cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bimargul...@apache.org
Subject svn commit: r1209241 - in /cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors: BasicCrossOriginTest.java ConfigServer.java CorsServer.java CrossOriginSimpleTest.java
Date Thu, 01 Dec 2011 21:14:04 GMT
Author: bimargulies
Date: Thu Dec  1 21:14:02 2011
New Revision: 1209241

URL: http://svn.apache.org/viewvc?rev=1209241&view=rev
Log:
CXF-3943: fill in the rest of the non-annotation simple tests.

Added:
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
  (contents, props changed)
      - copied, changed from r1209212, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java
Removed:
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java
Modified:
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java?rev=1209241&r1=1209240&r2=1209241&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java
Thu Dec  1 21:14:02 2011
@@ -24,6 +24,7 @@ import java.util.Arrays;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 
 import org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter;
@@ -47,6 +48,15 @@ public class ConfigServer {
         }
         return "ok";
     }
+    
+    @POST
+    @Path("/setAllowCredentials/{yn}")
+    @Produces("text/plain")
+    public String setAllowCredentials(@PathParam("yn") boolean yn) {
+        inputFilter.setAllowCredentials(yn);
+        return "ok";
+    }
+          
 
     public CrossOriginResourceSharingFilter getInputFilter() {
         return inputFilter;

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java?rev=1209241&r1=1209240&r2=1209241&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java
Thu Dec  1 21:14:02 2011
@@ -19,10 +19,12 @@
 
 package org.apache.cxf.systest.jaxrs.cors;
 
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
 
 /**
  * 
@@ -36,5 +38,9 @@ public class CorsServer {
         return echo;
     }
     
-
+    @DELETE
+    @Path("/delete")
+    public Response deleteSomething() {
+        return Response.ok().build();
+    }
 }

Copied: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
(from r1209212, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java?p2=cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java&p1=cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java&r1=1209212&r2=1209241&rev=1209241&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
Thu Dec  1 21:14:02 2011
@@ -34,6 +34,7 @@ import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpDelete;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.DefaultHttpClient;
 
@@ -42,7 +43,18 @@ import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 
-public class BasicCrossOriginTest extends AbstractBusClientServerTestBase {
+/**
+ * Unit tests for simple CORS requests. Simple requests traffic only in allowed origins,
+ * allowed credentials, and exposed headers. 
+ * 
+ * Note that it's not the server's job to detect invalid CORS requests. If a client
+ * fails to preflight, it's just not our job. However, also note that all 'actual' 
+ * requests are treated as simple requests. In other words, a DELETE gets the same
+ * treatment as a simple request. The 'hey, this is complex' test happens on the client,
+ * which thus decides to do a preflight.
+ * 
+ */
+public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase {
     public static final String PORT = SpringServer.PORT;
     private WebClient configClient;
 
@@ -58,23 +70,6 @@ public class BasicCrossOriginTest extend
         configClient = WebClient.create("http://localhost:" + PORT + "/config", providers);
     }
 
-    @Test
-    public void testSimpleGet() throws Exception {
-        String origin = "http://localhost:" + PORT;
-        HttpClient httpclient = new DefaultHttpClient();
-        HttpGet httpget = new HttpGet(origin + "/test/simpleGet/HelloThere");
-        httpget.addHeader("Origin", origin);
-        HttpResponse response = httpclient.execute(httpget);
-        HttpEntity entity = response.getEntity();
-        String e = IOUtils.toString(entity.getContent(), "utf-8");
-
-        assertEquals("HelloThere", e);
-        Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
-        assertNotNull(aaoHeaders);
-        assertEquals(1, aaoHeaders.length);
-        assertEquals("*", aaoHeaders[0].getValue());
-    }
-    
     private List<String> headerValues(Header[] headers) {
         List<String> values = new ArrayList<String>();
         for (Header h : headers) {
@@ -87,13 +82,7 @@ public class BasicCrossOriginTest extend
 
     private void assertAllOrigin(boolean allOrigins, String[] originList, String[] requestOrigins,
                                  boolean permitted) throws ClientProtocolException, IOException
{
-        if (allOrigins) {
-            originList = new String[0];
-        }
-        // tell filter what to do.
-        String confResult = configClient.accept("text/plain").replacePath("/setOriginList")
-            .type("application/json").post(originList, String.class);
-        assertEquals("ok", confResult);
+        connfigureAllowOrigins(allOrigins, originList);
 
         HttpClient httpclient = new DefaultHttpClient();
         HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere");
@@ -103,10 +92,16 @@ public class BasicCrossOriginTest extend
             }
         }
         HttpResponse response = httpclient.execute(httpget);
+        assertEquals(200, response.getStatusLine().getStatusCode());
         HttpEntity entity = response.getEntity();
         String e = IOUtils.toString(entity.getContent(), "utf-8");
 
         assertEquals("HelloThere", e); // ensure that we didn't bust the operation itself.
+        assertOriginResponse(allOrigins, requestOrigins, permitted, response);
+    }
+
+    private void assertOriginResponse(boolean allOrigins, String[] requestOrigins, boolean
permitted,
+                                      HttpResponse response) {
         Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
         if (permitted) {
             assertNotNull(aaoHeaders);
@@ -126,6 +121,21 @@ public class BasicCrossOriginTest extend
         }
     }
 
+    private void connfigureAllowOrigins(boolean allOrigins, String[] originList) {
+        if (allOrigins) {
+            originList = new String[0];
+        }
+        // tell filter what to do.
+        String confResult = configClient.accept("text/plain").replacePath("/setOriginList")
+            .type("application/json").post(originList, String.class);
+        assertEquals("ok", confResult);
+    }
+    
+    @Test
+    public void failNoOrigin() throws Exception {
+        assertAllOrigin(true, null, null, false);
+    }
+
     @Test
     public void allowStarPassOne() throws Exception {
         // Allow *, pass origin
@@ -190,6 +200,59 @@ public class BasicCrossOriginTest extend
         }, false);
 
     }
+    
+    @Test
+    public void testAllowCredentials() throws Exception {
+        String r = configClient.replacePath("/setAllowCredentials/true")
+                .accept("text/plain").post(null, String.class);
+        assertEquals("ok", r);
+        
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere");
+        httpget.addHeader("Origin", "http://localhost:" + PORT);
+
+        HttpResponse response = httpclient.execute(httpget);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS);
+        assertEquals(1, aaoHeaders.length);
+        assertEquals("true", aaoHeaders[0].getValue());
+    }
+    
+    @Test
+    public void testForbidCredentials() throws Exception {
+        String r = configClient.replacePath("/setAllowCredentials/false")
+                .accept("text/plain").post(null, String.class);
+        assertEquals("ok", r);
+        
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere");
+        httpget.addHeader("Origin", "http://localhost:" + PORT);
+
+        HttpResponse response = httpclient.execute(httpget);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS);
+        assertEquals(1, aaoHeaders.length);
+        assertEquals("false", aaoHeaders[0].getValue());
+    }
+    
+    @Test
+    public void testNonSimpleActualRequest() throws Exception {
+        connfigureAllowOrigins(true, null);
+        String r = configClient.replacePath("/setAllowCredentials/false")
+            .accept("text/plain").post(null, String.class);
+        assertEquals("ok", r);
+        
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpDelete httpdelete = new HttpDelete("http://localhost:" + PORT + "/test/delete");
+        httpdelete.addHeader("Origin", "http://localhost:" + PORT);
+
+        HttpResponse response = httpclient.execute(httpdelete);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS);
+        assertEquals(1, aaoHeaders.length);
+        assertEquals("false", aaoHeaders[0].getValue());
+        assertOriginResponse(true, null, true, response);
+    }
 
     @Ignore
     public static class SpringServer extends AbstractSpringServer {

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message