@Override public void setSessionId(ServerWebExchange exchange, String id) { Assert.notNull(id, "'id' is required."); exchange.getResponse().getHeaders().set(getHeaderName(), id); }
/** * Send a redirect back to the HTTP client. * @param targetUrl the target URL to redirect to * @param exchange current exchange */ protected Mono<Void> sendRedirect(String targetUrl, ServerWebExchange exchange) { String transformedUrl = (isRemoteHost(targetUrl) ? targetUrl : exchange.transformUrl(targetUrl)); ServerHttpResponse response = exchange.getResponse(); response.getHeaders().setLocation(URI.create(transformedUrl)); response.setStatusCode(getStatusCode()); return Mono.empty(); }
@Override public Mono<Void> render(@Nullable Map<String, ?> model, @Nullable MediaType contentType, ServerWebExchange exchange) { exchange.getResponse().getHeaders().setContentLanguage(locale); return Mono.empty(); } }
@Override public Mono<Void> render(@Nullable Map<String, ?> model, @Nullable MediaType contentType, ServerWebExchange exchange) { exchange.getResponse().getHeaders().setContentLanguage(locale); return Mono.empty(); } }
@Test public void expireWhenValidThenSetsEmptyHeader() { this.idResolver.expireSession(this.exchange); assertEquals(Arrays.asList(""), this.exchange.getResponse().getHeaders().get(HeaderWebSessionIdResolver.DEFAULT_HEADER_NAME)); }
@Test public void setSessionIdWhenValidThenSetsHeader() { String id = "123"; this.idResolver.setSessionId(this.exchange, id); assertEquals(Arrays.asList(id), this.exchange.getResponse().getHeaders().get(HeaderWebSessionIdResolver.DEFAULT_HEADER_NAME)); }
@Test public void actualRequestWithOriginHeader() throws Exception { ServerWebExchange exchange = actualRequest(); this.processor.process(this.conf, exchange); ServerHttpResponse response = exchange.getResponse(); assertFalse(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN)); assertThat(response.getHeaders().get(VARY), contains(ORIGIN, ACCESS_CONTROL_REQUEST_METHOD, ACCESS_CONTROL_REQUEST_HEADERS)); assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode()); }
@Test public void expireWhenAfterSetSessionIdThenSetsEmptyHeader() { this.idResolver.setSessionId(this.exchange, "123"); this.idResolver.expireSession(this.exchange); assertEquals(Arrays.asList(""), this.exchange.getResponse().getHeaders().get(HeaderWebSessionIdResolver.DEFAULT_HEADER_NAME)); }
@Test public void setSessionIdWhenMultipleThenSetsSingleHeader() { String id = "123"; this.idResolver.setSessionId(this.exchange, "overriddenByNextInvocation"); this.idResolver.setSessionId(this.exchange, id); assertEquals(Arrays.asList(id), this.exchange.getResponse().getHeaders().get(HeaderWebSessionIdResolver.DEFAULT_HEADER_NAME)); }
@Test public void setSessionIdWhenCustomHeaderNameThenSetsHeader() { String headerName = "x-auth"; String id = "123"; this.idResolver.setHeaderName(headerName); this.idResolver.setSessionId(this.exchange, id); assertEquals(Arrays.asList(id), this.exchange.getResponse().getHeaders().get(headerName)); }
@Test public void preflightRequestWithoutRequestMethod() throws Exception { ServerWebExchange exchange = MockServerWebExchange.from( preFlightRequest().header(ACCESS_CONTROL_REQUEST_HEADERS, "Header1")); this.processor.process(this.conf, exchange); ServerHttpResponse response = exchange.getResponse(); assertFalse(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN)); assertThat(response.getHeaders().get(VARY), contains(ORIGIN, ACCESS_CONTROL_REQUEST_METHOD, ACCESS_CONTROL_REQUEST_HEADERS)); assertEquals(HttpStatus.FORBIDDEN, response.getStatusCode()); }
@Test public void preFlightRequestWithCorsConfigurationSource() throws Exception { this.handlerMapping.setCorsConfigurationSource(new CustomCorsConfigurationSource()); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.OPTIONS, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertNotSame(this.welcomeController, actual); assertEquals("http://domain2.com", exchange.getResponse().getHeaders() .getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("true", exchange.getResponse().getHeaders() .getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); }
@Test public void preflightRequestWithoutCorsConfigurationProvider() throws Exception { String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.OPTIONS, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertNotSame(this.welcomeController, actual); assertNull(exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void actualRequestWithCorsAwareHandler() throws Exception { String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.GET, "/cors.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertSame(this.corsController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void preFlightWithCorsAwareHandler() throws Exception { String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.OPTIONS, "/cors.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertNotSame(this.corsController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void actualRequestWithGlobalCorsConfig() throws Exception { CorsConfiguration mappedConfig = new CorsConfiguration(); mappedConfig.addAllowedOrigin("*"); this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig)); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.GET, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertSame(this.welcomeController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void preFlightRequestWithGlobalCorsConfig() throws Exception { CorsConfiguration mappedConfig = new CorsConfiguration(); mappedConfig.addAllowedOrigin("*"); this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig)); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.OPTIONS, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertNotSame(this.welcomeController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
@Test public void preflightRequestAllOriginsAllowed() throws Exception { ServerWebExchange exchange = MockServerWebExchange.from( preFlightRequest().header(ACCESS_CONTROL_REQUEST_METHOD, "GET")); this.conf.addAllowedOrigin("*"); this.processor.process(this.conf, exchange); ServerHttpResponse response = exchange.getResponse(); assertThat(response.getHeaders().get(VARY), contains(ORIGIN, ACCESS_CONTROL_REQUEST_METHOD, ACCESS_CONTROL_REQUEST_HEADERS)); assertNull(response.getStatusCode()); }
@Test public void actualRequestWithOriginHeaderAndNullConfig() throws Exception { ServerWebExchange exchange = actualRequest(); this.processor.process(null, exchange); ServerHttpResponse response = exchange.getResponse(); assertFalse(response.getHeaders().containsKey(ACCESS_CONTROL_ALLOW_ORIGIN)); assertNull(response.getStatusCode()); }
@Override public Mono<Void> handle(ServerHttpRequest request, ServerHttpResponse response) { Mono<Integer> requestSizeMono = request.getBody(). reduce(0, (integer, dataBuffer) -> integer + dataBuffer.readableByteCount()). doOnSuccessOrError((size, throwable) -> { assertNull(throwable); assertEquals(REQUEST_SIZE, (long) size); }); response.getHeaders().setContentLength(RESPONSE_SIZE); return requestSizeMono.then(response.writeWith(multipleChunks())); }