@Test public void headers() { HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.setContentType(MediaType.APPLICATION_JSON); httpHeaders.put("foo", Arrays.asList("bar", "baz")); this.builder.headers(httpHeaders); MockHttpServletRequest request = this.builder.buildRequest(this.servletContext); List<String> headers = Collections.list(request.getHeaders("foo")); assertEquals(2, headers.size()); assertEquals("bar", headers.get(0)); assertEquals("baz", headers.get(1)); assertEquals(MediaType.APPLICATION_JSON.toString(), request.getHeader("Content-Type")); }
private ClientHttpResponse getClientHttpResponse( HttpMethod httpMethod, URI uri, HttpHeaders requestHeaders, byte[] requestBody) { try { MockHttpServletResponse servletResponse = this.mockMvc .perform(request(httpMethod, uri).content(requestBody).headers(requestHeaders)) .andReturn() .getResponse(); HttpStatus status = HttpStatus.valueOf(servletResponse.getStatus()); byte[] body = servletResponse.getContentAsByteArray(); MockClientHttpResponse clientResponse = new MockClientHttpResponse(body, status); clientResponse.getHeaders().putAll(getResponseHeaders(servletResponse)); return clientResponse; } catch (Exception ex) { byte[] body = ex.toString().getBytes(StandardCharsets.UTF_8); return new MockClientHttpResponse(body, HttpStatus.INTERNAL_SERVER_ERROR); } }
/** * The endpoint is not white-listed to allow CORS requests with the "X-Requested-With" header so the * CorsFilter returns a 403. * * @throws Exception on test failure */ @Test void testLogOutCorsPreflightWithUnallowedEndpoint(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(singletonList("^localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout\\.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "X-Requested-With"); httpHeaders.add("Access-Control-Request-Method", "GET"); httpHeaders.add("Origin", "localhost"); mockMvc.perform(options("/logout.dont").headers(httpHeaders)).andExpect(status().isForbidden()); }
/** * This should avoid the logic for X-Requested-With header entirely. * * @throws Exception on test failure */ @Test void testLogOutCorsPreflightWithStandardHeader(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(singletonList("^localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout\\.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "Accept"); httpHeaders.add("Access-Control-Request-Method", "GET"); httpHeaders.add("Origin", "localhost"); mockMvc.perform(options("/logout.do").headers(httpHeaders)).andExpect(status().isOk()); }
/** * Positive test case that exercises the CORS logic for dealing with the "X-Requested-With" header. * * @throws Exception */ @Test void testLogOutCorsPreflightForIdentityZone(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(asList("^localhost$", "^*\\.localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "X-Requested-With"); httpHeaders.add("Access-Control-Request-Method", "GET"); httpHeaders.add("Origin", "testzone1.localhost"); mockMvc.perform(options("/logout.do").headers(httpHeaders)).andExpect(status().isOk()); }
/** * Positive test case that exercises the CORS logic for dealing with the "X-Requested-With" header. * * @throws Exception */ @Test void testLogOutCorsPreflight(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(asList("^localhost$", "^*\\.localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout\\.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "X-Requested-With"); httpHeaders.add("Access-Control-Request-Method", "GET"); httpHeaders.add("Origin", "localhost"); mockMvc.perform(options("/logout.do").headers(httpHeaders)).andExpect(status().isOk()); }
/** * The request origin is not white-listed to allow CORS requests with the "X-Requested-With" header so the * CorsFilter returns a 403. * * @throws Exception on test failure */ @Test void testLogOutCorsPreflightWithUnallowedOrigin(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(singletonList("^localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout\\.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "X-Requested-With"); httpHeaders.add("Access-Control-Request-Method", "GET"); httpHeaders.add("Origin", "fuzzybunnies.com"); mockMvc.perform(options("/logout.do").headers(httpHeaders)).andExpect(status().isForbidden()); }
/** * The access control request method is not a GET therefore CORS requests with the "X-Requested-With" * header are not allowed and the CorsFilter returns a 405. * * @throws Exception on test failure */ @Test void testLogOutCorsPreflightWithUnallowedMethod(@Autowired CorsFilter corsFilter) throws Exception { corsFilter.setCorsXhrAllowedOrigins(singletonList("^localhost$")); corsFilter.setCorsXhrAllowedUris(singletonList("^/logout\\.do$")); corsFilter.initialize(); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add("Access-Control-Request-Headers", "X-Requested-With"); httpHeaders.add("Access-Control-Request-Method", "POST"); httpHeaders.add("Origin", "localhost"); mockMvc.perform(options("/logout.do").headers(httpHeaders)).andExpect(status().isMethodNotAllowed()); }
@Test void put_updateNothing_shouldFail() throws Exception { mockMvc.perform(put("/Users/" + seededUser.getId()) .headers(zoneSeeder.getZoneIdRequestHeader()) .header("Authorization", "Bearer " + uaaAdminToken) .header("If-Match", "\"" + seededUser.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(seededUser))) .andDo(print()) .andExpect(status().is(403)) .andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("error_description", "Internal User Creation is currently disabled. External User Store is in use.") .put("message", "Internal User Creation is currently disabled. External User Store is in use.") .put("error", "internal_user_management_disabled")))); }
uri.toString()); requestBuilder.content(getBodyAsBytes()); requestBuilder.headers(getHeaders()); MockHttpServletResponse servletResponse = actions(requestBuilder) .andReturn().getResponse();
@Test void patch_updateUserEmail_WithAccessToken_ShouldFail() throws Exception { String accessToken = testClient.getUserOAuthAccessTokenForZone( zoneSeeder.getImplicitPasswordRefreshTokenClient().getClientId(), "", seededUser.getUserName(), zoneSeeder.getPlainTextPassword(seededUser), "openid", zoneSeeder.getIdentityZoneSubdomain()); seededUser.addEmail("addAnotherNew@email.com"); MockHttpServletRequestBuilder patch = patch("/Users/" + seededUser.getId()) .headers(zoneSeeder.getZoneSubomainRequestHeader()) .header("Authorization", "Bearer " + accessToken) .header("If-Match", "\"" + seededUser.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(seededUser)); mockMvc.perform(patch) .andExpect(status().is(403)) .andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("error_description", "Internal User Creation is currently disabled. External User Store is in use.") .put("message", "Internal User Creation is currently disabled. External User Store is in use.") .put("error", "internal_user_management_disabled")))); }
@Test void put_updateUserEmail_WithAccessToken_ShouldFail() throws Exception { String accessToken = testClient.getUserOAuthAccessTokenForZone( zoneSeeder.getImplicitPasswordRefreshTokenClient().getClientId(), "", seededUser.getUserName(), zoneSeeder.getPlainTextPassword(seededUser), "openid", zoneSeeder.getIdentityZoneSubdomain()); seededUser.setEmails(null); seededUser.addEmail("resetEmail@mail.com"); MockHttpServletRequestBuilder put = put("/Users/" + seededUser.getId()) .headers(zoneSeeder.getZoneSubomainRequestHeader()) .header("Authorization", "Bearer " + accessToken) .header("If-Match", "\"" + seededUser.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(seededUser)); mockMvc.perform(put).andDo(print()) .andExpect(status().is(403)) .andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("error_description", "Internal User Creation is currently disabled. External User Store is in use.") .put("message", "Internal User Creation is currently disabled. External User Store is in use.") .put("error", "internal_user_management_disabled")))); }
private ClientHttpResponse getClientHttpResponse( HttpMethod httpMethod, URI uri, HttpHeaders requestHeaders, byte[] requestBody) { try { MockHttpServletResponse servletResponse = this.mockMvc .perform(request(httpMethod, uri).content(requestBody).headers(requestHeaders)) .andReturn() .getResponse(); HttpStatus status = HttpStatus.valueOf(servletResponse.getStatus()); byte[] body = servletResponse.getContentAsByteArray(); MockClientHttpResponse clientResponse = new MockClientHttpResponse(body, status); clientResponse.getHeaders().putAll(getResponseHeaders(servletResponse)); return clientResponse; } catch (Exception ex) { byte[] body = ex.toString().getBytes(StandardCharsets.UTF_8); return new MockClientHttpResponse(body, HttpStatus.INTERNAL_SERVER_ERROR); } }
@Override public ClientHttpResponse executeInternal() throws IOException { try { MockHttpServletRequestBuilder requestBuilder = request(httpMethod, uri); requestBuilder.content(getBodyAsBytes()); requestBuilder.headers(getHeaders()); MvcResult mvcResult = MockMvcClientHttpRequestFactory.this.mockMvc.perform(requestBuilder).andReturn(); MockHttpServletResponse servletResponse = mvcResult.getResponse(); HttpStatus status = HttpStatus.valueOf(servletResponse.getStatus()); byte[] body = servletResponse.getContentAsByteArray(); HttpHeaders headers = getResponseHeaders(servletResponse); MockClientHttpResponse clientResponse = new MockClientHttpResponse(body, status); clientResponse.getHeaders().putAll(headers); return clientResponse; } catch (Exception ex) { byte[] body = ex.toString().getBytes(UTF8_CHARSET); return new MockClientHttpResponse(body, HttpStatus.INTERNAL_SERVER_ERROR); } } };
/** * Perform GET [href] with an explicit Accept media type using MockMvc. Verify the requests succeeded and also came * back as the Accept type. * * @param href * @param contentType * @return a mocked servlet response with results from GET [href] * @throws Exception */ public MockHttpServletResponse request(String href, MediaType contentType, HttpHeaders httpHeaders) throws Exception { return mvc.perform(get(href).accept(contentType).headers(httpHeaders)). // andExpect(status().isOk()). // andExpect(content().contentType(contentType)). // andReturn().getResponse(); }