Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 495B575EE for ; Thu, 1 Dec 2011 21:14:30 +0000 (UTC) Received: (qmail 91624 invoked by uid 500); 1 Dec 2011 21:14:30 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 91575 invoked by uid 500); 1 Dec 2011 21:14:30 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 91568 invoked by uid 99); 1 Dec 2011 21:14:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 21:14:29 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 21:14:26 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id D77CC2388993 for ; Thu, 1 Dec 2011 21:14:04 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1209241 - in /cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors: BasicCrossOriginTest.java ConfigServer.java CorsServer.java CrossOriginSimpleTest.java Date: Thu, 01 Dec 2011 21:14:04 -0000 To: commits@cxf.apache.org From: bimargulies@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111201211404.D77CC2388993@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: bimargulies Date: Thu Dec 1 21:14:02 2011 New Revision: 1209241 URL: http://svn.apache.org/viewvc?rev=1209241&view=rev Log: CXF-3943: fill in the rest of the non-annotation simple tests. Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java (contents, props changed) - copied, changed from r1209212, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java Removed: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java?rev=1209241&r1=1209240&r2=1209241&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java (original) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/ConfigServer.java Thu Dec 1 21:14:02 2011 @@ -24,6 +24,7 @@ import java.util.Arrays; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter; @@ -47,6 +48,15 @@ public class ConfigServer { } return "ok"; } + + @POST + @Path("/setAllowCredentials/{yn}") + @Produces("text/plain") + public String setAllowCredentials(@PathParam("yn") boolean yn) { + inputFilter.setAllowCredentials(yn); + return "ok"; + } + public CrossOriginResourceSharingFilter getInputFilter() { return inputFilter; Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java?rev=1209241&r1=1209240&r2=1209241&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java (original) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsServer.java Thu Dec 1 21:14:02 2011 @@ -19,10 +19,12 @@ package org.apache.cxf.systest.jaxrs.cors; +import javax.ws.rs.DELETE; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; /** * @@ -36,5 +38,9 @@ public class CorsServer { return echo; } - + @DELETE + @Path("/delete") + public Response deleteSomething() { + return Response.ok().build(); + } } Copied: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java (from r1209212, cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java) URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java?p2=cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java&p1=cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java&r1=1209212&r2=1209241&rev=1209241&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/BasicCrossOriginTest.java (original) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java Thu Dec 1 21:14:02 2011 @@ -34,6 +34,7 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; @@ -42,7 +43,18 @@ import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; -public class BasicCrossOriginTest extends AbstractBusClientServerTestBase { +/** + * Unit tests for simple CORS requests. Simple requests traffic only in allowed origins, + * allowed credentials, and exposed headers. + * + * Note that it's not the server's job to detect invalid CORS requests. If a client + * fails to preflight, it's just not our job. However, also note that all 'actual' + * requests are treated as simple requests. In other words, a DELETE gets the same + * treatment as a simple request. The 'hey, this is complex' test happens on the client, + * which thus decides to do a preflight. + * + */ +public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase { public static final String PORT = SpringServer.PORT; private WebClient configClient; @@ -58,23 +70,6 @@ public class BasicCrossOriginTest extend configClient = WebClient.create("http://localhost:" + PORT + "/config", providers); } - @Test - public void testSimpleGet() throws Exception { - String origin = "http://localhost:" + PORT; - HttpClient httpclient = new DefaultHttpClient(); - HttpGet httpget = new HttpGet(origin + "/test/simpleGet/HelloThere"); - httpget.addHeader("Origin", origin); - HttpResponse response = httpclient.execute(httpget); - HttpEntity entity = response.getEntity(); - String e = IOUtils.toString(entity.getContent(), "utf-8"); - - assertEquals("HelloThere", e); - Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN); - assertNotNull(aaoHeaders); - assertEquals(1, aaoHeaders.length); - assertEquals("*", aaoHeaders[0].getValue()); - } - private List headerValues(Header[] headers) { List values = new ArrayList(); for (Header h : headers) { @@ -87,13 +82,7 @@ public class BasicCrossOriginTest extend private void assertAllOrigin(boolean allOrigins, String[] originList, String[] requestOrigins, boolean permitted) throws ClientProtocolException, IOException { - if (allOrigins) { - originList = new String[0]; - } - // tell filter what to do. - String confResult = configClient.accept("text/plain").replacePath("/setOriginList") - .type("application/json").post(originList, String.class); - assertEquals("ok", confResult); + connfigureAllowOrigins(allOrigins, originList); HttpClient httpclient = new DefaultHttpClient(); HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere"); @@ -103,10 +92,16 @@ public class BasicCrossOriginTest extend } } HttpResponse response = httpclient.execute(httpget); + assertEquals(200, response.getStatusLine().getStatusCode()); HttpEntity entity = response.getEntity(); String e = IOUtils.toString(entity.getContent(), "utf-8"); assertEquals("HelloThere", e); // ensure that we didn't bust the operation itself. + assertOriginResponse(allOrigins, requestOrigins, permitted, response); + } + + private void assertOriginResponse(boolean allOrigins, String[] requestOrigins, boolean permitted, + HttpResponse response) { Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN); if (permitted) { assertNotNull(aaoHeaders); @@ -126,6 +121,21 @@ public class BasicCrossOriginTest extend } } + private void connfigureAllowOrigins(boolean allOrigins, String[] originList) { + if (allOrigins) { + originList = new String[0]; + } + // tell filter what to do. + String confResult = configClient.accept("text/plain").replacePath("/setOriginList") + .type("application/json").post(originList, String.class); + assertEquals("ok", confResult); + } + + @Test + public void failNoOrigin() throws Exception { + assertAllOrigin(true, null, null, false); + } + @Test public void allowStarPassOne() throws Exception { // Allow *, pass origin @@ -190,6 +200,59 @@ public class BasicCrossOriginTest extend }, false); } + + @Test + public void testAllowCredentials() throws Exception { + String r = configClient.replacePath("/setAllowCredentials/true") + .accept("text/plain").post(null, String.class); + assertEquals("ok", r); + + HttpClient httpclient = new DefaultHttpClient(); + HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere"); + httpget.addHeader("Origin", "http://localhost:" + PORT); + + HttpResponse response = httpclient.execute(httpget); + assertEquals(200, response.getStatusLine().getStatusCode()); + Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS); + assertEquals(1, aaoHeaders.length); + assertEquals("true", aaoHeaders[0].getValue()); + } + + @Test + public void testForbidCredentials() throws Exception { + String r = configClient.replacePath("/setAllowCredentials/false") + .accept("text/plain").post(null, String.class); + assertEquals("ok", r); + + HttpClient httpclient = new DefaultHttpClient(); + HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/test/simpleGet/HelloThere"); + httpget.addHeader("Origin", "http://localhost:" + PORT); + + HttpResponse response = httpclient.execute(httpget); + assertEquals(200, response.getStatusLine().getStatusCode()); + Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS); + assertEquals(1, aaoHeaders.length); + assertEquals("false", aaoHeaders[0].getValue()); + } + + @Test + public void testNonSimpleActualRequest() throws Exception { + connfigureAllowOrigins(true, null); + String r = configClient.replacePath("/setAllowCredentials/false") + .accept("text/plain").post(null, String.class); + assertEquals("ok", r); + + HttpClient httpclient = new DefaultHttpClient(); + HttpDelete httpdelete = new HttpDelete("http://localhost:" + PORT + "/test/delete"); + httpdelete.addHeader("Origin", "http://localhost:" + PORT); + + HttpResponse response = httpclient.execute(httpdelete); + assertEquals(200, response.getStatusLine().getStatusCode()); + Header[] aaoHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS); + assertEquals(1, aaoHeaders.length); + assertEquals("false", aaoHeaders[0].getValue()); + assertOriginResponse(true, null, true, response); + } @Ignore public static class SpringServer extends AbstractSpringServer { Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java ------------------------------------------------------------------------------ svn:mime-type = text/plain