@Test public void secureHeadersFilterWorks() { Mono<ClientResponse> result = webClient.get() .uri("/headers") .header("Host", "www.secureheaders.org") .exchange(); SecureHeadersProperties defaults = new SecureHeadersProperties(); StepVerifier.create(result) .consumeNextWith( response -> { assertStatus(response, HttpStatus.OK); HttpHeaders httpHeaders = response.headers().asHttpHeaders(); assertThat(httpHeaders.getFirst(X_XSS_PROTECTION_HEADER)).isEqualTo(defaults.getXssProtectionHeader()); assertThat(httpHeaders.getFirst(STRICT_TRANSPORT_SECURITY_HEADER)).isEqualTo(defaults.getStrictTransportSecurity()); assertThat(httpHeaders.getFirst(X_FRAME_OPTIONS_HEADER)).isEqualTo(defaults.getFrameOptions()); assertThat(httpHeaders.getFirst(X_CONTENT_TYPE_OPTIONS_HEADER)).isEqualTo(defaults.getContentTypeOptions()); assertThat(httpHeaders.getFirst(REFERRER_POLICY_HEADER)).isEqualTo(defaults.getReferrerPolicy()); assertThat(httpHeaders.getFirst(CONTENT_SECURITY_POLICY_HEADER)).isEqualTo(defaults.getContentSecurityPolicy()); assertThat(httpHeaders.getFirst(X_DOWNLOAD_OPTIONS_HEADER)).isEqualTo(defaults.getDownloadOptions()); assertThat(httpHeaders.getFirst(X_PERMITTED_CROSS_DOMAIN_POLICIES_HEADER)).isEqualTo(defaults.getPermittedCrossDomainPolicies()); }) .expectComplete() .verify(DURATION); }
requestHeadersSpec = this.webClient.get() .uri(userInfoUri) .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE) .headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
@Test public void testPreFlightCorsRequest() { ClientResponse clientResponse = webClient.options().uri("/abc/123/function") .header("Origin", "domain.com") .header("Access-Control-Request-Method", "GET").exchange().block(); HttpHeaders asHttpHeaders = clientResponse.headers().asHttpHeaders(); Mono<String> bodyToMono = clientResponse.bodyToMono(String.class); // pre-flight request shouldn't return the response body assertNull(bodyToMono.block()); assertEquals( "Missing header value in response: " + HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*", asHttpHeaders.getAccessControlAllowOrigin()); assertEquals( "Missing header value in response: " + HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, Arrays.asList(new HttpMethod[] { HttpMethod.GET }), asHttpHeaders.getAccessControlAllowMethods()); assertEquals("Pre Flight call failed.", HttpStatus.OK, clientResponse.statusCode()); }
requestHeadersSpec = this.webClient.get() .uri(userInfoUri) .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE) .headers(headers -> headers.setBearerAuth(userRequest.getAccessToken().getTokenValue()));
private Flux<String> proxyResult(Set<String> groupMembers, String appId, Flux<String> body) { Flux<String> flux = groupMembers.stream() .filter(s -> !s.equals(getHostAndPort())) .map(s -> { log.debug("proxy result to {}", s); WebClient client = WebClient.create("http://" + s); return client.get().uri("/pregel/" + appId + "/result") .accept(MediaType.TEXT_EVENT_STREAM) .header(X_KGRAPH_APPID, appId) .retrieve() .bodyToFlux(String.class); }) .reduce(body, Flux::mergeWith); return flux; }
/** * Return a Mono of the access level that should be granted to the given token. * @param token the token * @param applicationId the cloud foundry application ID * @return a Mono of the access level that should be granted * @throws CloudFoundryAuthorizationException if the token is not authorized */ public Mono<AccessLevel> getAccessLevel(String token, String applicationId) throws CloudFoundryAuthorizationException { String uri = getPermissionsUri(applicationId); return this.webClient.get().uri(uri).header("Authorization", "bearer " + token) .retrieve().bodyToMono(Map.class).map(this::getAccessLevel) .onErrorMap(this::mapError); }
private Flux<Void> proxyDelete(Set<String> groupMembers, String appId) { Flux<Void> flux = Flux.fromIterable(groupMembers) .filter(s -> !s.equals(getHostAndPort())) .flatMap(s -> { log.debug("proxy delete to {}", s); WebClient client = WebClient.create("http://" + s); return client.delete().uri("/pregel/" + appId) .accept(MediaType.APPLICATION_JSON) .header(X_KGRAPH_APPID, appId) .retrieve() .bodyToMono(Void.class); }); return flux; }
@Test public void testCorsRequest() { ClientResponse clientResponse = webClient.get().uri("/abc/123/function") .header("Origin", "domain.com").header(HttpHeaders.HOST, "www.path.org") .exchange().block(); HttpHeaders asHttpHeaders = clientResponse.headers().asHttpHeaders(); Mono<String> bodyToMono = clientResponse.bodyToMono(String.class); assertNotNull(bodyToMono.block()); assertEquals( "Missing header value in response: " + HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*", asHttpHeaders.getAccessControlAllowOrigin()); assertEquals("CORS request failed.", HttpStatus.OK, clientResponse.statusCode()); }
@Test public void remoteAddrWorksWithXForwardedRemoteAddress() { Mono<ClientResponse> result = webClient.get().uri("/xforwardfor") .header("X-Forwarded-For", "12.34.56.78").exchange(); StepVerifier.create(result) .consumeNextWith(response -> assertStatus(response, HttpStatus.OK)) .expectComplete().verify(DURATION); }
@Test public void shouldReceivePlainText() { prepareResponse(response -> response.setBody("Hello Spring!")); Mono<String> result = this.webClient.get() .uri("/greeting?name=Spring") .header("X-Test-Header", "testvalue") .retrieve() .bodyToMono(String.class); StepVerifier.create(result) .expectNext("Hello Spring!") .expectComplete().verify(Duration.ofSeconds(3)); expectRequestCount(1); expectRequest(request -> { assertEquals("testvalue", request.getHeader("X-Test-Header")); assertEquals("*/*", request.getHeader(HttpHeaders.ACCEPT)); assertEquals("/greeting?name=Spring", request.getPath()); }); }
@Test public void shouldReceivePlainTextFlux() throws Exception { prepareResponse(response -> response.setBody("Hello Spring!")); Flux<String> result = this.webClient.get() .uri("/greeting?name=Spring") .header("X-Test-Header", "testvalue") .exchange() .flatMapMany(response -> response.bodyToFlux(String.class)); StepVerifier.create(result) .expectNext("Hello Spring!") .expectComplete().verify(Duration.ofSeconds(3)); expectRequestCount(1); expectRequest(request -> { assertEquals("testvalue", request.getHeader("X-Test-Header")); assertEquals("*/*", request.getHeader(HttpHeaders.ACCEPT)); assertEquals("/greeting?name=Spring", request.getPath()); }); }
@Test public void defaultHeaderAndCookieOverrides() { WebClient client = this.builder .defaultHeader("Accept", "application/json") .defaultCookie("id", "123") .build(); client.get().uri("/path").header("Accept", "application/xml").cookie("id", "456").exchange(); ClientRequest request = verifyAndGetRequest(); assertEquals("application/xml", request.headers().getFirst("Accept")); assertEquals("456", request.cookies().getFirst("id")); verifyNoMoreInteractions(this.exchangeFunction); }