From 1181bb1852634a69e1cf34d1ed46f4bd44a2aca7 Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Tue, 7 Jul 2020 17:43:06 +0300 Subject: [PATCH] Rename originsPattern to originPatterns See gh-25016 --- .../web/bind/annotation/CrossOrigin.java | 2 +- .../web/cors/CorsConfiguration.java | 50 ++--- .../web/cors/CorsConfigurationTests.java | 174 ++++++++++-------- .../RequestMappingHandlerMapping.java | 4 +- ...CrossOriginAnnotationIntegrationTests.java | 9 +- .../RequestMappingHandlerMapping.java | 4 +- .../CorsAbstractHandlerMappingTests.java | 2 +- .../method/annotation/CrossOriginTests.java | 8 +- 8 files changed, 134 insertions(+), 119 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java b/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java index e9c9e1f8c71..8e2de23b5d4 100644 --- a/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java +++ b/spring-web/src/main/java/org/springframework/web/bind/annotation/CrossOrigin.java @@ -109,7 +109,7 @@ public @interface CrossOrigin { * See the Spring Framework reference for more on this filter. * @see #value */ - String[] originsPatterns() default {}; + String[] originPatterns() default {}; /** * The list of request headers that are permitted in actual requests, diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java index 6b12c259f88..db63d61fa5a 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java +++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java @@ -77,7 +77,7 @@ public class CorsConfiguration { private List allowedOrigins; @Nullable - private List allowedOriginsPatterns; + private List allowedOriginPatterns; @Nullable private List allowedMethods; @@ -112,7 +112,7 @@ public class CorsConfiguration { */ public CorsConfiguration(CorsConfiguration other) { this.allowedOrigins = other.allowedOrigins; - this.allowedOriginsPatterns = other.allowedOriginsPatterns; + this.allowedOriginPatterns = other.allowedOriginPatterns; this.allowedMethods = other.allowedMethods; this.resolvedMethods = other.resolvedMethods; this.allowedHeaders = other.allowedHeaders; @@ -158,14 +158,14 @@ public class CorsConfiguration { * Set the origins patterns to allow, e.g. {@code "*.com"}. *

By default this is not set. */ - public CorsConfiguration setAllowedOriginsPatterns(@Nullable List allowedOriginsPatterns) { - if (allowedOriginsPatterns == null) { - this.allowedOriginsPatterns = null; + public CorsConfiguration setAllowedOriginPatterns(@Nullable List allowedOriginPatterns) { + if (allowedOriginPatterns == null) { + this.allowedOriginPatterns = null; } else { - this.allowedOriginsPatterns = new ArrayList<>(allowedOriginsPatterns.size()); - for (String pattern : allowedOriginsPatterns) { - this.allowedOriginsPatterns.add(Pattern.compile(pattern)); + this.allowedOriginPatterns = new ArrayList<>(allowedOriginPatterns.size()); + for (String pattern : allowedOriginPatterns) { + this.allowedOriginPatterns.add(Pattern.compile(pattern)); } } @@ -176,30 +176,30 @@ public class CorsConfiguration { * Return the configured origins patterns to allow, or {@code null} if none. * * @see #addAllowedOriginPattern(String) - * @see #setAllowedOriginsPatterns(List) + * @see #setAllowedOriginPatterns(List) */ @Nullable - public List getAllowedOriginsPatterns() { - if (this.allowedOriginsPatterns == null) { + public List getAllowedOriginPatterns() { + if (this.allowedOriginPatterns == null) { return null; } - if (this.allowedOriginsPatterns == DEFAULT_PERMIT_ALL_PATTERN) { + if (this.allowedOriginPatterns == DEFAULT_PERMIT_ALL_PATTERN) { return DEFAULT_PERMIT_ALL_PATTERN_STR; } - return this.allowedOriginsPatterns.stream().map(Pattern::toString).collect(Collectors.toList()); + return this.allowedOriginPatterns.stream().map(Pattern::toString).collect(Collectors.toList()); } /** * Add an origin pattern to allow. */ public void addAllowedOriginPattern(String originPattern) { - if (this.allowedOriginsPatterns == null) { - this.allowedOriginsPatterns = new ArrayList<>(4); + if (this.allowedOriginPatterns == null) { + this.allowedOriginPatterns = new ArrayList<>(4); } - else if (this.allowedOriginsPatterns == DEFAULT_PERMIT_ALL_PATTERN) { - setAllowedOriginsPatterns(DEFAULT_PERMIT_ALL_PATTERN_STR); + else if (this.allowedOriginPatterns == DEFAULT_PERMIT_ALL_PATTERN) { + setAllowedOriginPatterns(DEFAULT_PERMIT_ALL_PATTERN_STR); } - this.allowedOriginsPatterns.add(Pattern.compile(originPattern)); + this.allowedOriginPatterns.add(Pattern.compile(originPattern)); } /** @@ -413,7 +413,7 @@ public class CorsConfiguration { * */ public CorsConfiguration applyPermitDefaultValues() { - if (this.allowedOrigins == null && this.allowedOriginsPatterns == null) { + if (this.allowedOrigins == null && this.allowedOriginPatterns == null) { this.allowedOrigins = DEFAULT_PERMIT_ALL; } if (this.allowedMethods == null) { @@ -455,13 +455,13 @@ public class CorsConfiguration { } CorsConfiguration config = new CorsConfiguration(this); List combinedOrigins = combine(getAllowedOrigins(), other.getAllowedOrigins()); - List combinedOriginsPatterns = combine(getAllowedOriginsPatterns(), other.getAllowedOriginsPatterns()); - if (combinedOrigins == DEFAULT_PERMIT_ALL && combinedOriginsPatterns != DEFAULT_PERMIT_ALL_PATTERN_STR - && !CollectionUtils.isEmpty(combinedOriginsPatterns)) { + List combinedOriginPatterns = combine(getAllowedOriginPatterns(), other.getAllowedOriginPatterns()); + if (combinedOrigins == DEFAULT_PERMIT_ALL && combinedOriginPatterns != DEFAULT_PERMIT_ALL_PATTERN_STR + && !CollectionUtils.isEmpty(combinedOriginPatterns)) { combinedOrigins = null; } config.setAllowedOrigins(combinedOrigins); - config.setAllowedOriginsPatterns(combinedOriginsPatterns); + config.setAllowedOriginPatterns(combinedOriginPatterns); config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); @@ -529,8 +529,8 @@ public class CorsConfiguration { } } } - if (!ObjectUtils.isEmpty(this.allowedOriginsPatterns)) { - for (Pattern allowedOriginsPattern : this.allowedOriginsPatterns) { + if (!ObjectUtils.isEmpty(this.allowedOriginPatterns)) { + for (Pattern allowedOriginsPattern : this.allowedOriginPatterns) { if (allowedOriginsPattern.pattern().equals(ALL_PATTERN)) { if (this.allowCredentials != Boolean.TRUE) { return ALL; diff --git a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java index 0d311805cec..fbff8c6d8aa 100644 --- a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java +++ b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java @@ -50,28 +50,28 @@ public class CorsConfigurationTests { assertThat(config.getAllowCredentials()).isNull(); config.setMaxAge((Long) null); assertThat(config.getMaxAge()).isNull(); - config.setAllowedOriginsPatterns(null); - assertThat(config.getAllowedOriginsPatterns()).isNull(); + config.setAllowedOriginPatterns(null); + assertThat(config.getAllowedOriginPatterns()).isNull(); } @Test public void setValues() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); + assertThat(config.getAllowedOrigins()).containsExactly("*"); config.addAllowedHeader("*"); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*")); + assertThat(config.getAllowedHeaders()).containsExactly("*"); config.addAllowedMethod("*"); - assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList("*")); + assertThat(config.getAllowedMethods()).containsExactly("*"); config.addExposedHeader("header1"); config.addExposedHeader("header2"); - assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header1", "header2")); + assertThat(config.getExposedHeaders()).containsExactly("header1", "header2"); config.setAllowCredentials(true); - assertThat((boolean) config.getAllowCredentials()).isTrue(); + assertThat(config.getAllowCredentials()).isTrue(); config.setMaxAge(123L); assertThat(config.getMaxAge()).isEqualTo(new Long(123)); config.addAllowedOriginPattern(".*\\.example\\.com"); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.example\\.com")); + assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.example\\.com"); } @Test @@ -84,16 +84,16 @@ public class CorsConfigurationTests { @Test public void asteriskWildCardOnSetExposedHeaders() { CorsConfiguration config = new CorsConfiguration(); - assertThatIllegalArgumentException().isThrownBy(() -> - config.setExposedHeaders(Arrays.asList("*"))); + assertThatIllegalArgumentException() + .isThrownBy(() -> config.setExposedHeaders(Collections.singletonList("*"))); } @Test public void combineWithNull() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOrigins(Arrays.asList("*")); + config.setAllowedOrigins(Collections.singletonList("*")); config.combine(null); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); + assertThat(config.getAllowedOrigins()).containsExactly("*"); } @Test @@ -105,16 +105,17 @@ public class CorsConfigurationTests { config.addAllowedMethod(HttpMethod.GET.name()); config.setMaxAge(123L); config.setAllowCredentials(true); - config.setAllowedOriginsPatterns(Arrays.asList(".*\\.example\\.com")); + config.setAllowedOriginPatterns(Collections.singletonList(".*\\.example\\.com")); CorsConfiguration other = new CorsConfiguration(); config = config.combine(other); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("header1")); - assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header3")); - assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name())); + assertThat(config).isNotNull(); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getAllowedHeaders()).containsExactly("header1"); + assertThat(config.getExposedHeaders()).containsExactly("header3"); + assertThat(config.getAllowedMethods()).containsExactly(HttpMethod.GET.name()); assertThat(config.getMaxAge()).isEqualTo(new Long(123)); - assertThat((boolean) config.getAllowCredentials()).isTrue(); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.example\\.com")); + assertThat(config.getAllowCredentials()).isTrue(); + assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.example\\.com"); } @Test // SPR-15772 @@ -126,26 +127,30 @@ public class CorsConfigurationTests { other.addAllowedMethod(HttpMethod.PUT.name()); CorsConfiguration combinedConfig = config.combine(other); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com")); - assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.PUT.name())); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com"); + assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1"); + assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.PUT.name()); combinedConfig = other.combine(config); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com")); - assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.PUT.name())); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com"); + assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1"); + assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.PUT.name()); combinedConfig = config.combine(new CorsConfiguration()); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(), - HttpMethod.POST.name())); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getAllowedHeaders()).containsExactly("*"); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedMethods()) + .containsExactly(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()); combinedConfig = new CorsConfiguration().combine(config); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.HEAD.name(), - HttpMethod.POST.name())); + assertThat(config.getAllowedOrigins()).containsExactly("*"); + assertThat(config.getAllowedHeaders()).containsExactly("*"); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedMethods()) + .containsExactly(HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name()); } @Test @@ -155,28 +160,32 @@ public class CorsConfigurationTests { other.addAllowedOriginPattern(".*\\.com"); CorsConfiguration combinedConfig = other.combine(config); + assertThat(combinedConfig).isNotNull(); assertThat(combinedConfig.getAllowedOrigins()).isNull(); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com")); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com"); combinedConfig = config.combine(other); + assertThat(combinedConfig).isNotNull(); assertThat(combinedConfig.getAllowedOrigins()).isNull(); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com")); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com"); } @Test public void combinePatternWithDefaultPermitValuesAndCustomOrigin() { CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues(); - config.setAllowedOrigins(Arrays.asList("https://domain.com")); + config.setAllowedOrigins(Collections.singletonList("https://domain.com")); CorsConfiguration other = new CorsConfiguration(); other.addAllowedOriginPattern(".*\\.com"); CorsConfiguration combinedConfig = other.combine(config); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com")); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com")); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com"); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com"); combinedConfig = config.combine(other); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain.com")); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com")); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain.com"); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.com"); } @Test @@ -193,15 +202,17 @@ public class CorsConfigurationTests { other.addAllowedOriginPattern(".*\\.company\\.com"); other.addAllowedMethod(HttpMethod.PUT.name()); CorsConfiguration combinedConfig = config.combine(other); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*")); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("*"); + assertThat(combinedConfig.getAllowedHeaders()).containsExactly("*"); + assertThat(combinedConfig.getAllowedMethods()).containsExactly("*"); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*"); combinedConfig = other.combine(config); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList("*")); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*")); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("*"); + assertThat(combinedConfig.getAllowedHeaders()).containsExactly("*"); + assertThat(combinedConfig.getAllowedMethods()).containsExactly("*"); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*"); } @Test // SPR-14792 @@ -224,11 +235,12 @@ public class CorsConfigurationTests { other.addAllowedMethod(HttpMethod.GET.name()); other.addAllowedOriginPattern(".*\\.domain1\\.com"); CorsConfiguration combinedConfig = config.combine(other); - assertThat(combinedConfig.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain1.com", "https://domain2.com")); - assertThat(combinedConfig.getAllowedHeaders()).isEqualTo(Arrays.asList("header1", "header2")); - assertThat(combinedConfig.getExposedHeaders()).isEqualTo(Arrays.asList("header3", "header4")); - assertThat(combinedConfig.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name())); - assertThat(combinedConfig.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.domain1\\.com", ".*\\.domain2\\.com")); + assertThat(combinedConfig).isNotNull(); + assertThat(combinedConfig.getAllowedOrigins()).containsExactly("https://domain1.com", "https://domain2.com"); + assertThat(combinedConfig.getAllowedHeaders()).containsExactly("header1", "header2"); + assertThat(combinedConfig.getExposedHeaders()).containsExactly("header3", "header4"); + assertThat(combinedConfig.getAllowedMethods()).containsExactly(HttpMethod.GET.name(), HttpMethod.PUT.name()); + assertThat(combinedConfig.getAllowedOriginPatterns()).containsExactly(".*\\.domain1\\.com", ".*\\.domain2\\.com"); } @Test @@ -250,23 +262,25 @@ public class CorsConfigurationTests { other.setAllowCredentials(false); other.addAllowedOriginPattern(".*\\.domain2\\.com"); config = config.combine(other); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("https://domain1.com", "https://domain2.com")); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("header1", "header2")); - assertThat(config.getExposedHeaders()).isEqualTo(Arrays.asList("header3", "header4")); - assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name())); + assertThat(config).isNotNull(); + assertThat(config.getAllowedOrigins()).containsExactly("https://domain1.com", "https://domain2.com"); + assertThat(config.getAllowedHeaders()).containsExactly("header1", "header2"); + assertThat(config.getExposedHeaders()).containsExactly("header3", "header4"); + assertThat(config.getAllowedMethods()).containsExactly(HttpMethod.GET.name(), HttpMethod.PUT.name()); assertThat(config.getMaxAge()).isEqualTo(new Long(456)); - assertThat((boolean) config.getAllowCredentials()).isFalse(); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.domain1\\.com", ".*\\.domain2\\.com")); + assertThat(config).isNotNull(); + assertThat(config.getAllowCredentials()).isFalse(); + assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.domain1\\.com", ".*\\.domain2\\.com"); } @Test public void checkOriginAllowed() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOrigins(Arrays.asList("*")); + config.setAllowedOrigins(Collections.singletonList("*")); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("*"); config.setAllowCredentials(true); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com"); - config.setAllowedOrigins(Arrays.asList("https://domain.com")); + config.setAllowedOrigins(Collections.singletonList("https://domain.com")); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com"); config.setAllowCredentials(false); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com"); @@ -279,7 +293,7 @@ public class CorsConfigurationTests { assertThat(config.checkOrigin("https://domain.com")).isNull(); config.addAllowedOrigin("*"); assertThat(config.checkOrigin(null)).isNull(); - config.setAllowedOrigins(Arrays.asList("https://domain1.com")); + config.setAllowedOrigins(Collections.singletonList("https://domain1.com")); assertThat(config.checkOrigin("https://domain2.com")).isNull(); config.setAllowedOrigins(new ArrayList<>()); assertThat(config.checkOrigin("https://domain.com")).isNull(); @@ -288,11 +302,11 @@ public class CorsConfigurationTests { @Test public void checkOriginPatternAllowed() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOriginsPatterns(Arrays.asList(".*")); + config.setAllowedOriginPatterns(Collections.singletonList(".*")); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("*"); config.setAllowCredentials(true); assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com"); - config.setAllowedOriginsPatterns(Arrays.asList(".*\\.domain\\.com")); + config.setAllowedOriginPatterns(Collections.singletonList(".*\\.domain\\.com")); assertThat(config.checkOrigin("https://example.domain.com")).isEqualTo("https://example.domain.com"); config.setAllowCredentials(false); assertThat(config.checkOrigin("https://example.domain.com")).isEqualTo("https://example.domain.com"); @@ -305,21 +319,21 @@ public class CorsConfigurationTests { assertThat(config.checkOrigin("https://domain.com")).isNull(); config.addAllowedOriginPattern(".*"); assertThat(config.checkOrigin(null)).isNull(); - config.setAllowedOriginsPatterns(Arrays.asList(".*\\.domain1\\.com")); + config.setAllowedOriginPatterns(Collections.singletonList(".*\\.domain1\\.com")); assertThat(config.checkOrigin("https://domain2.com")).isNull(); - config.setAllowedOriginsPatterns(new ArrayList<>()); + config.setAllowedOriginPatterns(new ArrayList<>()); assertThat(config.checkOrigin("https://domain.com")).isNull(); } @Test public void checkMethodAllowed() { CorsConfiguration config = new CorsConfiguration(); - assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD)); + assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET, HttpMethod.HEAD); config.addAllowedMethod("GET"); - assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET)); + assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET); config.addAllowedMethod("POST"); - assertThat(config.checkHttpMethod(HttpMethod.GET)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.POST)); - assertThat(config.checkHttpMethod(HttpMethod.POST)).isEqualTo(Arrays.asList(HttpMethod.GET, HttpMethod.POST)); + assertThat(config.checkHttpMethod(HttpMethod.GET)).containsExactly(HttpMethod.GET, HttpMethod.POST); + assertThat(config.checkHttpMethod(HttpMethod.POST)).containsExactly(HttpMethod.GET, HttpMethod.POST); } @Test @@ -337,21 +351,21 @@ public class CorsConfigurationTests { assertThat(config.checkHeaders(Collections.emptyList())).isEqualTo(Collections.emptyList()); config.addAllowedHeader("header1"); config.addAllowedHeader("header2"); - assertThat(config.checkHeaders(Arrays.asList("header1"))).isEqualTo(Arrays.asList("header1")); - assertThat(config.checkHeaders(Arrays.asList("header1", "header2"))).isEqualTo(Arrays.asList("header1", "header2")); - assertThat(config.checkHeaders(Arrays.asList("header1", "header2", "header3"))).isEqualTo(Arrays.asList("header1", "header2")); + assertThat(config.checkHeaders(Collections.singletonList("header1"))).containsExactly("header1"); + assertThat(config.checkHeaders(Arrays.asList("header1", "header2"))).containsExactly("header1", "header2"); + assertThat(config.checkHeaders(Arrays.asList("header1", "header2", "header3"))).containsExactly("header1", "header2"); } @Test public void checkHeadersNotAllowed() { CorsConfiguration config = new CorsConfiguration(); assertThat(config.checkHeaders(null)).isNull(); - assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull(); + assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull(); config.setAllowedHeaders(Collections.emptyList()); - assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull(); + assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull(); config.addAllowedHeader("header2"); config.addAllowedHeader("header3"); - assertThat(config.checkHeaders(Arrays.asList("header1"))).isNull(); + assertThat(config.checkHeaders(Collections.singletonList("header1"))).isNull(); } @Test // SPR-15772 @@ -360,9 +374,9 @@ public class CorsConfigurationTests { config.addAllowedOrigin("https://domain.com"); config.addAllowedHeader("header1"); config.addAllowedMethod("PATCH"); - assertThat(config.getAllowedOrigins()).isEqualTo(Arrays.asList("*", "https://domain.com")); - assertThat(config.getAllowedHeaders()).isEqualTo(Arrays.asList("*", "header1")); - assertThat(config.getAllowedMethods()).isEqualTo(Arrays.asList("GET", "HEAD", "POST", "PATCH")); + assertThat(config.getAllowedOrigins()).containsExactly("*", "https://domain.com"); + assertThat(config.getAllowedHeaders()).containsExactly("*", "header1"); + assertThat(config.getAllowedMethods()).containsExactly("GET", "HEAD", "POST", "PATCH"); } @Test @@ -371,6 +385,6 @@ public class CorsConfigurationTests { config.addAllowedOriginPattern(".*\\.com"); config = config.applyPermitDefaultValues(); assertThat(config.getAllowedOrigins()).isNull(); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Arrays.asList(".*\\.com")); + assertThat(config.getAllowedOriginPatterns()).containsExactly(".*\\.com"); } } diff --git a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java index 8915de58665..a26ca6e8dfd 100644 --- a/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webflux/src/main/java/org/springframework/web/reactive/result/method/annotation/RequestMappingHandlerMapping.java @@ -315,8 +315,8 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi for (String origin : annotation.origins()) { config.addAllowedOrigin(resolveCorsAnnotationValue(origin)); } - for (String originsPattern : annotation.originsPatterns()) { - config.addAllowedOriginPattern(resolveCorsAnnotationValue(originsPattern)); + for (String patterns : annotation.originPatterns()) { + config.addAllowedOriginPattern(resolveCorsAnnotationValue(patterns)); } for (RequestMethod method : annotation.methods()) { config.addAllowedMethod(method.name()); diff --git a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java index 2da85ba4086..a5439a4e2a2 100644 --- a/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java +++ b/spring-webflux/src/test/java/org/springframework/web/reactive/result/method/annotation/CrossOriginAnnotationIntegrationTests.java @@ -282,12 +282,13 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr @Configuration @EnableWebFlux @ComponentScan(resourcePattern = "**/CrossOriginAnnotationIntegrationTests*") - @SuppressWarnings({"unused", "WeakerAccess"}) + @SuppressWarnings("WeakerAccess") static class WebConfig { } - @RestController @SuppressWarnings("unused") + @RestController + @SuppressWarnings("unused") private static class MethodLevelController { @GetMapping("/no") @@ -357,13 +358,13 @@ class CrossOriginAnnotationIntegrationTests extends AbstractRequestMappingIntegr return "placeholder"; } - @CrossOrigin(originsPatterns = ".*\\.com") + @CrossOrigin(originPatterns = ".*\\.com") @GetMapping("/origin-pattern-value-attribute") public String customOriginPatternDefinedViaValueAttribute() { return "pattern-value-attribute"; } - @CrossOrigin(originsPatterns = "${myOriginPattern}") + @CrossOrigin(originPatterns = "${myOriginPattern}") @GetMapping("/origin-pattern-placeholder") public String customOriginPatternDefinedViaPlaceholder() { return "pattern-placeholder"; diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java index 4efaa8b84c5..4a3b98057c8 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java @@ -451,8 +451,8 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi for (String origin : annotation.origins()) { config.addAllowedOrigin(resolveCorsAnnotationValue(origin)); } - for (String originPatter : annotation.originsPatterns()) { - config.addAllowedOriginPattern(resolveCorsAnnotationValue(originPatter)); + for (String patterns : annotation.originPatterns()) { + config.addAllowedOriginPattern(resolveCorsAnnotationValue(patterns)); } for (RequestMethod method : annotation.methods()) { config.addAllowedMethod(method.name()); diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/handler/CorsAbstractHandlerMappingTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/handler/CorsAbstractHandlerMappingTests.java index 6521bbb5728..11f963791ae 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/handler/CorsAbstractHandlerMappingTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/handler/CorsAbstractHandlerMappingTests.java @@ -130,7 +130,7 @@ class CorsAbstractHandlerMappingTests { assertThat(chain).isNotNull(); assertThat(chain.getHandler()).isInstanceOf(SimpleHandler.class); - assertThat(mapping.getRequiredCorsConfig().getAllowedOriginsPatterns()).containsExactly(".*\\.domain2\\.com"); + assertThat(mapping.getRequiredCorsConfig().getAllowedOriginPatterns()).containsExactly(".*\\.domain2\\.com"); } @PathPatternsParameterizedTest diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java index 279a7d673cd..60d2c9b54d0 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java @@ -206,7 +206,7 @@ class CrossOriginTests { CorsConfiguration config = getCorsConfiguration(chain, false); assertThat(config).isNotNull(); assertThat(config.getAllowedOrigins()).isNull(); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com")); + assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com")); assertThat(config.getAllowCredentials()).isNull(); } @@ -218,7 +218,7 @@ class CrossOriginTests { CorsConfiguration config = getCorsConfiguration(chain, false); assertThat(config).isNotNull(); assertThat(config.getAllowedOrigins()).isNull(); - assertThat(config.getAllowedOriginsPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com")); + assertThat(config.getAllowedOriginPatterns()).isEqualTo(Collections.singletonList(".*\\.example\\.com")); assertThat(config.getAllowCredentials()).isNull(); } @@ -433,12 +433,12 @@ class CrossOriginTests { public void customOriginDefinedViaPlaceholder() { } - @CrossOrigin(originsPatterns = ".*\\.example\\.com") + @CrossOrigin(originPatterns = ".*\\.example\\.com") @RequestMapping("/customOriginPattern") public void customOriginPatternDefinedViaValueAttribute() { } - @CrossOrigin(originsPatterns = "${myDomainPattern}") + @CrossOrigin(originPatterns = "${myDomainPattern}") @RequestMapping("/customOriginPatternPlaceholder") public void customOriginPatternDefinedViaPlaceholder() { }