From f9dc97d25e7888a03394cf2a5237eb8fb0a20318 Mon Sep 17 00:00:00 2001 From: Haroon Khan Date: Fri, 13 Aug 2021 18:39:14 +0100 Subject: [PATCH 1/8] [JAVA-6221] Fix TimeApi unit test --- .../java/com/baeldung/java9/time/TimeApi.java | 20 +++++++++++++------ .../baeldung/java9/time/TimeApiUnitTest.java | 14 ++++++------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/core-java-modules/core-java-date-operations-1/src/main/java/com/baeldung/java9/time/TimeApi.java b/core-java-modules/core-java-date-operations-1/src/main/java/com/baeldung/java9/time/TimeApi.java index ee4e35a77b..dee3135391 100644 --- a/core-java-modules/core-java-date-operations-1/src/main/java/com/baeldung/java9/time/TimeApi.java +++ b/core-java-modules/core-java-date-operations-1/src/main/java/com/baeldung/java9/time/TimeApi.java @@ -13,12 +13,9 @@ import java.util.stream.IntStream; public class TimeApi { public static List getDatesBetweenUsingJava7(Date startDate, Date endDate) { - List datesInRange = new ArrayList(); - Calendar calendar = new GregorianCalendar(); - calendar.setTime(startDate); - - Calendar endCalendar = new GregorianCalendar(); - endCalendar.setTime(endDate); + List datesInRange = new ArrayList<>(); + Calendar calendar = getCalendarWithoutTime(startDate); + Calendar endCalendar = getCalendarWithoutTime(endDate); while (calendar.before(endCalendar)) { Date result = calendar.getTime(); @@ -40,4 +37,15 @@ public class TimeApi { return startDate.datesUntil(endDate).collect(Collectors.toList()); } + private static Calendar getCalendarWithoutTime(Date date) { + Calendar calendar = new GregorianCalendar(); + calendar.setTime(date); + calendar.set(Calendar.HOUR, 0); + calendar.set(Calendar.HOUR_OF_DAY, 0); + calendar.set(Calendar.MINUTE, 0); + calendar.set(Calendar.SECOND, 0); + calendar.set(Calendar.MILLISECOND, 0); + return calendar; + } + } diff --git a/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java b/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java index 8813870c2b..c4e150c757 100644 --- a/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java +++ b/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java @@ -18,19 +18,19 @@ public class TimeApiUnitTest { Date endDate = endCalendar.getTime(); List dates = TimeApi.getDatesBetweenUsingJava7(startDate, endDate); - assertEquals(dates.size(), 2); + assertEquals(2, dates.size()); Calendar calendar = Calendar.getInstance(); Date date1 = calendar.getTime(); - assertEquals(dates.get(0).getDay(), date1.getDay()); - assertEquals(dates.get(0).getMonth(), date1.getMonth()); - assertEquals(dates.get(0).getYear(), date1.getYear()); + assertEquals(date1.getDay(), dates.get(0).getDay()); + assertEquals(date1.getMonth(), dates.get(0).getMonth()); + assertEquals(date1.getYear(), dates.get(0).getYear()); calendar.add(Calendar.DATE, 1); Date date2 = calendar.getTime(); - assertEquals(dates.get(1).getDay(), date2.getDay()); - assertEquals(dates.get(1).getMonth(), date2.getMonth()); - assertEquals(dates.get(1).getYear(), date2.getYear()); + assertEquals(date2.getDay(), dates.get(1).getDay()); + assertEquals(date2.getMonth(), dates.get(1).getMonth()); + assertEquals(date2.getYear(), dates.get(1).getYear()); } @Test From 6f11290160c6df54b83185432762324ad98da0ed Mon Sep 17 00:00:00 2001 From: Haroon Khan Date: Tue, 17 Aug 2021 12:12:55 +0100 Subject: [PATCH 2/8] [JAVA-6221] Test clean up --- .../baeldung/java9/time/TimeApiUnitTest.java | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java b/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java index c4e150c757..416a621286 100644 --- a/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java +++ b/core-java-modules/core-java-date-operations-1/src/test/java/com/baeldung/java9/time/TimeApiUnitTest.java @@ -1,12 +1,13 @@ package com.baeldung.java9.time; +import org.junit.Test; + import java.time.LocalDate; import java.util.Calendar; import java.util.Date; import java.util.List; -import static org.junit.Assert.assertEquals; -import org.junit.Test; +import static org.assertj.core.api.Assertions.assertThat; public class TimeApiUnitTest { @@ -18,19 +19,18 @@ public class TimeApiUnitTest { Date endDate = endCalendar.getTime(); List dates = TimeApi.getDatesBetweenUsingJava7(startDate, endDate); - assertEquals(2, dates.size()); + + assertThat(dates).hasSize(2); Calendar calendar = Calendar.getInstance(); - Date date1 = calendar.getTime(); - assertEquals(date1.getDay(), dates.get(0).getDay()); - assertEquals(date1.getMonth(), dates.get(0).getMonth()); - assertEquals(date1.getYear(), dates.get(0).getYear()); + Date expectedDate1 = calendar.getTime(); + assertThat(dates.get(0)).isInSameDayAs(expectedDate1); + assertThatTimeFieldsAreZero(dates.get(0)); calendar.add(Calendar.DATE, 1); - Date date2 = calendar.getTime(); - assertEquals(date2.getDay(), dates.get(1).getDay()); - assertEquals(date2.getMonth(), dates.get(1).getMonth()); - assertEquals(date2.getYear(), dates.get(1).getYear()); + Date expectedDate2 = calendar.getTime(); + assertThat(dates.get(1)).isInSameDayAs(expectedDate2); + assertThatTimeFieldsAreZero(dates.get(1)); } @Test @@ -39,9 +39,8 @@ public class TimeApiUnitTest { LocalDate endDate = LocalDate.now().plusDays(2); List dates = TimeApi.getDatesBetweenUsingJava8(startDate, endDate); - assertEquals(dates.size(), 2); - assertEquals(dates.get(0), LocalDate.now()); - assertEquals(dates.get(1), LocalDate.now().plusDays(1)); + + assertThat(dates).containsExactly(LocalDate.now(), LocalDate.now().plusDays(1)); } @Test @@ -50,9 +49,15 @@ public class TimeApiUnitTest { LocalDate endDate = LocalDate.now().plusDays(2); List dates = TimeApi.getDatesBetweenUsingJava9(startDate, endDate); - assertEquals(dates.size(), 2); - assertEquals(dates.get(0), LocalDate.now()); - assertEquals(dates.get(1), LocalDate.now().plusDays(1)); + + assertThat(dates).containsExactly(LocalDate.now(), LocalDate.now().plusDays(1)); + } + + private static void assertThatTimeFieldsAreZero(Date date) { + assertThat(date).hasHourOfDay(0); + assertThat(date).hasMinute(0); + assertThat(date).hasSecond(0); + assertThat(date).hasMillisecond(0); } } From b42f71b08d8d9dc1e562c242ede7211a8cbb709e Mon Sep 17 00:00:00 2001 From: Dhawal Kapil Date: Tue, 17 Aug 2021 23:35:33 +0530 Subject: [PATCH 3/8] JAVA-6216 Renamed spring-cloud-ribbon-retry to *ManualTest as they both (#11132) expected at live running server to connect to --- ...reIntegrationTest.java => RibbonRetryFailureManualTest.java} | 2 +- ...ssIntegrationTest.java => RibbonRetrySuccessManualTest.java} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/{RibbonRetryFailureIntegrationTest.java => RibbonRetryFailureManualTest.java} (97%) rename spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/{RibbonRetrySuccessIntegrationTest.java => RibbonRetrySuccessManualTest.java} (97%) diff --git a/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureIntegrationTest.java b/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureManualTest.java similarity index 97% rename from spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureIntegrationTest.java rename to spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureManualTest.java index decb77e7b9..984f6d797e 100644 --- a/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureIntegrationTest.java +++ b/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetryFailureManualTest.java @@ -14,7 +14,7 @@ import org.springframework.http.ResponseEntity; import static org.junit.jupiter.api.Assertions.assertTrue; @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = RibbonClientApp.class) -public class RibbonRetryFailureIntegrationTest { +public class RibbonRetryFailureManualTest { private static ConfigurableApplicationContext weatherServiceInstance1; private static ConfigurableApplicationContext weatherServiceInstance2; diff --git a/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessIntegrationTest.java b/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessManualTest.java similarity index 97% rename from spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessIntegrationTest.java rename to spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessManualTest.java index dc50fe76e6..2e2ea0b2c8 100644 --- a/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessIntegrationTest.java +++ b/spring-cloud/spring-cloud-ribbon-retry/ribbon-client-service/src/test/java/com/baeldung/spring/cloud/ribbon/retry/RibbonRetrySuccessManualTest.java @@ -15,7 +15,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = RibbonClientApp.class) -public class RibbonRetrySuccessIntegrationTest { +public class RibbonRetrySuccessManualTest { private static ConfigurableApplicationContext weatherServiceInstance1; private static ConfigurableApplicationContext weatherServiceInstance2; From f01a4b4d40807fb582eb00e15e14045be5048f75 Mon Sep 17 00:00:00 2001 From: johnA1331 <53036378+johnA1331@users.noreply.github.com> Date: Wed, 18 Aug 2021 13:10:05 +0800 Subject: [PATCH 4/8] Update README.md --- core-java-modules/core-java-lang-oop-constructors/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/core-java-modules/core-java-lang-oop-constructors/README.md b/core-java-modules/core-java-lang-oop-constructors/README.md index 4bec8db256..69ade3e25a 100644 --- a/core-java-modules/core-java-lang-oop-constructors/README.md +++ b/core-java-modules/core-java-lang-oop-constructors/README.md @@ -7,3 +7,4 @@ This module contains article about constructors in Java - [Java Copy Constructor](https://www.baeldung.com/java-copy-constructor) - [Cannot Reference “X” Before Supertype Constructor Has Been Called](https://www.baeldung.com/java-cannot-reference-x-before-supertype-constructor-error) - [Private Constructors in Java](https://www.baeldung.com/java-private-constructors) +- [Throwing Exceptions in Constructors](https://www.baeldung.com/java-constructors-exceptions) From e41935bb7c6efd7a6e1ebdb0dc8bd5f651ad4b05 Mon Sep 17 00:00:00 2001 From: johnA1331 <53036378+johnA1331@users.noreply.github.com> Date: Wed, 18 Aug 2021 13:11:58 +0800 Subject: [PATCH 5/8] Update README.md --- core-java-modules/core-java-string-operations-3/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/core-java-modules/core-java-string-operations-3/README.md b/core-java-modules/core-java-string-operations-3/README.md index ad4ada3a68..ff6ac51fab 100644 --- a/core-java-modules/core-java-string-operations-3/README.md +++ b/core-java-modules/core-java-string-operations-3/README.md @@ -4,3 +4,4 @@ - [Java (String) or .toString()?](https://www.baeldung.com/java-string-casting-vs-tostring) - [Split Java String by Newline](https://www.baeldung.com/java-string-split-by-newline) - [Split a String in Java and Keep the Delimiters](https://www.baeldung.com/java-split-string-keep-delimiters) +- [Validate String as Filename in Java](https://www.baeldung.com/java-validate-filename) From cb008c25d359067abe67b0648b6e014a581cb08a Mon Sep 17 00:00:00 2001 From: johnA1331 <53036378+johnA1331@users.noreply.github.com> Date: Wed, 18 Aug 2021 13:14:42 +0800 Subject: [PATCH 6/8] Update README.md --- spring-security-modules/spring-security-core/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/spring-security-modules/spring-security-core/README.md b/spring-security-modules/spring-security-core/README.md index 9f8e4dda53..f9c6d2e5fb 100644 --- a/spring-security-modules/spring-security-core/README.md +++ b/spring-security-modules/spring-security-core/README.md @@ -10,6 +10,7 @@ This module contains articles about core Spring Security - [Deny Access on Missing @PreAuthorize to Spring Controller Methods](https://www.baeldung.com/spring-deny-access) - [Spring Security: Check If a User Has a Role in Java](https://www.baeldung.com/spring-security-check-user-role) - [Filtering Jackson JSON Output Based on Spring Security Role](https://www.baeldung.com/spring-security-role-filter-json) +- [Spring @EnableWebSecurity vs. @EnableGlobalMethodSecurity](https://www.baeldung.com/spring-enablewebsecurity-vs-enableglobalmethodsecurity) ### Build the Project From 117cb39cc2765f6342348122cae339b4ef9d034a Mon Sep 17 00:00:00 2001 From: johnA1331 <53036378+johnA1331@users.noreply.github.com> Date: Wed, 18 Aug 2021 13:16:15 +0800 Subject: [PATCH 7/8] Update README.md --- persistence-modules/spring-data-arangodb/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/persistence-modules/spring-data-arangodb/README.md b/persistence-modules/spring-data-arangodb/README.md index 632d9a256e..29057ece04 100644 --- a/persistence-modules/spring-data-arangodb/README.md +++ b/persistence-modules/spring-data-arangodb/README.md @@ -4,3 +4,5 @@ ### Relevant Articles: + +- [Spring Data with ArangoDB](https://www.baeldung.com/spring-data-arangodb) From 6a042440d6ce4b9124644d574d165bba24b010c3 Mon Sep 17 00:00:00 2001 From: Hamid Reza Sharifi Date: Wed, 18 Aug 2021 12:00:40 +0430 Subject: [PATCH 8/8] Bael 5067: Update "Prevent Cross-Site Scripting (XSS) in a Spring application" article (#11127) * bael-5067: remove test case * bael-5067: remove REST api * bael-5067: remove XSS filter Co-authored-by: sharifi --- .../main/java/com/baeldung/xss/Person.java | 36 ----- .../com/baeldung/xss/PersonController.java | 31 ----- .../main/java/com/baeldung/xss/XSSFilter.java | 44 ------- .../com/baeldung/xss/XSSRequestWrapper.java | 123 ------------------ .../main/java/com/baeldung/xss/XSSUtils.java | 19 --- .../xss/PersonControllerIntegrationTest.java | 64 --------- 6 files changed, 317 deletions(-) delete mode 100644 spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Person.java delete mode 100644 spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/PersonController.java delete mode 100644 spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSFilter.java delete mode 100644 spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSRequestWrapper.java delete mode 100644 spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSUtils.java delete mode 100644 spring-security-modules/spring-5-security/src/test/java/com/baeldung/xss/PersonControllerIntegrationTest.java diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Person.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Person.java deleted file mode 100644 index 1e7c02bae8..0000000000 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/Person.java +++ /dev/null @@ -1,36 +0,0 @@ -package com.baeldung.xss; - -public class Person { - private String firstName; - private String lastName; - private int age; - - public String getFirstName() { - return firstName; - } - - public void setFirstName(String firstName) { - this.firstName = firstName; - } - - public String getLastName() { - return lastName; - } - - public void setLastName(String lastName) { - this.lastName = lastName; - } - - public int getAge() { - return age; - } - - public void setAge(int age) { - this.age = age; - } - - @Override - public String toString() { - return "Person {" + "firstName='" + firstName + '\'' + ", lastName='" + lastName + '\'' + ", age=" + age + '}'; - } -} diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/PersonController.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/PersonController.java deleted file mode 100644 index 8486e04e48..0000000000 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/PersonController.java +++ /dev/null @@ -1,31 +0,0 @@ -package com.baeldung.xss; - -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import com.fasterxml.jackson.databind.node.ObjectNode; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestHeader; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RequestBody; - -import java.util.Map; - -@RestController -@RequestMapping("/personService") -public class PersonController { - - @PostMapping(value = "/person") - private ResponseEntity savePerson(@RequestHeader Map headers, - @RequestParam String param, @RequestBody Person body) { - ObjectNode response = JsonNodeFactory.instance.objectNode(); - headers.forEach((key, value) -> response.put(key, value)); - response.put("firstName", body.getFirstName()); - response.put("lastName", body.getLastName()); - response.put("age", body.getAge()); - response.put("param", param); - return new ResponseEntity(response.toString(), HttpStatus.OK); - } -} \ No newline at end of file diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSFilter.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSFilter.java deleted file mode 100644 index 431ed4d120..0000000000 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSFilter.java +++ /dev/null @@ -1,44 +0,0 @@ -package com.baeldung.xss; - -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringUtils; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; -import javax.servlet.Filter; -import javax.servlet.FilterConfig; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.ServletException; -import javax.servlet.FilterChain; -import javax.servlet.http.HttpServletRequest; -import java.io.IOException; - -@Component -@Order(Ordered.HIGHEST_PRECEDENCE) -public class XSSFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) { - } - - @Override - public void destroy() { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - - XSSRequestWrapper wrappedRequest = new XSSRequestWrapper((HttpServletRequest) request); - - String body = IOUtils.toString(wrappedRequest.getReader()); - if (!StringUtils.isBlank(body)) { - body = XSSUtils.stripXSS(body); - wrappedRequest.resetInputStream(body.getBytes()); - } - - chain.doFilter(wrappedRequest, response); - } - -} \ No newline at end of file diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSRequestWrapper.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSRequestWrapper.java deleted file mode 100644 index 8fe4e20b5c..0000000000 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSRequestWrapper.java +++ /dev/null @@ -1,123 +0,0 @@ -package com.baeldung.xss; - -import org.apache.commons.codec.Charsets; -import org.apache.commons.io.IOUtils; -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.BufferedReader; -import java.io.InputStreamReader; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Enumeration; -import java.util.List; - -import static com.baeldung.xss.XSSUtils.stripXSS; - - -public class XSSRequestWrapper extends HttpServletRequestWrapper { - - private byte[] rawData; - private HttpServletRequest request; - private ResettableServletInputStream servletStream; - - public XSSRequestWrapper(HttpServletRequest request) { - super(request); - this.request = request; - this.servletStream = new ResettableServletInputStream(); - } - - public void resetInputStream(byte[] newRawData) { - rawData = newRawData; - servletStream.stream = new ByteArrayInputStream(newRawData); - } - - @Override - public ServletInputStream getInputStream() throws IOException { - if (rawData == null) { - rawData = IOUtils.toByteArray(this.request.getReader(), Charsets.UTF_8); - servletStream.stream = new ByteArrayInputStream(rawData); - } - return servletStream; - } - - @Override - public BufferedReader getReader() throws IOException { - if (rawData == null) { - rawData = IOUtils.toByteArray(this.request.getReader(), Charsets.UTF_8); - servletStream.stream = new ByteArrayInputStream(rawData); - } - return new BufferedReader(new InputStreamReader(servletStream)); - } - - private class ResettableServletInputStream extends ServletInputStream { - - private InputStream stream; - - @Override - public int read() throws IOException { - return stream.read(); - } - - @Override - public boolean isFinished() { - return false; - } - - @Override - public boolean isReady() { - return false; - } - - @Override - public void setReadListener(ReadListener readListener) { - - } - } - - @Override - public String[] getParameterValues(String parameter) { - String[] values = super.getParameterValues(parameter); - if (values == null) { - return null; - } - int count = values.length; - String[] encodedValues = new String[count]; - for (int i = 0; i < count; i++) { - encodedValues[i] = stripXSS(values[i]); - } - return encodedValues; - } - - @Override - public String getParameter(String parameter) { - String value = super.getParameter(parameter); - return stripXSS(value); - } - - @Override - public String getHeader(String name) { - String value = super.getHeader(name); - return stripXSS(value); - } - - @Override - public Enumeration getHeaders(String name) { - List result = new ArrayList<>(); - Enumeration headers = super.getHeaders(name); - while (headers.hasMoreElements()) { - String header = headers.nextElement(); - String[] tokens = header.split(","); - for (String token : tokens) { - result.add(stripXSS(token)); - } - } - return Collections.enumeration(result); - } - -} diff --git a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSUtils.java b/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSUtils.java deleted file mode 100644 index 51bcba8115..0000000000 --- a/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/XSSUtils.java +++ /dev/null @@ -1,19 +0,0 @@ -package com.baeldung.xss; - -import org.jsoup.Jsoup; -import org.jsoup.safety.Whitelist; -import org.owasp.esapi.ESAPI; - -public class XSSUtils { - - public static String stripXSS(String value) { - if (value == null) { - return null; - } - value = ESAPI.encoder() - .canonicalize(value) - .replaceAll("\0", ""); - return Jsoup.clean(value, Whitelist.none()); - } - -} diff --git a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/xss/PersonControllerIntegrationTest.java b/spring-security-modules/spring-5-security/src/test/java/com/baeldung/xss/PersonControllerIntegrationTest.java deleted file mode 100644 index 5afa3bc1dd..0000000000 --- a/spring-security-modules/spring-5-security/src/test/java/com/baeldung/xss/PersonControllerIntegrationTest.java +++ /dev/null @@ -1,64 +0,0 @@ -package com.baeldung.xss; - -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.JsonNodeFactory; -import com.fasterxml.jackson.databind.node.ObjectNode; -import org.junit.jupiter.api.Test; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.web.server.LocalServerPort; -import org.springframework.http.*; -import org.springframework.web.client.RestTemplate; -import org.springframework.web.util.UriComponentsBuilder; -import java.io.IOException; -import static org.assertj.core.api.Assertions.assertThat; - -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) -class PersonControllerIntegrationTest { - - @LocalServerPort - int randomServerPort; - - @Test - public void givenRequestIsSuspicious_whenRequestIsPost_thenResponseIsClean() - throws IOException { - // given - String createPersonUrl; - RestTemplate restTemplate; - HttpHeaders headers; - UriComponentsBuilder builder; - ObjectMapper objectMapper = new ObjectMapper(); - ObjectNode personJsonObject = JsonNodeFactory.instance.objectNode(); - createPersonUrl = "http://localhost:" + randomServerPort + "/personService/person"; - restTemplate = new RestTemplate(); - headers = new HttpHeaders(); - - // when - personJsonObject.put("id", 1); - personJsonObject.put("firstName", "baeldung "); - personJsonObject.put("lastName", "baeldung click me!"); - - builder = UriComponentsBuilder.fromHttpUrl(createPersonUrl) - .queryParam("param", ""); - headers.add("header_4", "

Your search for 'flowers '"); - HttpEntity request = new HttpEntity<>(personJsonObject.toString(), headers); - - ResponseEntity personResultAsJsonStr = restTemplate.exchange(builder.toUriString(), - HttpMethod.POST, request, String.class); - JsonNode root = objectMapper.readTree(personResultAsJsonStr.getBody()); - - // then - assertThat(root.get("firstName").textValue()).isEqualTo("baeldung "); - assertThat(root.get("lastName").textValue()).isEqualTo("baeldung click me!"); - assertThat(root.get("param").textValue()).isEmpty(); - assertThat(root.get("header_1").textValue()).isEmpty(); - assertThat(root.get("header_2").textValue()).isEmpty(); - assertThat(root.get("header_3").textValue()).isEmpty(); - assertThat(root.get("header_4").textValue()).isEqualTo("Your search for 'flowers '"); - } -}