From 0e6f8df0a8ad0aed9046884cb06313ba7165feae Mon Sep 17 00:00:00 2001 From: Juergen Hoeller Date: Wed, 24 Jan 2018 22:13:40 +0100 Subject: [PATCH] ServletServerHttpRequest.getURI() ignores malformed query string The resolved URI instance is also being cached now. This should not make a difference in a real Servlet environment but does affect tests which assumed they could modify an HttpServletRequest path behind a pre-created ServletServerHttpRequest instance. Our WebSocket test base class has been revised accordingly, re-creating the ServletServerHttpRequest in such a case. Issue: SPR-16414 --- .../org/springframework/http/HttpRequest.java | 13 ++-- .../http/server/ServletServerHttpRequest.java | 47 +++++++++--- .../server/ServletServerHttpRequestTests.java | 51 ++++++++++--- .../web/socket/AbstractHttpRequestTests.java | 5 +- .../server/DefaultHandshakeHandlerTests.java | 48 ++++++------- .../HandshakeInterceptorChainTests.java | 4 +- .../sockjs/support/SockJsServiceTests.java | 71 +++++++++---------- .../handler/DefaultSockJsServiceTests.java | 5 +- .../HttpSendingTransportHandlerTests.java | 4 +- 9 files changed, 151 insertions(+), 97 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/HttpRequest.java b/spring-web/src/main/java/org/springframework/http/HttpRequest.java index 627982c4ed9..d5d288aa2ce 100644 --- a/spring-web/src/main/java/org/springframework/http/HttpRequest.java +++ b/spring-web/src/main/java/org/springframework/http/HttpRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,6 +33,8 @@ public interface HttpRequest extends HttpMessage { * Return the HTTP method of the request. * @return the HTTP method as an HttpMethod enum value, or {@code null} * if not resolvable (e.g. in case of a non-standard HTTP method) + * @see #getMethodValue() + * @see HttpMethod#resolve(String) */ @Nullable default HttpMethod getMethod() { @@ -40,13 +42,16 @@ public interface HttpRequest extends HttpMessage { } /** - * Return the HTTP method of the request as a String - * @return the HTTP method as a String + * Return the HTTP method of the request as a String value. + * @return the HTTP method as a plain String + * @since 5.0 + * @see #getMethod() */ String getMethodValue(); /** - * Return the URI of the request. + * Return the URI of the request (including a query string if any, + * but only if it is well-formed for a URI representation). * @return the URI of the request (never {@code null}) */ URI getURI(); diff --git a/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java b/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java index 63e61dca38f..c256641ad51 100644 --- a/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java +++ b/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,6 +50,7 @@ import org.springframework.util.StringUtils; * * @author Arjen Poutsma * @author Rossen Stoyanchev + * @author Juergen Hoeller * @since 3.0 */ public class ServletServerHttpRequest implements ServerHttpRequest { @@ -61,6 +62,9 @@ public class ServletServerHttpRequest implements ServerHttpRequest { private final HttpServletRequest servletRequest; + @Nullable + private URI uri; + @Nullable private HttpHeaders headers; @@ -85,6 +89,12 @@ public class ServletServerHttpRequest implements ServerHttpRequest { return this.servletRequest; } + @Override + @Nullable + public HttpMethod getMethod() { + return HttpMethod.resolve(this.servletRequest.getMethod()); + } + @Override public String getMethodValue() { return this.servletRequest.getMethod(); @@ -92,17 +102,34 @@ public class ServletServerHttpRequest implements ServerHttpRequest { @Override public URI getURI() { - try { - StringBuffer url = this.servletRequest.getRequestURL(); - String query = this.servletRequest.getQueryString(); - if (StringUtils.hasText(query)) { - url.append('?').append(query); + if (this.uri == null) { + String urlString = null; + boolean hasQuery = false; + try { + StringBuffer url = this.servletRequest.getRequestURL(); + String query = this.servletRequest.getQueryString(); + hasQuery = StringUtils.hasText(query); + if (hasQuery) { + url.append('?').append(query); + } + urlString = url.toString(); + this.uri = new URI(urlString); + } + catch (URISyntaxException ex) { + if (true || !hasQuery) { + throw new IllegalStateException("Could not resolve HttpServletRequest as URI: " + urlString, ex); + } + // Maybe a malformed query string... try plain request URL + try { + urlString = this.servletRequest.getRequestURL().toString(); + this.uri = new URI(urlString); + } + catch (URISyntaxException ex2) { + throw new IllegalStateException("Could not resolve HttpServletRequest as URI: " + urlString, ex2); + } } - return new URI(url.toString()); - } - catch (URISyntaxException ex) { - throw new IllegalStateException("Could not get HttpServletRequest URI: " + ex.getMessage(), ex); } + return this.uri; } @Override diff --git a/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java b/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java index 107594fd58f..83274aaab2d 100644 --- a/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java +++ b/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,9 @@ package org.springframework.http.server; +import java.io.IOException; import java.net.URI; +import java.net.URISyntaxException; import java.nio.charset.StandardCharsets; import java.util.List; @@ -33,6 +35,7 @@ import static org.junit.Assert.*; /** * @author Arjen Poutsma + * @author Juergen Hoeller */ public class ServletServerHttpRequestTests { @@ -42,30 +45,56 @@ public class ServletServerHttpRequestTests { @Before - public void create() throws Exception { + public void create() { mockRequest = new MockHttpServletRequest(); request = new ServletServerHttpRequest(mockRequest); } @Test - public void getMethod() throws Exception { + public void getMethod() { mockRequest.setMethod("POST"); assertEquals("Invalid method", HttpMethod.POST, request.getMethod()); } @Test - public void getURI() throws Exception { + public void getUriForSimplePath() throws URISyntaxException { + URI uri = new URI("http://example.com/path"); + mockRequest.setServerName(uri.getHost()); + mockRequest.setServerPort(uri.getPort()); + mockRequest.setRequestURI(uri.getPath()); + mockRequest.setQueryString(uri.getQuery()); + assertEquals(uri, request.getURI()); + } + + @Test + public void getUriWithQueryString() throws URISyntaxException { URI uri = new URI("http://example.com/path?query"); mockRequest.setServerName(uri.getHost()); mockRequest.setServerPort(uri.getPort()); mockRequest.setRequestURI(uri.getPath()); mockRequest.setQueryString(uri.getQuery()); - assertEquals("Invalid uri", uri, request.getURI()); + assertEquals(uri, request.getURI()); + } + + @Test // SPR-16414 + public void getUriWithQueryParam() throws URISyntaxException { + mockRequest.setServerName("example.com"); + mockRequest.setRequestURI("/path"); + mockRequest.setQueryString("query=foo"); + assertEquals(new URI("http://example.com/path?query=foo"), request.getURI()); + } + + @Test // SPR-16414 + public void getUriWithMalformedQueryParam() throws URISyntaxException { + mockRequest.setServerName("example.com"); + mockRequest.setRequestURI("/path"); + mockRequest.setQueryString("query=foo%%x"); + assertEquals(new URI("http://example.com/path"), request.getURI()); } @Test // SPR-13876 - public void getUriWithEncoding() throws Exception { + public void getUriWithEncoding() throws URISyntaxException { URI uri = new URI("https://example.com/%E4%B8%AD%E6%96%87" + "?redirect=https%3A%2F%2Fgithub.com%2Fspring-projects%2Fspring-framework"); mockRequest.setScheme(uri.getScheme()); @@ -73,11 +102,11 @@ public class ServletServerHttpRequestTests { mockRequest.setServerPort(uri.getPort()); mockRequest.setRequestURI(uri.getRawPath()); mockRequest.setQueryString(uri.getRawQuery()); - assertEquals("Invalid uri", uri, request.getURI()); + assertEquals(uri, request.getURI()); } @Test - public void getHeaders() throws Exception { + public void getHeaders() { String headerName = "MyHeader"; String headerValue1 = "value1"; String headerValue2 = "value2"; @@ -98,7 +127,7 @@ public class ServletServerHttpRequestTests { } @Test - public void getHeadersWithEmptyContentTypeAndEncoding() throws Exception { + public void getHeadersWithEmptyContentTypeAndEncoding() { String headerName = "MyHeader"; String headerValue1 = "value1"; String headerValue2 = "value2"; @@ -118,7 +147,7 @@ public class ServletServerHttpRequestTests { } @Test - public void getBody() throws Exception { + public void getBody() throws IOException { byte[] content = "Hello World".getBytes("UTF-8"); mockRequest.setContent(content); @@ -127,7 +156,7 @@ public class ServletServerHttpRequestTests { } @Test - public void getFormBody() throws Exception { + public void getFormBody() throws IOException { // Charset (SPR-8676) mockRequest.setContentType("application/x-www-form-urlencoded; charset=UTF-8"); mockRequest.setMethod("POST"); diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/AbstractHttpRequestTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/AbstractHttpRequestTests.java index 2580b109971..015accf1ecc 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/AbstractHttpRequestTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/AbstractHttpRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2015 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -45,13 +45,14 @@ public abstract class AbstractHttpRequestTests { @Before - public void setUp() { + public void setup() { resetRequestAndResponse(); } protected void setRequest(String method, String requestUri) { this.servletRequest.setMethod(method); this.servletRequest.setRequestURI(requestUri); + this.request = new ServletServerHttpRequest(this.servletRequest); } protected void resetRequestAndResponse() { diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/server/DefaultHandshakeHandlerTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/server/DefaultHandshakeHandlerTests.java index 254ff68061a..ea7565a9ba5 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/server/DefaultHandshakeHandlerTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/server/DefaultHandshakeHandlerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2014 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,19 +50,18 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { @Before - public void setup() throws Exception { + public void setup() { + super.setup(); + MockitoAnnotations.initMocks(this); this.handshakeHandler = new DefaultHandshakeHandler(this.upgradeStrategy); } @Test - public void supportedSubProtocols() throws Exception { - + public void supportedSubProtocols() { this.handshakeHandler.setSupportedProtocols("stomp", "mqtt"); - given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"}); - this.servletRequest.setMethod("GET"); WebSocketHttpHeaders headers = new WebSocketHttpHeaders(this.request.getHeaders()); @@ -73,22 +72,20 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { headers.setSecWebSocketProtocol("STOMP"); WebSocketHandler handler = new TextWebSocketHandler(); - Map attributes = Collections.emptyMap(); + Map attributes = Collections.emptyMap(); this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes); - verify(this.upgradeStrategy).upgrade(this.request, this.response, - "STOMP", Collections.emptyList(), null, handler, attributes); + verify(this.upgradeStrategy).upgrade(this.request, this.response, "STOMP", + Collections.emptyList(), null, handler, attributes); } - @Test - public void supportedExtensions() throws Exception { - + public void supportedExtensions() { WebSocketExtension extension1 = new WebSocketExtension("ext1"); WebSocketExtension extension2 = new WebSocketExtension("ext2"); given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"}); - given(this.upgradeStrategy.getSupportedExtensions(this.request)).willReturn(Arrays.asList(extension1)); + given(this.upgradeStrategy.getSupportedExtensions(this.request)).willReturn(Collections.singletonList(extension1)); this.servletRequest.setMethod("GET"); @@ -103,14 +100,13 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { Map attributes = Collections.emptyMap(); this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes); - verify(this.upgradeStrategy).upgrade(this.request, this.response, null, Arrays.asList(extension1), - null, handler, attributes); + verify(this.upgradeStrategy).upgrade(this.request, this.response, null, + Collections.singletonList(extension1), null, handler, attributes); } @Test - public void subProtocolCapableHandler() throws Exception { - - given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[]{"13"}); + public void subProtocolCapableHandler() { + given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"}); this.servletRequest.setMethod("GET"); @@ -125,14 +121,13 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { Map attributes = Collections.emptyMap(); this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes); - verify(this.upgradeStrategy).upgrade(this.request, this.response, - "v11.stomp", Collections.emptyList(), null, handler, attributes); + verify(this.upgradeStrategy).upgrade(this.request, this.response, "v11.stomp", + Collections.emptyList(), null, handler, attributes); } @Test - public void subProtocolCapableHandlerNoMatch() throws Exception { - - given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[]{"13"}); + public void subProtocolCapableHandlerNoMatch() { + given(this.upgradeStrategy.getSupportedVersions()).willReturn(new String[] {"13"}); this.servletRequest.setMethod("GET"); @@ -147,8 +142,8 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { Map attributes = Collections.emptyMap(); this.handshakeHandler.doHandshake(this.request, this.response, handler, attributes); - verify(this.upgradeStrategy).upgrade(this.request, this.response, - null, Collections.emptyList(), null, handler, attributes); + verify(this.upgradeStrategy).upgrade(this.request, this.response, null, + Collections.emptyList(), null, handler, attributes); } @@ -156,8 +151,7 @@ public class DefaultHandshakeHandlerTests extends AbstractHttpRequestTests { private final List subProtocols; - - private SubProtocolCapableHandler(String... subProtocols) { + public SubProtocolCapableHandler(String... subProtocols) { this.subProtocols = Arrays.asList(subProtocols); } diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/server/support/HandshakeInterceptorChainTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/server/support/HandshakeInterceptorChainTests.java index 21a0b87e43b..6c719feb468 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/server/support/HandshakeInterceptorChainTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/server/support/HandshakeInterceptorChainTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,6 +52,8 @@ public class HandshakeInterceptorChainTests extends AbstractHttpRequestTests { @Before public void setup() { + super.setup(); + i1 = mock(HandshakeInterceptor.class); i2 = mock(HandshakeInterceptor.class); i3 = mock(HandshakeInterceptor.class); diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/support/SockJsServiceTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/support/SockJsServiceTests.java index b9af506f2bf..2cb97ba1065 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/support/SockJsServiceTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/support/SockJsServiceTests.java @@ -18,13 +18,13 @@ package org.springframework.web.socket.sockjs.support; import java.io.IOException; import java.util.Arrays; -import java.util.List; - +import java.util.Collections; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletResponse; import org.junit.Before; import org.junit.Test; + import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.server.ServerHttpRequest; @@ -55,15 +55,14 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { @Override @Before - public void setUp() { - super.setUp(); + public void setup() { + super.setup(); this.service = new TestSockJsService(new ThreadPoolTaskScheduler()); } @Test - public void validateRequest() throws Exception { - + public void validateRequest() { this.service.setWebSocketEnabled(false); resetResponseAndHandleRequest("GET", "/echo/server/session/websocket", HttpStatus.NOT_FOUND); @@ -82,7 +81,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test - public void handleInfoGet() throws Exception { + public void handleInfoGet() throws IOException { resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); assertEquals("application/json;charset=UTF-8", this.servletResponse.getContentType()); @@ -105,7 +104,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { assertEquals(",\"origins\":[\"*:*\"],\"cookie_needed\":false,\"websocket\":false}", body.substring(body.indexOf(','))); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); @@ -113,7 +112,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test // SPR-12226 and SPR-12660 - public void handleInfoGetWithOrigin() throws Exception { + public void handleInfoGetWithOrigin() throws IOException { this.servletRequest.setServerName("mydomain2.com"); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); @@ -126,24 +125,22 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { assertEquals(",\"origins\":[\"*:*\"],\"cookie_needed\":true,\"websocket\":true}", body.substring(body.indexOf(','))); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); - List origins = Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"); - this.service.setAllowedOrigins(origins); + this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com")); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); - this.service.setAllowedOrigins(Arrays.asList("*")); + this.service.setAllowedOrigins(Collections.singletonList("*")); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); this.servletRequest.setServerName("mydomain3.com"); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.FORBIDDEN); } @Test // SPR-11443 - public void handleInfoGetCorsFilter() throws Exception { - + public void handleInfoGetCorsFilter() { // Simulate scenario where Filter would have already set CORS headers this.servletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foobar:123"); @@ -153,7 +150,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test // SPR-11919 - public void handleInfoGetWildflyNPE() throws Exception { + public void handleInfoGetWildflyNPE() throws IOException { HttpServletResponse mockResponse = mock(HttpServletResponse.class); ServletOutputStream ous = mock(ServletOutputStream.class); given(mockResponse.getHeaders(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)).willThrow(NullPointerException.class); @@ -166,18 +163,18 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test // SPR-12660 - public void handleInfoOptions() throws Exception { + public void handleInfoOptions() { this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified"); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNull(this.service.getCorsConfiguration(this.servletRequest)); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNull(this.service.getCorsConfiguration(this.servletRequest)); } @Test // SPR-12226 and SPR-12660 - public void handleInfoOptionsWithAllowedOrigin() throws Exception { + public void handleInfoOptionsWithAllowedOrigin() { this.servletRequest.setServerName("mydomain2.com"); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); @@ -185,22 +182,21 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNotNull(this.service.getCorsConfiguration(this.servletRequest)); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNotNull(this.service.getCorsConfiguration(this.servletRequest)); - List origins = Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"); - this.service.setAllowedOrigins(origins); + this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNotNull(this.service.getCorsConfiguration(this.servletRequest)); - this.service.setAllowedOrigins(Arrays.asList("*")); + this.service.setAllowedOrigins(Collections.singletonList("*")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNotNull(this.service.getCorsConfiguration(this.servletRequest)); } @Test // SPR-16304 - public void handleInfoOptionsWithForbiddenOrigin() throws Exception { + public void handleInfoOptionsWithForbiddenOrigin() { this.servletRequest.setServerName("mydomain3.com"); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); @@ -209,34 +205,33 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { CorsConfiguration corsConfiguration = this.service.getCorsConfiguration(this.servletRequest); assertTrue(corsConfiguration.getAllowedOrigins().isEmpty()); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN); corsConfiguration = this.service.getCorsConfiguration(this.servletRequest); - assertEquals(Arrays.asList("http://mydomain1.com"), corsConfiguration.getAllowedOrigins()); + assertEquals(Collections.singletonList("http://mydomain1.com"), corsConfiguration.getAllowedOrigins()); } @Test // SPR-12283 - public void handleInfoOptionsWithOriginAndCorsHeadersDisabled() throws Exception { + public void handleInfoOptionsWithOriginAndCorsHeadersDisabled() { this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); - this.service.setAllowedOrigins(Arrays.asList("*")); + this.service.setAllowedOrigins(Collections.singletonList("*")); this.service.setSuppressCors(true); this.servletRequest.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Last-Modified"); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNull(this.service.getCorsConfiguration(this.servletRequest)); - this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); + this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.FORBIDDEN); assertNull(this.service.getCorsConfiguration(this.servletRequest)); - List origins = Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"); - this.service.setAllowedOrigins(origins); + this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com")); resetResponseAndHandleRequest("OPTIONS", "/echo/info", HttpStatus.NO_CONTENT); assertNull(this.service.getCorsConfiguration(this.servletRequest)); } @Test - public void handleIframeRequest() throws Exception { + public void handleIframeRequest() throws IOException { resetResponseAndHandleRequest("GET", "/echo/iframe.html", HttpStatus.OK); assertEquals("text/html;charset=UTF-8", this.servletResponse.getContentType()); @@ -247,13 +242,13 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test - public void handleIframeRequestNotModified() throws Exception { + public void handleIframeRequestNotModified() { this.servletRequest.addHeader("If-None-Match", "\"0096cbd37f2a5218c33bb0826a7c74cbf\""); resetResponseAndHandleRequest("GET", "/echo/iframe.html", HttpStatus.NOT_MODIFIED); } @Test - public void handleRawWebSocketRequest() throws Exception { + public void handleRawWebSocketRequest() throws IOException { resetResponseAndHandleRequest("GET", "/echo", HttpStatus.OK); assertEquals("Welcome to SockJS!\n", this.servletResponse.getContentAsString()); @@ -263,7 +258,7 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } @Test - public void handleEmptyContentType() throws Exception { + public void handleEmptyContentType() { this.servletRequest.setContentType(""); resetResponseAndHandleRequest("GET", "/echo/info", HttpStatus.OK); @@ -271,12 +266,12 @@ public class SockJsServiceTests extends AbstractHttpRequestTests { } - private void resetResponseAndHandleRequest(String httpMethod, String uri, HttpStatus httpStatus) throws IOException { + private void resetResponseAndHandleRequest(String httpMethod, String uri, HttpStatus httpStatus) { resetResponse(); handleRequest(httpMethod, uri, httpStatus); } - private void handleRequest(String httpMethod, String uri, HttpStatus httpStatus) throws IOException { + private void handleRequest(String httpMethod, String uri, HttpStatus httpStatus) { setRequest(httpMethod, uri); String sockJsPath = uri.substring("/echo".length()); this.service.handleRequest(this.request, this.response, sockJsPath, this.handler); diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/DefaultSockJsServiceTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/DefaultSockJsServiceTests.java index 02cf2a6ce17..0734cf27347 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/DefaultSockJsServiceTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/DefaultSockJsServiceTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -80,7 +80,7 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests { @Before public void setup() { - super.setUp(); + super.setup(); MockitoAnnotations.initMocks(this); Map attributes = Collections.emptyMap(); @@ -97,6 +97,7 @@ public class DefaultSockJsServiceTests extends AbstractHttpRequestTests { this.service = new TransportHandlingSockJsService(this.taskScheduler, this.xhrHandler, this.xhrSendHandler); } + @Test public void defaultTransportHandlers() { DefaultSockJsService service = new DefaultSockJsService(mock(TaskScheduler.class)); diff --git a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/HttpSendingTransportHandlerTests.java b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/HttpSendingTransportHandlerTests.java index 3b2501001e0..2b07da5fb12 100644 --- a/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/HttpSendingTransportHandlerTests.java +++ b/spring-websocket/src/test/java/org/springframework/web/socket/sockjs/transport/handler/HttpSendingTransportHandlerTests.java @@ -52,8 +52,8 @@ public class HttpSendingTransportHandlerTests extends AbstractHttpRequestTests @Override @Before - public void setUp() { - super.setUp(); + public void setup() { + super.setup(); this.webSocketHandler = mock(WebSocketHandler.class); this.taskScheduler = mock(TaskScheduler.class);