||||||
private Map<String, String > getResponseHeaders() {
|
|
||||||
Map<String, String> headers = new LinkedHashMap<>();
|
|
||||||
this.response.getHeaderNames().forEach(name -> {
|
|
||||||
List values = this.response.getHeaderValues(name);
|
|
||||||
headers.put(name, String.join(",", values));
|
|
||||||
});
|
|
||||||
return headers;
|
|
||||||
}
|
|
||||||
|
|
||||||
private ConfigurableWebApplicationContext loadConfig(Class<?>... configs) {
|
|
||||||
AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
|
|
||||||
context.register(configs);
|
|
||||||
context.setAllowCircularReferences(this.allowCircularReferences);
|
|
||||||
context.setServletContext(this.servletContext);
|
|
||||||
context.refresh();
|
|
||||||
return context;
|
|
||||||
}
|
|
||||||
|
|
||||||
private Filter getSpringSecurityFilterChain() {
|
|
||||||
return this.context.getBean("springSecurityFilterChain", Filter.class);
|
|
||||||
}
|
|
||||||
}
|
|
@ -0,0 +1,78 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2002-2019 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.security.config.annotation.web.configurers;
|
||||||
|
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.security.config.test.SpringTestRule;
|
||||||
|
import org.springframework.security.web.header.HeaderWriterFilter;
|
||||||
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
|
|
||||||
|
import static org.springframework.http.HttpHeaders.*;
|
||||||
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||||
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests for {@link HeadersConfigurer}.
|
||||||
|
*
|
||||||
|
* @author Ankur Pathak
|
||||||
|
*/
|
||||||
|
public class HeadersConfigurerEagerHeadersTests {
|
||||||
|
|
||||||
|
@Rule
|
||||||
|
public final SpringTestRule spring = new SpringTestRule();
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
MockMvc mvc;
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
public static class HeadersAtTheBeginningOfRequestConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
//@ formatter:off
|
||||||
|
http
|
||||||
|
.headers()
|
||||||
|
.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
|
||||||
|
@Override
|
||||||
|
public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
|
||||||
|
filter.setShouldWriteHeadersEagerly(true);
|
||||||
|
return filter;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
//@ formatter:on
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
|
||||||
|
this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
|
||||||
|
|
||||||
|
this.mvc.perform(get("/").secure(true))
|
||||||
|
.andExpect(header().string("X-Content-Type-Options", "nosniff"))
|
||||||
|
.andExpect(header().string("X-Frame-Options", "DENY"))
|
||||||
|
.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
|
||||||
|
.andExpect(header().string(CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate"))
|
||||||
|
.andExpect(header().string(EXPIRES, "0"))
|
||||||
|
.andExpect(header().string(PRAGMA, "no-cache"))
|
||||||
|
.andExpect(header().string("X-XSS-Protection", "1; mode=block"));
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user