Introduce test for invalid @CrossOrigin.allowCredentials()
This commit is contained in:
Sam Brannen
parent
891d41c005
commit
72b44af862
|
|
@ -328,15 +328,17 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
|
|||
for (String header : annotation.exposedHeaders()) {
|
||||
config.addExposedHeader(header);
|
||||
}
|
||||
if (annotation.allowCredentials().equalsIgnoreCase("true")) {
|
||||
|
||||
String allowCredentials = annotation.allowCredentials();
|
||||
if ("true".equalsIgnoreCase(allowCredentials)) {
|
||||
config.setAllowCredentials(true);
|
||||
}
|
||||
else if (annotation.allowCredentials().equalsIgnoreCase("false")) {
|
||||
else if ("false".equalsIgnoreCase(allowCredentials)) {
|
||||
config.setAllowCredentials(false);
|
||||
}
|
||||
else if (!annotation.allowCredentials().isEmpty()) {
|
||||
throw new IllegalStateException("AllowCredentials value must be \"true\", \"false\" " +
|
||||
"or \"\" (empty string), current value is " + annotation.allowCredentials());
|
||||
else if (!allowCredentials.isEmpty()) {
|
||||
throw new IllegalStateException("@CrossOrigin's allowCredentials value must be \"true\", \"false\", "
|
||||
+ "or an empty string (\"\"); current value is [" + allowCredentials + "].");
|
||||
}
|
||||
if (annotation.maxAge() != -1 && config.getMaxAge() == null) {
|
||||
config.setMaxAge(annotation.maxAge());
|
||||
|
|
|
|||
|
|
@ -18,21 +18,22 @@ package org.springframework.web.servlet.mvc.method.annotation;
|
|||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.rules.ExpectedException;
|
||||
|
||||
import org.springframework.beans.DirectFieldAccessor;
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
import org.springframework.web.context.support.StaticWebApplicationContext;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.mock.web.test.MockHttpServletRequest;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.context.support.StaticWebApplicationContext;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.servlet.HandlerExecutionChain;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
import org.springframework.web.servlet.mvc.condition.ConsumesRequestCondition;
|
||||
|
|
@ -43,17 +44,24 @@ import org.springframework.web.servlet.mvc.condition.ProducesRequestCondition;
|
|||
import org.springframework.web.servlet.mvc.condition.RequestMethodsRequestCondition;
|
||||
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.*;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
* Test fixture for {@link CrossOrigin @CrossOrigin} annotated methods.
|
||||
*
|
||||
* @author Sebastien Deleuze
|
||||
* @author Sam Brannen
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public class CrossOriginTests {
|
||||
|
||||
private TestRequestMappingInfoHandlerMapping handlerMapping;
|
||||
private MockHttpServletRequest request;
|
||||
|
||||
@Rule
|
||||
public ExpectedException exception = ExpectedException.none();
|
||||
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
this.handlerMapping = new TestRequestMappingInfoHandlerMapping();
|
||||
|
|
@ -123,6 +131,14 @@ public class CrossOriginTests {
|
|||
assertEquals(false, config.getAllowCredentials());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void bogusAllowCredentialsValue() throws Exception {
|
||||
exception.expect(IllegalStateException.class);
|
||||
exception.expectMessage(containsString("@CrossOrigin's allowCredentials"));
|
||||
exception.expectMessage(containsString("current value is [bogus]"));
|
||||
this.handlerMapping.registerHandler(new MethodLevelControllerWithBogusAllowCredentialsValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void classLevel() throws Exception {
|
||||
this.handlerMapping.registerHandler(new ClassLevelController());
|
||||
|
|
@ -218,59 +234,67 @@ public class CrossOriginTests {
|
|||
@Controller
|
||||
private static class MethodLevelController {
|
||||
|
||||
@RequestMapping(value = "/no", method = RequestMethod.GET)
|
||||
@RequestMapping(path = "/no", method = RequestMethod.GET)
|
||||
public void noAnnotation() {
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/no", method = RequestMethod.POST)
|
||||
@RequestMapping(path = "/no", method = RequestMethod.POST)
|
||||
public void noAnnotationPost() {
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/default", method = RequestMethod.GET)
|
||||
@RequestMapping(path = "/default", method = RequestMethod.GET)
|
||||
public void defaultAnnotation() {
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/default", method = RequestMethod.GET, params = "q")
|
||||
@RequestMapping(path = "/default", method = RequestMethod.GET, params = "q")
|
||||
public void defaultAnnotationWithParams() {
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/ambiguous-header", method = RequestMethod.GET, headers = "header1=a")
|
||||
@RequestMapping(path = "/ambiguous-header", method = RequestMethod.GET, headers = "header1=a")
|
||||
public void ambigousHeader1a() {
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/ambiguous-header", method = RequestMethod.GET, headers = "header1=b")
|
||||
@RequestMapping(path = "/ambiguous-header", method = RequestMethod.GET, headers = "header1=b")
|
||||
public void ambigousHeader1b() {
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/ambiguous-produces", method = RequestMethod.GET, produces = "application/xml")
|
||||
@RequestMapping(path = "/ambiguous-produces", method = RequestMethod.GET, produces = "application/xml")
|
||||
public String ambigousProducesXml() {
|
||||
return "<a></a>";
|
||||
}
|
||||
|
||||
@CrossOrigin
|
||||
@RequestMapping(value = "/ambiguous-produces", method = RequestMethod.GET, produces = "application/json")
|
||||
@RequestMapping(path = "/ambiguous-produces", method = RequestMethod.GET, produces = "application/json")
|
||||
public String ambigousProducesJson() {
|
||||
return "{}";
|
||||
}
|
||||
|
||||
@CrossOrigin(origin = { "http://site1.com", "http://site2.com" }, allowedHeaders = { "header1", "header2" },
|
||||
exposedHeaders = { "header3", "header4" }, method = RequestMethod.DELETE, maxAge = 123, allowCredentials = "false")
|
||||
@RequestMapping(value = "/customized", method = { RequestMethod.GET, RequestMethod.POST } )
|
||||
@RequestMapping(path = "/customized", method = { RequestMethod.GET, RequestMethod.POST })
|
||||
public void customized() {
|
||||
}
|
||||
}
|
||||
|
||||
@Controller
|
||||
private static class MethodLevelControllerWithBogusAllowCredentialsValue {
|
||||
|
||||
@CrossOrigin(allowCredentials = "bogus")
|
||||
@RequestMapping("/bogus")
|
||||
public void bogusAllowCredentialsValue() {
|
||||
}
|
||||
}
|
||||
|
||||
@Controller
|
||||
@CrossOrigin
|
||||
private static class ClassLevelController {
|
||||
|
||||
@RequestMapping(value = "/foo", method = RequestMethod.GET)
|
||||
@RequestMapping(path = "/foo", method = RequestMethod.GET)
|
||||
public void foo() {
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue