Here are the examples of the java api org.springframework.http.HttpHeaders.ORIGIN taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
275 Examples
19
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
private ResultActions performAcceptedCorsRequest(String url) throws Exception {
return createMockMvc().perform(options(url).header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "foo.example.com")).andExpect(status().isOk());
}
19
View Source File : WebFluxEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
private WebTestClient.ResponseSpec performAcceptedCorsRequest(String url) {
return createWebTestClient().options().uri(url).header(HttpHeaders.ORIGIN, "spring.example.org").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").exchange().expectHeader().valueEquals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "spring.example.org").expectStatus().isOk();
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isCorsRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
replacedertTrue(CorsUtils.isCorsRequest(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isNotPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "https://domain.com");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void isPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void isNotPreFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
request = new MockHttpServletRequest();
request.setMethod(HttpMethod.OPTIONS.name());
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
replacedertFalse(CorsUtils.isPreFlightRequest(request));
}
19
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void isCorsRequest() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
replacedertTrue(CorsUtils.isCorsRequest(request));
}
19
View Source File : BasicRouteTests.java
License : MIT License
Project Creator : microsoft
License : MIT License
Project Creator : microsoft
@Test
public void CORS_Success_replacedlesEndpointResponse() throws URISyntaxException {
ResponseEnreplacedy<String> resreplacedles = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/replacedles")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
replacedert.replacedertTrue(resreplacedles.getStatusCode().is2xxSuccessful());
replacedert.replacedertEquals(resreplacedles.getHeaders().getAccessControlAllowOrigin(), "*");
}
19
View Source File : BasicRouteTests.java
License : MIT License
Project Creator : microsoft
License : MIT License
Project Creator : microsoft
@Test
public void CORS_Success_PeopleEndpointResponse() throws URISyntaxException {
ResponseEnreplacedy<String> resPeople = this.rest.exchange(RequestEnreplacedy.get(new URI("http://localhost:" + httpPort + "/people")).header(HttpHeaders.ORIGIN, "http://test.com").build(), String.clreplaced);
replacedert.replacedertTrue(resPeople.getStatusCode().is2xxSuccessful());
replacedert.replacedertEquals(resPeople.getHeaders().getAccessControlAllowOrigin(), "*");
}
19
View Source File : RequestMappingInfoTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Test
public void preFlightRequest() {
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/foo");
request.addHeader(HttpHeaders.ORIGIN, "http://domain.com");
request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST");
RequestMappingInfo info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.POST), null, null, null, null, null);
RequestMappingInfo match = info.getMatchingCondition(request);
replacedertNotNull(match);
info = new RequestMappingInfo(new PatternsRequestCondition("/foo"), new RequestMethodsRequestCondition(RequestMethod.OPTIONS), null, null, null, null, null);
match = info.getMatchingCondition(request);
replacedertNotNull(match);
}
19
View Source File : GreetingIntegrationTests.java
License : The Unlicense
Project Creator : diegopacheco
License : The Unlicense
Project Creator : diegopacheco
@Test
public void corsWithJavaconfig() {
ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting-javaconfig")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
Greeting greeting = enreplacedy.getBody();
replacedertEquals("Hello, World!", greeting.getContent());
}
19
View Source File : GreetingIntegrationTests.java
License : The Unlicense
Project Creator : diegopacheco
License : The Unlicense
Project Creator : diegopacheco
@Test
public void corsWithAnnotation() throws Exception {
ResponseEnreplacedy<Greeting> enreplacedy = this.restTemplate.exchange(RequestEnreplacedy.get(uri("/greeting")).header(HttpHeaders.ORIGIN, "http://localhost:9000").build(), Greeting.clreplaced);
replacedertEquals(HttpStatus.OK, enreplacedy.getStatusCode());
replacedertEquals("http://localhost:9000", enreplacedy.getHeaders().getAccessControlAllowOrigin());
Greeting greeting = enreplacedy.getBody();
replacedertEquals("Hello, World!", greeting.getContent());
}
18
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void allowedMethodsCanBeConfigured() throws Exception {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com", "management.endpoints.web.cors.allowed-methods:GET,HEAD").applyTo(this.context);
createMockMvc().perform(options("/actuator/beans").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "HEAD")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD"));
}
18
View Source File : WebMvcEndpointCorsIntegrationTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void requestsWithDisallowedMethodsAreRejected() throws Exception {
TestPropertyValues.of("management.endpoints.web.cors.allowed-origins:foo.example.com").applyTo(this.context);
createMockMvc().perform(options("/actuator/health").header(HttpHeaders.ORIGIN, "foo.example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "PATCH")).andExpect(status().isForbidden());
}
18
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
18
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com", "https://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(403, this.servletResponse.getStatus());
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("http://domain.com/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
replacedertTrue(CorsUtils.isCorsRequest(request));
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertTrue(CorsUtils.isSameOrigin(request));
}
18
View Source File : OriginHandshakeInterceptorTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.example"));
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}
18
View Source File : OriginHandshakeInterceptorTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}
18
View Source File : OriginHandshakeInterceptorTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void sameOriginNoMatch() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
this.servletRequest.setServerName("mydomain2.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isFalse();
replacedertThat(HttpStatus.FORBIDDEN.value()).isEqualTo(servletResponse.getStatus());
}
18
View Source File : CorsUtilsTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("http://domain.example/").header(HttpHeaders.ORIGIN, "https://domain.com").build();
replacedertThat(CorsUtils.isCorsRequest(request)).isTrue();
}
18
View Source File : CorsUtilsTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@SuppressWarnings("deprecation")
private void testWithXForwardedHeaders(String serverName, int port, String forwardedProto, String forwardedHost, int forwardedPort, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header(HttpHeaders.ORIGIN, originHeader);
if (forwardedProto != null) {
builder.header("X-Forwarded-Proto", forwardedProto);
}
if (forwardedHost != null) {
builder.header("X-Forwarded-Host", forwardedHost);
}
if (forwardedPort != -1) {
builder.header("X-Forwarded-Port", String.valueOf(forwardedPort));
}
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}
18
View Source File : CorsUtilsTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@SuppressWarnings("deprecation")
private void testWithForwardedHeader(String serverName, int port, String forwardedHeader, String originHeader) {
String url = "http://" + serverName;
if (port != -1) {
url = url + ":" + port;
}
MockServerHttpRequest.BaseBuilder<?> builder = get(url).header("Forwarded", forwardedHeader).header(HttpHeaders.ORIGIN, originHeader);
ServerHttpRequest request = adaptFromForwardedHeaders(builder);
replacedertThat(CorsUtils.isSameOrigin(request)).isTrue();
}
18
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
18
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(403, this.servletResponse.getStatus());
}
18
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : mindcarver
License : MIT License
Project Creator : mindcarver
@Test
public void isCorsRequest() {
ServerHttpRequest request = get("/").header(HttpHeaders.ORIGIN, "http://domain.com").build();
replacedertTrue(CorsUtils.isCorsRequest(request));
}
18
View Source File : CrossOriginTests.java
License : Apache License 2.0
Project Creator : langtianya
License : Apache License 2.0
Project Creator : langtianya
@Before
public void setUp() {
this.handlerMapping.setRemoveSemicolonContent(false);
this.handlerMapping.setApplicationContext(new StaticWebApplicationContext());
this.handlerMapping.afterPropertiesSet();
this.request.setMethod("GET");
this.request.addHeader(HttpHeaders.ORIGIN, "http://domain.com/");
}
17
View Source File : ReactiveCloudFoundrySecurityInterceptorTests.java
License : Apache License 2.0
Project Creator : yuanmabiji
License : Apache License 2.0
Project Creator : yuanmabiji
@Test
public void preHandleWhenRequestIsPreFlightShouldBeOk() {
MockServerWebExchange request = MockServerWebExchange.from(MockServerHttpRequest.options("/a").header(HttpHeaders.ORIGIN, "http://example.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build());
StepVerifier.create(this.interceptor.preHandle(request, "/a")).consumeNextWith((response) -> replacedertThat(response.getStatus()).isEqualTo(HttpStatus.OK)).verifyComplete();
}
17
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.com");
this.servletRequest.setServerName("mydomain2.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(200, this.servletResponse.getStatus());
}
17
View Source File : DefaultSockJsServiceTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
String sockJsPath = sessionUrlPrefix + "invalid";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.com"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertEquals(404, this.servletResponse.getStatus());
}
17
View Source File : OriginHandshakeInterceptorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void sameOriginMatchWithAllowedOrigins() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.com"));
replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
View Source File : OriginHandshakeInterceptorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
View Source File : OriginHandshakeInterceptorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void sameOriginNoMatch() throws Exception {
Map<String, Object> attributes = new HashMap<>();
WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.clreplaced);
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com");
this.servletRequest.setServerName("mydomain2.com");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList());
replacedertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes));
replacedertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value());
}
17
View Source File : CrossOriginTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preFlightRequestWithoutRequestMethodHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/default");
request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
replacedertNull(this.handlerMapping.getHandler(request));
}
17
View Source File : DefaultCorsProcessorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
private MockServerHttpRequest.BaseBuilder<?> corsRequest(HttpMethod method) {
return MockServerHttpRequest.method(method, "http://localhost/test.html").header(HttpHeaders.ORIGIN, "https://domain2.com");
}
17
View Source File : CorsUtilsTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void isPreFlightRequest() {
ServerHttpRequest request = options("/").header(HttpHeaders.ORIGIN, "https://domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET").build();
replacedertTrue(CorsUtils.isPreFlightRequest(request));
}
17
View Source File : DefaultCorsProcessorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void actualRequestWithOriginHeaderAndNullConfig() throws Exception {
this.request.setMethod(HttpMethod.GET.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_OK, this.response.getStatus());
}
17
View Source File : DefaultCorsProcessorTests.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
@Test
public void preflightRequestWithNullConfig() throws Exception {
this.request.setMethod(HttpMethod.OPTIONS.name());
this.request.addHeader(HttpHeaders.ORIGIN, "https://domain2.com");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.conf.addAllowedOrigin("*");
this.processor.processRequest(null, this.request, this.response);
replacedertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
replacedertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus());
}
17
View Source File : CorsUtils.java
License : MIT License
Project Creator : Vip-Augus
License : MIT License
Project Creator : Vip-Augus
/**
* Returns {@code true} if the request is a valid CORS one by checking {@code Origin}
* header presence and ensuring that origins are different.
*/
public static boolean isCorsRequest(HttpServletRequest request) {
String origin = request.getHeader(HttpHeaders.ORIGIN);
if (origin == null) {
return false;
}
UriComponents originUrl = UriComponentsBuilder.fromOriginHeader(origin).build();
String scheme = request.getScheme();
String host = request.getServerName();
int port = request.getServerPort();
return !(ObjectUtils.nullSafeEquals(scheme, originUrl.getScheme()) && ObjectUtils.nullSafeEquals(host, originUrl.getHost()) && getPort(scheme, port) == getPort(originUrl.getScheme(), originUrl.getPort()));
}
17
View Source File : PreCheckFilter.java
License : MIT License
Project Creator : uhonliu
License : MIT License
Project Creator : uhonliu
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String requestPath = accessManager.getRequestPath(request);
String remoteIpAddress = WebUtils.getRemoteAddress(request);
String origin = request.getHeader(HttpHeaders.ORIGIN);
AuthorityResource resource = accessManager.getResource(requestPath);
if (resource != null) {
// 资源是否公共访问验证
if (STATUS_0.equals(resource.getIsOpen().toString())) {
// 未公开
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_NOT_OPEN.getMessage()));
return;
}
// 资源状态验证
if (STATUS_0.equals(resource.getStatus().toString())) {
// 禁用
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_DISABLED.getMessage()));
return;
} else if (STATUS_2.equals(resource.getStatus().toString())) {
// 维护中
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_UPDATING.getMessage()));
return;
}
}
// ip黑名单验证
boolean deny = accessManager.matchIpOrOriginBlacklist(requestPath, remoteIpAddress, origin);
if (deny) {
// 拒绝
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_BLACK_LIMITED.getMessage()));
return;
}
// ip白名单验证
Boolean[] matchIpWhiteListResult = accessManager.matchIpOrOriginWhiteList(requestPath, remoteIpAddress, origin);
boolean hasWhiteList = matchIpWhiteListResult[0];
boolean allow = matchIpWhiteListResult[1];
if (hasWhiteList) {
// 接口存在白名单限制
if (!allow) {
accessDeniedHandler.handle(request, response, new AccessDeniedException(ErrorCode.ACCESS_DENIED_WHITE_LIMITED.getMessage()));
return;
}
}
filterChain.doFilter(request, response);
}
17
View Source File : DefaultSockJsServiceTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// SPR-13464
@Test
public void handleTransportRequestXhrSameOrigin() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
this.servletRequest.setServerName("mydomain2.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}
17
View Source File : DefaultSockJsServiceTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(403);
}
17
View Source File : DefaultSockJsServiceTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// SPR-12226
@Test
public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception {
String sockJsPath = sessionUrlPrefix + "xhr";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example", "https://mydomain2.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(200);
}
17
View Source File : DefaultSockJsServiceTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
// SPR-13545
@Test
public void handleInvalidTransportType() throws Exception {
String sockJsPath = sessionUrlPrefix + "invalid";
setRequest("POST", sockJsPrefix + sockJsPath);
this.service.setAllowedOrigins(Arrays.asList("https://mydomain1.example"));
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain2.example");
this.servletRequest.setServerName("mydomain2.example");
this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler);
replacedertThat(this.servletResponse.getStatus()).isEqualTo(404);
}
17
View Source File : OriginHandshakeInterceptorTests.java
License : Apache License 2.0
Project Creator : SourceHot
License : Apache License 2.0
Project Creator : SourceHot
@Test
public void originMatchAll() throws Exception {
this.servletRequest.addHeader(HttpHeaders.ORIGIN, "https://mydomain1.example");
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor();
interceptor.setAllowedOrigins(Collections.singletonList("*"));
replacedertThat(interceptor.beforeHandshake(request, response, wsHandler, attributes)).isTrue();
replacedertThat(HttpStatus.FORBIDDEN.value()).isNotEqualTo((long) servletResponse.getStatus());
}See More Examples
