Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HttpHeadersWriter->ServerHttpHeadersWriter 

Issue gh-4615
This commit is contained in:
Rob Winch 2017-10-10 14:50:57 -05:00
parent 2982b82b2d
commit a5af2a07d7
21 changed files with 133 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
View File

@ -48,14 +48,14 @@ import org.springframework.security.web.server.context.SecurityContextServerRepo
import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextServerRepository;
import org.springframework.security.web.server.context.WebSessionSecurityContextServerRepository;
import org.springframework.security.web.server.header.CacheControlHttpHeadersWriter;
import org.springframework.security.web.server.header.CompositeHttpHeadersWriter;
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
import org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter;
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
import org.springframework.security.web.server.header.HttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
@ -449,17 +449,17 @@ public class HttpSecurity {
* @since 5.0
*/
public class HeaderBuilder {
private final List<HttpHeadersWriter> writers;
private final List<ServerHttpHeadersWriter> writers;
private CacheControlHttpHeadersWriter cacheControl = new CacheControlHttpHeadersWriter();
private CacheControlServerHttpHeadersWriter cacheControl = new CacheControlServerHttpHeadersWriter();
private ContentTypeOptionsHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsHttpHeadersWriter();
private ContentTypeOptionsServerHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsServerHttpHeadersWriter();
private StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
private StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
private XFrameOptionsHttpHeadersWriter frameOptions = new XFrameOptionsHttpHeadersWriter();
private XFrameOptionsServerHttpHeadersWriter frameOptions = new XFrameOptionsServerHttpHeadersWriter();
private XXssProtectionHttpHeadersWriter xss = new XXssProtectionHttpHeadersWriter();
private XXssProtectionServerHttpHeadersWriter xss = new XXssProtectionServerHttpHeadersWriter();
public HttpSecurity and() {
return HttpSecurity.this;
@ -482,7 +482,7 @@ public class HttpSecurity {
}
protected void configure(HttpSecurity http) {
HttpHeadersWriter writer = new CompositeHttpHeadersWriter(this.writers);
ServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(this.writers);
HttpHeaderWriterWebFilter result = new HttpHeaderWriterWebFilter(writer);
http.addFilterAt(result, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
}
@ -508,7 +508,7 @@ public class HttpSecurity {
}
public class FrameOptionsSpec {
public void mode(XFrameOptionsHttpHeadersWriter.Mode mode) {
public void mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
HeaderBuilder.this.frameOptions.setMode(mode);
}
public void disable() {

32
config/src/test/java/org/springframework/security/config/web/server/HeaderBuilderTests.java
View File

@ -20,10 +20,10 @@ import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
@ -49,15 +49,15 @@ public class HeaderBuilderTests {
@Before
public void setup() {
this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
this.expectedHeaders.add(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
this.expectedHeaders.add(HttpHeaders.PRAGMA, "no-cache");
this.expectedHeaders.add(HttpHeaders.EXPIRES, "0");
this.expectedHeaders
.add(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
this.expectedHeaders.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
this.expectedHeaders.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
this.expectedHeaders
.add(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
}
@Test
@ -77,7 +77,7 @@ public class HeaderBuilderTests {
@Test
public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
this.expectedHeaders.remove(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS);
this.expectedHeaders.remove(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
this.headers.contentTypeOptions().disable();
assertHeaders();
@ -85,7 +85,7 @@ public class HeaderBuilderTests {
@Test
public void headersWhenHstsDisableThenHstsNotWritten() {
this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
this.headers.hsts().disable();
assertHeaders();
@ -93,8 +93,8 @@ public class HeaderBuilderTests {
@Test
public void headersWhenHstsCustomThenCustomHstsWritten() {
this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
this.headers.hsts().maxAge(Duration.ofSeconds(60));
this.headers.hsts().includeSubdomains(false);
@ -103,7 +103,7 @@ public class HeaderBuilderTests {
@Test
public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
this.headers.frameOptions().disable();
assertHeaders();
@ -111,10 +111,10 @@ public class HeaderBuilderTests {
@Test
public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
this.expectedHeaders
.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
this.headers.frameOptions().mode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
assertHeaders();
}

4
samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java
View File

@ -19,15 +19,11 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.reactive.server.ExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import java.nio.charset.Charset;
import java.time.Duration;

11
webflux/src/main/java/org/springframework/security/web/server/header/CacheControlHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java
View File

@ -25,7 +25,7 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWriter {
/**
* The value for expires value
@ -45,10 +45,11 @@ public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
/**
* The delegate to write all the cache control related headers
*/
private static final HttpHeadersWriter CACHE_HEADERS = StaticHttpHeadersWriter.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter
.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
.build();
@Override

8
webflux/src/main/java/org/springframework/security/web/server/header/CompositeHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java
View File

@ -29,14 +29,14 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class CompositeHttpHeadersWriter implements HttpHeadersWriter {
private final List<HttpHeadersWriter> writers;
public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter {
private final List<ServerHttpHeadersWriter> writers;
public CompositeHttpHeadersWriter(HttpHeadersWriter... writers) {
public CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter... writers) {
this(Arrays.asList(writers));
}
public CompositeHttpHeadersWriter(List<HttpHeadersWriter> writers) {
public CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter> writers) {
this.writers = writers;
}

6
webflux/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java
View File

@ -24,7 +24,8 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
public class ContentTypeOptionsServerHttpHeadersWriter
implements ServerHttpHeadersWriter {
public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
@ -34,7 +35,8 @@ public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
/**
* The delegate to write all the cache control related headers
*/
private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
.builder()
.header(X_CONTENT_OPTIONS, NOSNIFF)
.build();

6
webflux/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java
View File

@ -23,16 +23,16 @@ import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
/**
* Invokes a {@link HttpHeadersWriter} on
* Invokes a {@link ServerHttpHeadersWriter} on
* {@link ServerHttpResponse#beforeCommit(java.util.function.Supplier)}.
*
* @author Rob Winch
* @since 5.0
*/
public class HttpHeaderWriterWebFilter implements WebFilter {
private final HttpHeadersWriter writer;
private final ServerHttpHeadersWriter writer;
public HttpHeaderWriterWebFilter(HttpHeadersWriter writer) {
public HttpHeaderWriterWebFilter(ServerHttpHeadersWriter writer) {
super();
this.writer = writer;
}

2
webflux/src/main/java/org/springframework/security/web/server/header/HttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java
View File

@ -28,7 +28,7 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public interface HttpHeadersWriter {
public interface ServerHttpHeadersWriter {
/**
* Write the headers to the response.

8
webflux/src/main/java/org/springframework/security/web/server/header/StaticHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java
View File

@ -27,10 +27,10 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class StaticHttpHeadersWriter implements HttpHeadersWriter {
public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
private final HttpHeaders headersToAdd;
public StaticHttpHeadersWriter(HttpHeaders headersToAdd) {
public StaticServerHttpHeadersWriter(HttpHeaders headersToAdd) {
this.headersToAdd = headersToAdd;
}
@ -61,8 +61,8 @@ public class StaticHttpHeadersWriter implements HttpHeadersWriter {
return this;
}
public StaticHttpHeadersWriter build() {
return new StaticHttpHeadersWriter(headers);
public StaticServerHttpHeadersWriter build() {
return new StaticServerHttpHeadersWriter(headers);
}
}
}

9
webflux/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java
View File

@ -25,19 +25,20 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeadersWriter {
public final class StrictTransportSecurityServerHttpHeadersWriter
implements ServerHttpHeadersWriter {
public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
private String maxAge;
private String subdomain;
private HttpHeadersWriter delegate;
private ServerHttpHeadersWriter delegate;
/**
*
*/
public StrictTransportSecurityHttpHeadersWriter() {
public StrictTransportSecurityServerHttpHeadersWriter() {
setIncludeSubDomains(true);
setMaxAge(Duration.ofDays(365L));
updateDelegate();
@ -62,7 +63,7 @@ public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeade
}
private void updateDelegate() {
delegate = StaticHttpHeadersWriter.builder()
delegate = StaticServerHttpHeadersWriter.builder()
.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain)
.build();
}

6
webflux/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java
View File

@ -25,7 +25,8 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
public class XContentTypeOptionsServerHttpHeadersWriter
implements ServerHttpHeadersWriter {
public static final String X_CONTENT_OPTIONS = "X-Content-Options";
@ -35,7 +36,8 @@ public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
/**
* The delegate to write all the cache control related headers
*/
private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
.builder()
.header(X_CONTENT_OPTIONS, NOSNIFF)
.build();

8
webflux/src/main/java/org/springframework/security/web/server/header/XFrameOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java
View File

@ -23,10 +23,10 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
public static final String X_FRAME_OPTIONS = "X-Frame-Options";
private HttpHeadersWriter delegate = createDelegate(Mode.DENY);
private ServerHttpHeadersWriter delegate = createDelegate(Mode.DENY);
/*
* (non-Javadoc)
@ -82,9 +82,9 @@ public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
SAMEORIGIN;
}
private static HttpHeadersWriter createDelegate(Mode mode) {
private static ServerHttpHeadersWriter createDelegate(Mode mode) {
// @formatter:off
return StaticHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
return StaticServerHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
// @formatter:on
}

8
webflux/src/main/java/org/springframework/security/web/server/header/XXssProtectionHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java
View File

@ -23,19 +23,19 @@ import reactor.core.publisher.Mono;
* @author Rob Winch
* @since 5.0
*/
public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersWriter {
public static final String X_XSS_PROTECTION = "X-XSS-Protection";
private boolean enabled;
private boolean block;
private HttpHeadersWriter delegate;
private ServerHttpHeadersWriter delegate;
/**
*
*/
public XXssProtectionHttpHeadersWriter() {
public XXssProtectionServerHttpHeadersWriter() {
this.enabled = true;
this.block = true;
updateDelegate();
@ -97,7 +97,7 @@ public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
private void updateDelegate() {
this.delegate = StaticHttpHeadersWriter.builder()
this.delegate = StaticServerHttpHeadersWriter.builder()
.header(X_XSS_PROTECTION, createHeaderValue())
.build();
}

13
webflux/src/test/java/org/springframework/security/web/server/header/CacheControlHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java
View File

@ -28,8 +28,8 @@ import org.springframework.web.server.ServerWebExchange;
* @since 5.0
*
*/
public class CacheControlHttpHeadersWriterTests {
CacheControlHttpHeadersWriter writer = new CacheControlHttpHeadersWriter();
public class CacheControlServerHttpHeadersWriterTests {
CacheControlServerHttpHeadersWriter writer = new CacheControlServerHttpHeadersWriter();
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
@ -40,9 +40,12 @@ public class CacheControlHttpHeadersWriterTests {
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(3);
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
}
@Test

12
webflux/src/test/java/org/springframework/security/web/server/header/CompositeHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java
View File

@ -37,20 +37,18 @@ import reactor.test.StepVerifier;
* @since 5.0
*/
@RunWith(MockitoJUnitRunner.class)
public class CompositeHttpHeadersWriterTests {
@Mock
HttpHeadersWriter writer1;
public class CompositeServerHttpHeadersWriterTests {
@Mock ServerHttpHeadersWriter writer1;
@Mock
HttpHeadersWriter writer2;
@Mock ServerHttpHeadersWriter writer2;
CompositeHttpHeadersWriter writer;
CompositeServerHttpHeadersWriter writer;
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
@Before
public void setup() {
writer = new CompositeHttpHeadersWriter(Arrays.asList(writer1, writer2));
writer = new CompositeServerHttpHeadersWriter(Arrays.asList(writer1, writer2));
}
@Test

3
webflux/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java
View File

@ -40,8 +40,7 @@ import reactor.core.publisher.Mono;
*/
@RunWith(MockitoJUnitRunner.class)
public class HttpHeaderWriterWebFilterTests {
@Mock
HttpHeadersWriter writer;
@Mock ServerHttpHeadersWriter writer;
HttpHeaderWriterWebFilter filter;

38
webflux/src/test/java/org/springframework/security/web/server/header/StaticHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java
View File

@ -26,10 +26,10 @@ import org.springframework.web.server.ServerWebExchange;
* @author Rob Winch
* @since 5.0
*/
public class StaticHttpHeadersWriterTests {
public class StaticServerHttpHeadersWriterTests {
StaticHttpHeadersWriter writer = StaticHttpHeadersWriter.builder()
.header(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsHttpHeadersWriter.NOSNIFF)
StaticServerHttpHeadersWriter writer = StaticServerHttpHeadersWriter.builder()
.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
.build();
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
@ -40,32 +40,36 @@ public class StaticHttpHeadersWriterTests {
public void writeHeadersWhenSingleHeaderThenWritesHeader() {
writer.writeHttpHeaders(exchange);
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
}
@Test
public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
String headerValue = "other";
headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
writer.writeHttpHeaders(exchange);
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
}
@Test
public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
writer = StaticHttpHeadersWriter.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
writer = StaticServerHttpHeadersWriter.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
.build();
writer.writeHttpHeaders(exchange);
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
}
@Test
@ -73,10 +77,10 @@ public class StaticHttpHeadersWriterTests {
String headerValue = "other";
headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
writer = StaticHttpHeadersWriter.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlHttpHeadersWriter.EXPIRES_VALUE)
writer = StaticServerHttpHeadersWriter.builder()
.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
.header(HttpHeaders.PRAGMA, CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
.header(HttpHeaders.EXPIRES, CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
.build();
writer.writeHttpHeaders(exchange);

10
webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java
View File

@ -29,8 +29,8 @@ import org.springframework.web.server.ServerWebExchange;
* @author Rob Winch
* @since 5.0
*/
public class StrictTransportSecurityHttpHeadersWriterTests {
StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
public class StrictTransportSecurityServerHttpHeadersWriterTests {
StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
ServerWebExchange exchange;
@ -42,7 +42,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
Arrays.asList("max-age=31536000 ; includeSubDomains"));
}
@ -56,7 +56,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
}
@ -69,7 +69,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
Arrays.asList("max-age=31536000"));
}

11
webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java
View File

@ -26,9 +26,9 @@ import org.springframework.web.server.ServerWebExchange;
* @author Rob Winch
* @since 5.0
*/
public class XContentTypeOptionsHttpHeadersWriterTests {
public class XContentTypeOptionsServerHttpHeadersWriterTests {
ContentTypeOptionsHttpHeadersWriter writer = new ContentTypeOptionsHttpHeadersWriter();
ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
@ -39,17 +39,18 @@ public class XContentTypeOptionsHttpHeadersWriterTests {
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
}
@Test
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
String headerValue = "value";
headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
}
}

20
webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java
View File

@ -27,15 +27,15 @@ import org.springframework.web.server.ServerWebExchange;
* @author Rob Winch
* @since 5.0
*/
public class XFrameOptionsHttpHeadersWriterTests {
public class XFrameOptionsServerHttpHeadersWriterTests {
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
XFrameOptionsHttpHeadersWriter writer;
XFrameOptionsServerHttpHeadersWriter writer;
@Before
public void setup() {
writer = new XFrameOptionsHttpHeadersWriter();
writer = new XFrameOptionsServerHttpHeadersWriter();
}
@Test
@ -44,41 +44,41 @@ public class XFrameOptionsHttpHeadersWriterTests {
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
}
@Test
public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.DENY);
writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
writer.writeHttpHeaders(exchange);
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
}
@Test
public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
writer.writeHttpHeaders(exchange);
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
}
@Test
public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
String headerValue = "other";
exchange.getResponse().getHeaders().set(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
writer.writeHttpHeaders(exchange);
HttpHeaders headers = exchange.getResponse().getHeaders();
assertThat(headers).hasSize(1);
assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
}
}

14
webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java
View File

@ -26,19 +26,19 @@ import org.springframework.web.server.ServerWebExchange;
* @author Rob Winch
* @since 5.0
*/
public class XXssProtectionHttpHeadersWriterTests {
public class XXssProtectionServerHttpHeadersWriterTests {
ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
HttpHeaders headers = exchange.getResponse().getHeaders();
XXssProtectionHttpHeadersWriter writer = new XXssProtectionHttpHeadersWriter();
XXssProtectionServerHttpHeadersWriter writer = new XXssProtectionServerHttpHeadersWriter();
@Test
public void writeHeadersWhenNoHeadersThenWriteHeaders() {
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
}
@Test
@ -48,7 +48,7 @@ public class XXssProtectionHttpHeadersWriterTests {
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
}
@Test
@ -58,18 +58,18 @@ public class XXssProtectionHttpHeadersWriterTests {
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
}
@Test
public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
String headerValue = "value";
headers.set(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
writer.writeHttpHeaders(exchange);
assertThat(headers).hasSize(1);
assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
}
}