Fix build failure
This commit is contained in:
Stephane Nicoll
parent
87af1a60df
commit
84735f58f3
|
|
@ -16,7 +16,8 @@
|
||||||
|
|
||||||
package org.springframework.boot.actuate.autoconfigure.integrationtest;
|
package org.springframework.boot.actuate.autoconfigure.integrationtest;
|
||||||
|
|
||||||
import org.junit.Before;
|
import java.util.function.Consumer;
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import org.springframework.boot.actuate.autoconfigure.beans.BeansEndpointAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.beans.BeansEndpointAutoConfiguration;
|
||||||
|
|
@ -25,12 +26,14 @@ import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAu
|
||||||
import org.springframework.boot.actuate.autoconfigure.endpoint.web.reactive.WebFluxEndpointManagementContextConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.endpoint.web.reactive.WebFluxEndpointManagementContextConfiguration;
|
||||||
import org.springframework.boot.actuate.autoconfigure.web.reactive.ReactiveManagementContextAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.web.reactive.ReactiveManagementContextAutoConfiguration;
|
||||||
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementContextAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementContextAutoConfiguration;
|
||||||
|
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||||
import org.springframework.boot.autoconfigure.http.codec.CodecsAutoConfiguration;
|
import org.springframework.boot.autoconfigure.http.codec.CodecsAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration;
|
import org.springframework.boot.autoconfigure.web.reactive.HttpHandlerAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
|
import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
|
||||||
import org.springframework.boot.test.util.TestPropertyValues;
|
import org.springframework.boot.test.context.runner.ContextConsumer;
|
||||||
import org.springframework.boot.web.reactive.context.AnnotationConfigReactiveWebApplicationContext;
|
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||||
|
import org.springframework.boot.web.reactive.context.ReactiveWebApplicationContext;
|
||||||
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpHeaders;
|
||||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
|
|
||||||
|
|
@ -38,143 +41,142 @@ import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
* Integration tests for the WebFlux actuator endpoints' CORS support
|
* Integration tests for the WebFlux actuator endpoints' CORS support
|
||||||
*
|
*
|
||||||
* @author Brian Clozel
|
* @author Brian Clozel
|
||||||
|
* @author Stephane Nicoll
|
||||||
* @see WebFluxEndpointManagementContextConfiguration
|
* @see WebFluxEndpointManagementContextConfiguration
|
||||||
*/
|
*/
|
||||||
public class WebFluxEndpointCorsIntegrationTests {
|
public class WebFluxEndpointCorsIntegrationTests {
|
||||||
|
|
||||||
private AnnotationConfigReactiveWebApplicationContext context;
|
private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
|
||||||
|
.withConfiguration(AutoConfigurations.of(JacksonAutoConfiguration.class,
|
||||||
@Before
|
|
||||||
public void createContext() {
|
|
||||||
this.context = new AnnotationConfigReactiveWebApplicationContext();
|
|
||||||
this.context.register(JacksonAutoConfiguration.class,
|
|
||||||
CodecsAutoConfiguration.class, WebFluxAutoConfiguration.class,
|
CodecsAutoConfiguration.class, WebFluxAutoConfiguration.class,
|
||||||
HttpHandlerAutoConfiguration.class, EndpointAutoConfiguration.class,
|
HttpHandlerAutoConfiguration.class, EndpointAutoConfiguration.class,
|
||||||
WebEndpointAutoConfiguration.class,
|
WebEndpointAutoConfiguration.class,
|
||||||
ManagementContextAutoConfiguration.class,
|
ManagementContextAutoConfiguration.class,
|
||||||
ReactiveManagementContextAutoConfiguration.class,
|
ReactiveManagementContextAutoConfiguration.class,
|
||||||
BeansEndpointAutoConfiguration.class);
|
BeansEndpointAutoConfiguration.class))
|
||||||
TestPropertyValues.of("management.endpoints.web.exposure.include:*")
|
.withPropertyValues("management.endpoints.web.exposure.include:*");
|
||||||
.applyTo(this.context);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void corsIsDisabledByDefault() {
|
public void corsIsDisabledByDefault() {
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
this.contextRunner.run(withWebTestClient((webTestClient) -> webTestClient
|
||||||
.header("Origin", "spring.example.org")
|
.options().uri("/actuator/beans").header("Origin", "spring.example.org")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange()
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange()
|
||||||
.expectHeader().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN);
|
.expectHeader().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void settingAllowedOriginsEnablesCors() {
|
public void settingAllowedOriginsEnablesCors() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org")
|
"management.endpoints.web.cors.allowed-origins:spring.example.org")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient((webTestClient) -> {
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
webTestClient.options().uri("/actuator/beans")
|
||||||
.header("Origin", "test.example.org")
|
.header("Origin", "test.example.org")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange()
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
||||||
.expectStatus().isForbidden();
|
.exchange().expectStatus().isForbidden();
|
||||||
performAcceptedCorsRequest("/actuator/beans");
|
performAcceptedCorsRequest(webTestClient, "/actuator/beans");
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void maxAgeDefaultsTo30Minutes() {
|
public void maxAgeDefaultsTo30Minutes() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org")
|
"management.endpoints.web.cors.allowed-origins:spring.example.org")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient(
|
||||||
performAcceptedCorsRequest("/actuator/beans").expectHeader()
|
(webTestClient) -> performAcceptedCorsRequest(webTestClient,
|
||||||
.valueEquals(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800");
|
"/actuator/beans").expectHeader().valueEquals(
|
||||||
|
HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void maxAgeCanBeConfigured() {
|
public void maxAgeCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org",
|
"management.endpoints.web.cors.allowed-origins:spring.example.org",
|
||||||
"management.endpoints.web.cors.max-age: 2400")
|
"management.endpoints.web.cors.max-age: 2400")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient(
|
||||||
performAcceptedCorsRequest("/actuator/beans").expectHeader()
|
(webTestClient) -> performAcceptedCorsRequest(webTestClient,
|
||||||
.valueEquals(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "2400");
|
"/actuator/beans").expectHeader().valueEquals(
|
||||||
|
HttpHeaders.ACCESS_CONTROL_MAX_AGE, "2400")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void requestsWithDisallowedHeadersAreRejected() {
|
public void requestsWithDisallowedHeadersAreRejected() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org")
|
"management.endpoints.web.cors.allowed-origins:spring.example.org")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient((webTestClient) -> webTestClient.options()
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
.uri("/actuator/beans").header("Origin", "spring.example.org")
|
||||||
.header("Origin", "spring.example.org")
|
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha").exchange()
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha")
|
||||||
.expectStatus().isForbidden();
|
.exchange().expectStatus().isForbidden()));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void allowedHeadersCanBeConfigured() {
|
public void allowedHeadersCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org",
|
"management.endpoints.web.cors.allowed-origins:spring.example.org",
|
||||||
"management.endpoints.web.cors.allowed-headers:Alpha,Bravo")
|
"management.endpoints.web.cors.allowed-headers:Alpha,Bravo")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient((webTestClient) -> webTestClient.options()
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
.uri("/actuator/beans").header("Origin", "spring.example.org")
|
||||||
.header("Origin", "spring.example.org")
|
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha").exchange()
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha")
|
||||||
.expectStatus().isOk().expectHeader()
|
.exchange().expectStatus().isOk().expectHeader()
|
||||||
.valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Alpha");
|
.valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Alpha")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void requestsWithDisallowedMethodsAreRejected() {
|
public void requestsWithDisallowedMethodsAreRejected() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org")
|
"management.endpoints.web.cors.allowed-origins:spring.example.org")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient((webTestClient) -> webTestClient.options()
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
.uri("/actuator/beans").header("Origin", "spring.example.org")
|
||||||
.header("Origin", "spring.example.org")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH").exchange()
|
.exchange().expectStatus().isForbidden()));
|
||||||
.expectStatus().isForbidden();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void allowedMethodsCanBeConfigured() {
|
public void allowedMethodsCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org",
|
"management.endpoints.web.cors.allowed-origins:spring.example.org",
|
||||||
"management.endpoints.web.cors.allowed-methods:GET,HEAD")
|
"management.endpoints.web.cors.allowed-methods:GET,HEAD")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient((webTestClient) -> webTestClient.options()
|
||||||
createWebTestClient().options().uri("/actuator/beans")
|
.uri("/actuator/beans").header("Origin", "spring.example.org")
|
||||||
.header("Origin", "spring.example.org")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD").exchange()
|
.exchange().expectStatus().isOk().expectHeader().valueEquals(
|
||||||
.expectStatus().isOk().expectHeader()
|
HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD")));
|
||||||
.valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void credentialsCanBeAllowed() {
|
public void credentialsCanBeAllowed() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org",
|
"management.endpoints.web.cors.allowed-origins:spring.example.org",
|
||||||
"management.endpoints.web.cors.allow-credentials:true")
|
"management.endpoints.web.cors.allow-credentials:true")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient(
|
||||||
performAcceptedCorsRequest("/actuator/beans").expectHeader()
|
(webTestClient) -> performAcceptedCorsRequest(webTestClient,
|
||||||
.valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
|
"/actuator/beans").expectHeader().valueEquals(
|
||||||
|
HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
||||||
|
"true")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void credentialsCanBeDisabled() {
|
public void credentialsCanBeDisabled() {
|
||||||
TestPropertyValues
|
this.contextRunner.withPropertyValues(
|
||||||
.of("management.endpoints.web.cors.allowed-origins:spring.example.org",
|
"management.endpoints.web.cors.allowed-origins:spring.example.org",
|
||||||
"management.endpoints.web.cors.allow-credentials:false")
|
"management.endpoints.web.cors.allow-credentials:false")
|
||||||
.applyTo(this.context);
|
.run(withWebTestClient(
|
||||||
performAcceptedCorsRequest("/actuator/beans").expectHeader()
|
(webTestClient) -> performAcceptedCorsRequest(webTestClient,
|
||||||
.doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS);
|
"/actuator/beans").expectHeader().doesNotExist(
|
||||||
|
HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)));
|
||||||
}
|
}
|
||||||
|
|
||||||
private WebTestClient createWebTestClient() {
|
private ContextConsumer<ReactiveWebApplicationContext> withWebTestClient(
|
||||||
this.context.refresh();
|
Consumer<WebTestClient> webTestClient) {
|
||||||
return WebTestClient.bindToApplicationContext(this.context).configureClient()
|
return (context) -> webTestClient
|
||||||
.baseUrl("https://spring.example.org").build();
|
.accept(WebTestClient.bindToApplicationContext(context).configureClient()
|
||||||
|
.baseUrl("https://spring.example.org").build());
|
||||||
}
|
}
|
||||||
|
|
||||||
private WebTestClient.ResponseSpec performAcceptedCorsRequest(String url) {
|
private WebTestClient.ResponseSpec performAcceptedCorsRequest(
|
||||||
return createWebTestClient().options().uri(url)
|
WebTestClient webTestClient, String url) {
|
||||||
|
return webTestClient.options().uri(url)
|
||||||
.header(HttpHeaders.ORIGIN, "spring.example.org")
|
.header(HttpHeaders.ORIGIN, "spring.example.org")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange()
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange()
|
||||||
.expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN,
|
.expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN,
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@
|
||||||
|
|
||||||
package org.springframework.boot.actuate.autoconfigure.integrationtest;
|
package org.springframework.boot.actuate.autoconfigure.integrationtest;
|
||||||
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import org.springframework.boot.actuate.autoconfigure.beans.BeansEndpointAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.beans.BeansEndpointAutoConfiguration;
|
||||||
|
|
@ -25,17 +24,18 @@ import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAu
|
||||||
import org.springframework.boot.actuate.autoconfigure.endpoint.web.servlet.WebMvcEndpointManagementContextConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.endpoint.web.servlet.WebMvcEndpointManagementContextConfiguration;
|
||||||
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementContextAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.web.server.ManagementContextAutoConfiguration;
|
||||||
import org.springframework.boot.actuate.autoconfigure.web.servlet.ServletManagementContextAutoConfiguration;
|
import org.springframework.boot.actuate.autoconfigure.web.servlet.ServletManagementContextAutoConfiguration;
|
||||||
|
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
||||||
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
|
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
|
||||||
import org.springframework.boot.test.util.TestPropertyValues;
|
import org.springframework.boot.test.context.runner.ContextConsumer;
|
||||||
import org.springframework.boot.web.servlet.context.AnnotationConfigServletWebApplicationContext;
|
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
|
||||||
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpHeaders;
|
||||||
import org.springframework.mock.web.MockServletContext;
|
|
||||||
import org.springframework.test.web.servlet.MockMvc;
|
import org.springframework.test.web.servlet.MockMvc;
|
||||||
import org.springframework.test.web.servlet.ResultActions;
|
import org.springframework.test.web.servlet.ResultActions;
|
||||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||||
|
import org.springframework.web.context.WebApplicationContext;
|
||||||
|
|
||||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
|
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.options;
|
||||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
|
||||||
|
|
@ -45,150 +45,152 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||||
* Integration tests for the MVC actuator endpoints' CORS support
|
* Integration tests for the MVC actuator endpoints' CORS support
|
||||||
*
|
*
|
||||||
* @author Andy Wilkinson
|
* @author Andy Wilkinson
|
||||||
|
* @author Stephane Nicoll
|
||||||
* @see WebMvcEndpointManagementContextConfiguration
|
* @see WebMvcEndpointManagementContextConfiguration
|
||||||
*/
|
*/
|
||||||
public class WebMvcEndpointCorsIntegrationTests {
|
public class WebMvcEndpointCorsIntegrationTests {
|
||||||
|
|
||||||
private AnnotationConfigServletWebApplicationContext context;
|
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
|
||||||
|
.withConfiguration(AutoConfigurations.of(JacksonAutoConfiguration.class,
|
||||||
@Before
|
|
||||||
public void createContext() {
|
|
||||||
this.context = new AnnotationConfigServletWebApplicationContext();
|
|
||||||
this.context.setServletContext(new MockServletContext());
|
|
||||||
this.context.register(JacksonAutoConfiguration.class,
|
|
||||||
HttpMessageConvertersAutoConfiguration.class,
|
HttpMessageConvertersAutoConfiguration.class,
|
||||||
WebMvcAutoConfiguration.class, DispatcherServletAutoConfiguration.class,
|
WebMvcAutoConfiguration.class,
|
||||||
|
DispatcherServletAutoConfiguration.class,
|
||||||
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
||||||
ManagementContextAutoConfiguration.class,
|
ManagementContextAutoConfiguration.class,
|
||||||
ServletManagementContextAutoConfiguration.class,
|
ServletManagementContextAutoConfiguration.class,
|
||||||
BeansEndpointAutoConfiguration.class);
|
BeansEndpointAutoConfiguration.class))
|
||||||
TestPropertyValues.of("management.endpoints.web.exposure.include:*")
|
.withPropertyValues("management.endpoints.web.exposure.include:*");
|
||||||
.applyTo(this.context);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void corsIsDisabledByDefault() throws Exception {
|
public void corsIsDisabledByDefault() {
|
||||||
createMockMvc()
|
this.contextRunner.run(withMockMvc((mockMvc) -> mockMvc
|
||||||
.perform(options("/actuator/beans").header("Origin", "foo.example.com")
|
.perform(options("/actuator/beans").header("Origin", "foo.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
||||||
.andExpect(
|
.andExpect(
|
||||||
header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
|
header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void settingAllowedOriginsEnablesCors() throws Exception {
|
public void settingAllowedOriginsEnablesCors() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com")
|
.withPropertyValues(
|
||||||
.applyTo(this.context);
|
"management.endpoints.web.cors.allowed-origins:foo.example.com")
|
||||||
createMockMvc()
|
.run(withMockMvc((mockMvc) -> {
|
||||||
.perform(options("/actuator/beans").header("Origin", "bar.example.com")
|
mockMvc.perform(options("/actuator/beans")
|
||||||
|
.header("Origin", "bar.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
||||||
.andExpect(status().isForbidden());
|
.andExpect(status().isForbidden());
|
||||||
performAcceptedCorsRequest();
|
performAcceptedCorsRequest(mockMvc);
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void maxAgeDefaultsTo30Minutes() throws Exception {
|
public void maxAgeDefaultsTo30Minutes() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com")
|
.withPropertyValues(
|
||||||
.applyTo(this.context);
|
"management.endpoints.web.cors.allowed-origins:foo.example.com")
|
||||||
performAcceptedCorsRequest()
|
.run(withMockMvc((mockMvc) -> performAcceptedCorsRequest(mockMvc)
|
||||||
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800"));
|
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE,
|
||||||
|
"1800"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void maxAgeCanBeConfigured() throws Exception {
|
public void maxAgeCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com",
|
.withPropertyValues(
|
||||||
|
"management.endpoints.web.cors.allowed-origins:foo.example.com",
|
||||||
"management.endpoints.web.cors.max-age: 2400")
|
"management.endpoints.web.cors.max-age: 2400")
|
||||||
.applyTo(this.context);
|
.run(withMockMvc((mockMvc) -> performAcceptedCorsRequest(mockMvc)
|
||||||
performAcceptedCorsRequest()
|
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE,
|
||||||
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "2400"));
|
"2400"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void requestsWithDisallowedHeadersAreRejected() throws Exception {
|
public void requestsWithDisallowedHeadersAreRejected() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com")
|
.withPropertyValues(
|
||||||
.applyTo(this.context);
|
"management.endpoints.web.cors.allowed-origins:foo.example.com")
|
||||||
createMockMvc()
|
.run(withMockMvc((mockMvc) ->
|
||||||
.perform(options("/actuator/beans").header("Origin", "foo.example.com")
|
|
||||||
|
mockMvc.perform(options("/actuator/beans")
|
||||||
|
.header("Origin", "foo.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha"))
|
||||||
.andExpect(status().isForbidden());
|
.andExpect(status().isForbidden())));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void allowedHeadersCanBeConfigured() throws Exception {
|
public void allowedHeadersCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com",
|
.withPropertyValues(
|
||||||
|
"management.endpoints.web.cors.allowed-origins:foo.example.com",
|
||||||
"management.endpoints.web.cors.allowed-headers:Alpha,Bravo")
|
"management.endpoints.web.cors.allowed-headers:Alpha,Bravo")
|
||||||
.applyTo(this.context);
|
.run(withMockMvc((mockMvc) -> mockMvc.perform(options("/actuator/beans")
|
||||||
createMockMvc()
|
.header("Origin", "foo.example.com")
|
||||||
.perform(options("/actuator/beans").header("Origin", "foo.example.com")
|
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Alpha"))
|
||||||
.andExpect(status().isOk()).andExpect(header()
|
.andExpect(status().isOk()).andExpect(header().string(
|
||||||
.string(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Alpha"));
|
HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Alpha"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void requestsWithDisallowedMethodsAreRejected() throws Exception {
|
public void requestsWithDisallowedMethodsAreRejected() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com")
|
.withPropertyValues(
|
||||||
.applyTo(this.context);
|
"management.endpoints.web.cors.allowed-origins:foo.example.com")
|
||||||
createMockMvc()
|
.run(withMockMvc((mockMvc) -> mockMvc.perform(options("/actuator/beans")
|
||||||
.perform(options("/actuator/beans")
|
|
||||||
.header(HttpHeaders.ORIGIN, "foo.example.com")
|
.header(HttpHeaders.ORIGIN, "foo.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH"))
|
||||||
.andExpect(status().isForbidden());
|
.andExpect(status().isForbidden())));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void allowedMethodsCanBeConfigured() throws Exception {
|
public void allowedMethodsCanBeConfigured() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com",
|
.withPropertyValues(
|
||||||
|
"management.endpoints.web.cors.allowed-origins:foo.example.com",
|
||||||
"management.endpoints.web.cors.allowed-methods:GET,HEAD")
|
"management.endpoints.web.cors.allowed-methods:GET,HEAD")
|
||||||
.applyTo(this.context);
|
.run(withMockMvc((mockMvc) -> mockMvc.perform(options("/actuator/beans")
|
||||||
createMockMvc()
|
|
||||||
.perform(options("/actuator/beans")
|
|
||||||
.header(HttpHeaders.ORIGIN, "foo.example.com")
|
.header(HttpHeaders.ORIGIN, "foo.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD"))
|
||||||
.andExpect(status().isOk()).andExpect(header()
|
.andExpect(status().isOk()).andExpect(header().string(
|
||||||
.string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD"));
|
HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void credentialsCanBeAllowed() throws Exception {
|
public void credentialsCanBeAllowed() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com",
|
.withPropertyValues(
|
||||||
|
"management.endpoints.web.cors.allowed-origins:foo.example.com",
|
||||||
"management.endpoints.web.cors.allow-credentials:true")
|
"management.endpoints.web.cors.allow-credentials:true")
|
||||||
.applyTo(this.context);
|
.run(withMockMvc((mockMvc) -> performAcceptedCorsRequest(mockMvc)
|
||||||
performAcceptedCorsRequest().andExpect(
|
.andExpect(header().string(
|
||||||
header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"));
|
HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void credentialsCanBeDisabled() throws Exception {
|
public void credentialsCanBeDisabled() {
|
||||||
TestPropertyValues
|
this.contextRunner
|
||||||
.of("management.endpoints.web.cors.allowed-origins:foo.example.com",
|
.withPropertyValues(
|
||||||
|
"management.endpoints.web.cors.allowed-origins:foo.example.com",
|
||||||
"management.endpoints.web.cors.allow-credentials:false")
|
"management.endpoints.web.cors.allow-credentials:false")
|
||||||
.applyTo(this.context);
|
.run(withMockMvc((mockMvc) -> performAcceptedCorsRequest(mockMvc)
|
||||||
performAcceptedCorsRequest().andExpect(
|
.andExpect(header().doesNotExist(
|
||||||
header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS));
|
HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS))));
|
||||||
}
|
}
|
||||||
|
|
||||||
private MockMvc createMockMvc() {
|
private ContextConsumer<WebApplicationContext> withMockMvc(MockMvcConsumer mockMvc) {
|
||||||
this.context.refresh();
|
return (context) -> mockMvc
|
||||||
return MockMvcBuilders.webAppContextSetup(this.context).build();
|
.accept(MockMvcBuilders.webAppContextSetup(context).build());
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResultActions performAcceptedCorsRequest() throws Exception {
|
private ResultActions performAcceptedCorsRequest(MockMvc mockMvc) throws Exception {
|
||||||
return performAcceptedCorsRequest("/actuator/beans");
|
return performAcceptedCorsRequest(mockMvc, "/actuator/beans");
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResultActions performAcceptedCorsRequest(String url) throws Exception {
|
private ResultActions performAcceptedCorsRequest(MockMvc mockMvc, String url)
|
||||||
return createMockMvc()
|
throws Exception {
|
||||||
|
return mockMvc
|
||||||
.perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com")
|
.perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com")
|
||||||
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
.header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"))
|
||||||
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN,
|
.andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN,
|
||||||
|
|
@ -196,4 +198,11 @@ public class WebMvcEndpointCorsIntegrationTests {
|
||||||
.andExpect(status().isOk());
|
.andExpect(status().isOk());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@FunctionalInterface
|
||||||
|
private interface MockMvcConsumer {
|
||||||
|
|
||||||
|
void accept(MockMvc mockMvc) throws Exception;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue