tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1489385 [2/3] - in /tomcat/trunk: java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/config/
Date Tue, 04 Jun 2013 10:51:32 GMT
Added: tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java?rev=1489385&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java (added)
+++ tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java Tue Jun  4 10:51:31 2013
@@ -0,0 +1,1413 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.filters;
+
+import java.io.IOException;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestCorsFilter {
+    private FilterChain filterChain = new TesterFilterChain();
+
+    /**
+     * Tests if a GET request is treated as simple request.
+     *
+     * @See http://www.w3.org/TR/cors/#simple-method
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleGET() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Tests if a POST request is treated as simple request.
+     *
+     * @See http://www.w3.org/TR/cors/#simple-method
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimplePOST() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setContentType("text/plain");
+        request.setMethod("POST");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Tests if a HEAD request is treated as simple request.
+     *
+     * @See http://www.w3.org/TR/cors/#simple-method
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleHEAD() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("HEAD");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Test the presence of specific origin in response, when '*' is not used.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleSpecificHeader() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("POST");
+        request.setContentType("text/plain");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Tests the prsence of the origin (and not '*') in the response, when
+     * supports credentials is enabled alongwith any origin, '*'.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleAnyOriginAndSupportsCredentials()
+            throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigAnyOriginAndSupportsCredentials());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS)
+                .equals(
+                        "true"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Tests the presence of the origin (and not '*') in the response, when
+     * supports credentials is enabled alongwith any origin, '*'.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleAnyOriginAndSupportsCredentialsDisabled()
+            throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigAnyOriginAndSupportsCredentialsDisabled());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.ANY_ORIGIN));
+        Assert.assertNull(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Tests the presence of exposed headers in response, if configured.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterSimpleWithExposedHeaders() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("POST");
+        request.setContentType("text/plain");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigWithExposedHeaders());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS)
+                .equals(TesterFilterConfigs.EXPOSED_HEADERS));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    /**
+     * Checks if an OPTIONS request is processed as pre-flight.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterPreflight() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.PRE_FLIGHT.name().toLowerCase()));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS).equals(
+                "Content-Type"));
+    }
+
+    /**
+     * Checks if an OPTIONS request is processed as pre-flight where any origin
+     * is enabled.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterPreflightAnyOrigin() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.PRE_FLIGHT.name().toLowerCase()));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS).equals(
+                "Content-Type"));
+    }
+
+    /**
+     * Checks if an OPTIONS request is processed as pre-flight.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test
+    public void testDoFilterPreflightInvalidOrigin() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.example.com");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertEquals(response.getStatus(),
+                HttpServletResponse.SC_FORBIDDEN);
+    }
+
+    @Test
+    public void testDoFilterPreflightNegativeMaxAge() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfigNegativeMaxAge());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertNull(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.PRE_FLIGHT.name().toLowerCase()));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS).equals(
+                "Content-Type"));
+    }
+
+    @Test
+    public void testDoFilterPreflightWithCredentials() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSecureFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS)
+                .equals("true"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.PRE_FLIGHT.name().toLowerCase()));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS).equals(
+                "Content-Type"));
+    }
+
+    @Test
+    public void testDoFilterPreflightWithoutCredentialsAndSpecificOrigin()
+            throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigSpecificOriginAndSupportsCredentialsDisabled());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertNull(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.PRE_FLIGHT.name().toLowerCase()));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS).equals(
+                "Content-Type"));
+    }
+
+    /**
+     * Negative test, when a CORS request arrives, with a null origin.
+     */
+    @Test
+    public void testDoFilterNullOrigin() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+
+        request.setMethod("POST");
+        request.setContentType("text/plain");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.NOT_CORS, requestType);
+
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertFalse(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+    }
+
+    @Test
+    public void testDoFilterInvalidCORSOriginNotAllowed() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "www.google.com");
+        request.setMethod("POST");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    @Test(expected = ServletException.class)
+    public void testDoFilterNullRequestNullResponse() throws IOException,
+            ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(null, null, filterChain);
+    }
+
+    @Test(expected = ServletException.class)
+    public void testDoFilterNullRequestResponse() throws IOException,
+            ServletException {
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(null, response, filterChain);
+    }
+
+    @Test(expected = ServletException.class)
+    public void testDoFilterRequestNullResponse() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.doFilter(request, null, filterChain);
+    }
+
+    @Test
+    public void testInitDefaultFilterConfig() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(null);
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertTrue(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN).equals(
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG));
+        Assert.assertTrue(request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE).equals(
+                CorsFilter.CORSRequestType.SIMPLE.name().toLowerCase()));
+    }
+
+    @Test(expected = ServletException.class)
+    public void testInitInvalidFilterConfig() throws ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getFilterConfigInvalidMaxPreflightAge());
+        // If we don't get an exception at this point, then all mocked objects
+        // worked as expected.
+    }
+
+    /**
+     * Tests if a non-simple request is given to simple request handler.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test(expected = IllegalArgumentException.class)
+    public void testNotSimple() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD, "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        corsFilter.handleSimpleCORS(request, response, filterChain);
+    }
+
+    /**
+     * When a non-preflight request is given to a pre-flight request handler.
+     *
+     * @throws IOException
+     * @throws ServletException
+     */
+    @Test(expected = IllegalArgumentException.class)
+    public void testNotPreflight() throws IOException, ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        corsFilter.handlePreflightCORS(request, response, filterChain);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testDecorateCORSPropertiesNullRequestNullCORSRequestType() {
+        CorsFilter.decorateCORSProperties(null, null);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testDecorateCORSPropertiesNullRequestValidCORSRequestType() {
+        CorsFilter.decorateCORSProperties(null,
+                CorsFilter.CORSRequestType.SIMPLE);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testDecorateCORSPropertiesValidRequestNullRequestType() {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        CorsFilter.decorateCORSProperties(request, null);
+    }
+
+    @Test
+    public void testDecorateCORSPropertiesCORSRequestTypeNotCORS() {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        CorsFilter.decorateCORSProperties(request,
+                CorsFilter.CORSRequestType.NOT_CORS);
+        Assert.assertFalse(((Boolean) request.getAttribute(
+                CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST)).booleanValue());
+    }
+
+    @Test
+    public void testDecorateCORSPropertiesCORSRequestTypeInvalidCORS() {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        CorsFilter
+                .decorateCORSProperties(request,
+                        CorsFilter.CORSRequestType.INVALID_CORS);
+        Assert.assertNull(request
+                .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST));
+    }
+
+    @Test
+    public void testCheckSimpleRequestTypeAnyOrigin() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.w3.org");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.SIMPLE, requestType);
+    }
+
+    /**
+     * Happy path test, when a valid CORS Simple request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckSimpleRequestType() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.SIMPLE, requestType);
+    }
+
+    /**
+     * Happy path test, when a valid CORS Simple request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckActualRequestType() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setMethod("PUT");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.ACTUAL, requestType);
+    }
+
+    /**
+     * Happy path test, when a valid CORS Simple request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckActualRequestTypeMethodPOSTNotSimpleHeaders()
+            throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setMethod("POST");
+        request.setContentType("application/json");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.ACTUAL, requestType);
+    }
+
+    /**
+     * Happy path test, when a valid CORS Pre-flight request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckPreFlightRequestType() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Content-Type");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.PRE_FLIGHT, requestType);
+    }
+
+    /**
+     * when a valid CORS Pre-flight request arrives, with no
+     * Access-Control-Request-Method
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeNoACRM() throws ServletException,
+            IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.ACTUAL, requestType);
+    }
+
+    /**
+     * when a valid CORS Pre-flight request arrives, with empty
+     * Access-Control-Request-Method
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeEmptyACRM()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    /**
+     * Happy path test, when a valid CORS Pre-flight request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeNoHeaders()
+            throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.PRE_FLIGHT, requestType);
+    }
+
+    /**
+     * Section 6.2.3
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeInvalidRequestMethod()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "POLITE");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Section Section 6.2.5
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeUnsupportedRequestMethod()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "TRACE");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Section Section 6.2.6
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeUnsupportedRequestHeaders()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "X-ANSWER");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSecureFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Section Section 6.2.7
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeAnyOriginNoWithCredentials()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "Origin");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigAnyOriginAndSupportsCredentialsDisabled());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "*"));
+        Assert.assertNull(response
+                .getHeader(CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS));
+    }
+
+    @Test
+    public void testCheckPreFlightRequestTypeOriginNotAllowed()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "www.ebay.com");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSecureFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Happy path test, when a valid CORS Pre-flight request arrives.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckPreFlightRequestTypeEmptyHeaders()
+            throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTP_TOMCAT_APACHE_ORG);
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
+                "PUT");
+        request.setHeader(
+                CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
+                "");
+        request.setMethod("OPTIONS");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.PRE_FLIGHT, requestType);
+    }
+
+    /**
+     * Negative test, when a CORS request arrives, with an empty origin.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckNotCORSRequestTypeEmptyOrigin()
+            throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    /**
+     * Tests for failure, when a different domain is used, that's not in the
+     * allowed list of origins.
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckInvalidOrigin() throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "www.example.com");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Tests for failure, when a different sub-domain is used, that's not in the
+     * allowed list of origins.
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckInvalidOriginNotAllowedSubdomain()
+            throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://commons.apache.org");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * PUT is not an allowed request method.
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckInvalidRequestMethod() throws ServletException,
+            IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://tomcat.apache.org");
+        request.setMethod("PUT");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * When requestMethod is null
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckNullRequestMethod() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://tomcat.apache.org");
+        request.setMethod(null);
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    /**
+     * "http://tomcat.apache.org" is an allowed origin and
+     * "https://tomcat.apache.org" is not, because scheme doesn't match
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testCheckForSchemeVariance() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "https://tomcat.apache.org");
+        request.setMethod("POST");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    /**
+     * "http://tomcat.apache.org" is an allowed origin and
+     * "http://tomcat.apache.org:8080" is not, because ports doesn't match
+     *
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Test
+    public void testCheckForPortVariance() throws ServletException, IOException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://tomcat.apache.org:8080");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getSpecificOriginFilterConfig());
+        corsFilter.doFilter(request, response, filterChain);
+        Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+                response.getStatus());
+    }
+
+    /**
+     * Tests for failure, when an invalid {@link HttpServletRequest} is
+     * encountered.
+     *
+     * @throws ServletException
+     */
+    @Test(expected = IllegalArgumentException.class)
+    public void testCheckRequestTypeNull() throws ServletException {
+        HttpServletRequest request = null;
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.checkRequestType(request);
+    }
+
+    @Test
+    public void testJoin() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = ",";
+        elements.add("world");
+        elements.add("peace");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("world,peace".equals(join));
+    }
+
+    @Test
+    public void testJoinSingleElement() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = ",";
+        elements.add("world");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("world".equals(join));
+    }
+
+    @Test
+    public void testJoinSepNull() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = null;
+        elements.add("world");
+        elements.add("peace");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("world,peace".equals(join));
+    }
+
+    @Test
+    public void testJoinElementsNull() {
+        Set<String> elements = null;
+        String separator = ",";
+        String join = CorsFilter.join(elements, separator);
+
+        Assert.assertNull(join);
+    }
+
+    @Test
+    public void testJoinOneNullElement() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = ",";
+        elements.add(null);
+        elements.add("peace");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue(",peace".equals(join));
+    }
+
+    @Test
+    public void testJoinAllNullElements() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = ",";
+        elements.add(null);
+        elements.add(null);
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("".equals(join));
+    }
+
+    @Test
+    public void testJoinAllEmptyElements() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = ",";
+        elements.add("");
+        elements.add("");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("".equals(join));
+    }
+
+    @Test
+    public void testJoinPipeSeparator() {
+        Set<String> elements = new LinkedHashSet<>();
+        String separator = "|";
+        elements.add("world");
+        elements.add("peace");
+        String join = CorsFilter.join(elements, separator);
+        Assert.assertTrue("world|peace".equals(join));
+    }
+
+    @Test
+    public void testWithFilterConfig() throws ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getDefaultFilterConfig());
+        Assert.assertTrue(corsFilter.getAllowedHttpHeaders().size() == 6);
+        Assert.assertTrue(corsFilter.getAllowedHttpMethods().size() == 4);
+        Assert.assertTrue(corsFilter.getAllowedOrigins().size() == 0);
+        Assert.assertTrue(corsFilter.isAnyOriginAllowed());
+        Assert.assertTrue(corsFilter.getExposedHeaders().size() == 0);
+        Assert.assertTrue(corsFilter.isSupportsCredentials());
+        Assert.assertTrue(corsFilter.getPreflightMaxAge() == 1800);
+    }
+
+    @Test(expected = ServletException.class)
+    public void testWithFilterConfigInvalidPreflightAge()
+            throws ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getFilterConfigInvalidMaxPreflightAge());
+    }
+
+    @Test
+    public void testWithStringParserEmpty() throws ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getEmptyFilterConfig());
+        Assert.assertTrue(corsFilter.getAllowedHttpHeaders().size() == 0);
+        Assert.assertTrue(corsFilter.getAllowedHttpMethods().size() == 0);
+        Assert.assertTrue(corsFilter.getAllowedOrigins().size() == 0);
+        Assert.assertTrue(corsFilter.getExposedHeaders().size() == 0);
+        Assert.assertFalse(corsFilter.isSupportsCredentials());
+        Assert.assertTrue(corsFilter.getPreflightMaxAge() == 0);
+    }
+
+    /**
+     * If an init param is null, it's default value will be used.
+     *
+     * @throws ServletException
+     */
+    @Test
+    public void testWithStringParserNull() throws ServletException {
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getNullFilterConfig());
+        Assert.assertTrue(corsFilter.getAllowedHttpHeaders().size() == 6);
+        Assert.assertTrue(corsFilter.getAllowedHttpMethods().size() == 4);
+        Assert.assertTrue(corsFilter.getAllowedOrigins().size() == 0);
+        Assert.assertTrue(corsFilter.isAnyOriginAllowed());
+        Assert.assertTrue(corsFilter.getExposedHeaders().size() == 0);
+        Assert.assertTrue(corsFilter.isSupportsCredentials());
+        Assert.assertTrue(corsFilter.getPreflightMaxAge() == 1800);
+    }
+
+    @Test
+    public void testValidOrigin() {
+        Assert.assertTrue(CorsFilter.isValidOrigin("http://www.w3.org"));
+    }
+
+    @Test
+    public void testInValidOriginCRLF() {
+        Assert.assertFalse(CorsFilter.isValidOrigin("http://www.w3.org\r\n"));
+    }
+
+    @Test
+    public void testInValidOriginEncodedCRLF1() {
+        Assert.assertFalse(CorsFilter.isValidOrigin("http://www.w3.org%0d%0a"));
+    }
+
+    @Test
+    public void testInValidOriginEncodedCRLF2() {
+        Assert.assertFalse(CorsFilter.isValidOrigin("http://www.w3.org%0D%0A"));
+    }
+
+    @Test
+    public void testInValidOriginEncodedCRLF3() {
+        Assert.assertFalse(CorsFilter
+                .isValidOrigin("http://www.w3.org%0%0d%0ad%0%0d%0aa"));
+    }
+
+    @Test
+    public void testCheckInvalidCRLF1() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.w3.org\r\n");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    @Test
+    public void testCheckInvalidCRLF2() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.w3.org\r\n");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    @Test
+    public void testCheckInvalidCRLF3() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.w3.org%0d%0a");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    @Test
+    public void testCheckInvalidCRLF4() throws ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                "http://www.w3.org%0D%0A");
+        request.setMethod("GET");
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs
+                .getDefaultFilterConfig());
+        CorsFilter.CORSRequestType requestType =
+                corsFilter.checkRequestType(request);
+        Assert.assertEquals(CorsFilter.CORSRequestType.INVALID_CORS,
+                requestType);
+    }
+
+    @Test
+    public void testDecorateRequestDisabled() throws IOException,
+            ServletException {
+        TesterHttpServletRequest request = new TesterHttpServletRequest();
+        request.setHeader(CorsFilter.REQUEST_HEADER_ORIGIN,
+                TesterFilterConfigs.HTTPS_WWW_APACHE_ORG);
+        request.setMethod("GET");
+        TesterHttpServletResponse response = new TesterHttpServletResponse();
+
+        CorsFilter corsFilter = new CorsFilter();
+        corsFilter.init(TesterFilterConfigs.getFilterConfigDecorateRequestDisabled());
+        corsFilter.doFilter(request, response, filterChain);
+
+        Assert.assertTrue(response.getHeader(
+                CorsFilter.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN).equals(
+                "https://www.apache.org"));
+        Assert.assertNull(request
+                .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_IS_CORS_REQUEST));
+        Assert.assertNull(request
+                .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_ORIGIN));
+        Assert.assertNull(request
+                .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_HEADERS));
+        Assert.assertNull(request
+                .getAttribute(CorsFilter.HTTP_REQUEST_ATTRIBUTE_REQUEST_TYPE));
+    }
+
+    @Test
+    public void testDestroy() {
+        // Nothing to test.
+        // NO-OP
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/filters/TestCorsFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: tomcat/trunk/test/org/apache/catalina/filters/TesterFilterChain.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TesterFilterChain.java?rev=1489385&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/filters/TesterFilterChain.java (added)
+++ tomcat/trunk/test/org/apache/catalina/filters/TesterFilterChain.java Tue Jun  4 10:51:31 2013
@@ -0,0 +1,33 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.catalina.filters;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+public class TesterFilterChain implements FilterChain {
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response)
+            throws IOException, ServletException {
+        // NoOp
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/filters/TesterFilterChain.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java?rev=1489385&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java (added)
+++ tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java Tue Jun  4 10:51:31 2013
@@ -0,0 +1,288 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.catalina.filters;
+
+import java.util.Enumeration;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+public class TesterFilterConfigs {
+    public static final String HTTPS_WWW_APACHE_ORG = "https://www.apache.org";
+    public static final String HTTP_TOMCAT_APACHE_ORG =
+            "http://tomcat.apache.org";
+    public static final String EXPOSED_HEADERS = "X-CUSTOM-HEADER";
+    /**
+     * Any origin
+     */
+    public static final String ANY_ORIGIN = "*";
+
+    public static final TesterServletContext mockServletContext =
+            new TesterServletContext();
+
+    public static FilterConfig getDefaultFilterConfig() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS;
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getFilterConfigAnyOriginAndSupportsCredentials() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials = "true";
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig
+            getFilterConfigAnyOriginAndSupportsCredentialsDisabled() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials = "false";
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig
+            getFilterConfigSpecificOriginAndSupportsCredentialsDisabled() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String allowedOrigins =
+                HTTP_TOMCAT_APACHE_ORG + "," + HTTPS_WWW_APACHE_ORG;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials = "false";
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getFilterConfigWithExposedHeaders() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS;
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getSecureFilterConfig() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String allowedOrigins = HTTPS_WWW_APACHE_ORG;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials = "true";
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getNullFilterConfig() {
+        return generateFilterConfig(null, null, null, null, null, null, null);
+    }
+
+    public static FilterConfig getSpecificOriginFilterConfig() {
+        final String allowedOrigins =
+                HTTPS_WWW_APACHE_ORG + "," + HTTP_TOMCAT_APACHE_ORG;
+
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getSpecificOriginFilterConfigNegativeMaxAge() {
+        final String allowedOrigins =
+                HTTPS_WWW_APACHE_ORG + "," + HTTP_TOMCAT_APACHE_ORG;
+
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS + ",PUT";
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge = "-1";
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getFilterConfigInvalidMaxPreflightAge() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS;
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge = "abc";
+        final String decorateRequest = CorsFilter.DEFAULT_DECORATE_REQUEST;
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getEmptyFilterConfig() {
+        final String allowedHttpHeaders = "";
+        final String allowedHttpMethods = "";
+        final String allowedOrigins = "";
+        final String exposedHeaders = "";
+        final String supportCredentials = "";
+        final String preflightMaxAge = "";
+        final String decorateRequest = "";
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    public static FilterConfig getFilterConfigDecorateRequestDisabled() {
+        final String allowedHttpHeaders =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_HEADERS;
+        final String allowedHttpMethods =
+                CorsFilter.DEFAULT_ALLOWED_HTTP_METHODS;
+        final String allowedOrigins = CorsFilter.DEFAULT_ALLOWED_ORIGINS;
+        final String exposedHeaders = CorsFilter.DEFAULT_EXPOSED_HEADERS;
+        final String supportCredentials =
+                CorsFilter.DEFAULT_SUPPORTS_CREDENTIALS;
+        final String preflightMaxAge =
+                CorsFilter.DEFAULT_PREFLIGHT_MAXAGE;
+        final String decorateRequest = "false";
+
+        return generateFilterConfig(allowedHttpHeaders, allowedHttpMethods,
+                allowedOrigins, exposedHeaders, supportCredentials,
+                preflightMaxAge, decorateRequest);
+    }
+
+    private static FilterConfig generateFilterConfig(
+            final String allowedHttpHeaders, final String allowedHttpMethods,
+            final String allowedOrigins, final String exposedHeaders,
+            final String supportCredentials, final String preflightMaxAge,
+            final String decorateRequest) {
+        FilterConfig filterConfig = new FilterConfig() {
+
+            @Override
+            public String getFilterName() {
+                return "cors-filter";
+            }
+
+            @Override
+            public ServletContext getServletContext() {
+                return mockServletContext;
+            }
+
+            @Override
+            public String getInitParameter(String name) {
+                if (CorsFilter.PARAM_CORS_ALLOWED_HEADERS
+                        .equalsIgnoreCase(name)) {
+                    return allowedHttpHeaders;
+                } else if (CorsFilter.PARAM_CORS_ALLOWED_METHODS
+                        .equalsIgnoreCase(name)) {
+                    return allowedHttpMethods;
+                } else if (CorsFilter.PARAM_CORS_ALLOWED_ORIGINS
+                        .equalsIgnoreCase(name)) {
+                    return allowedOrigins;
+                } else if (CorsFilter.PARAM_CORS_EXPOSED_HEADERS
+                        .equalsIgnoreCase(name)) {
+                    return exposedHeaders;
+                } else if (CorsFilter.PARAM_CORS_SUPPORT_CREDENTIALS
+                        .equalsIgnoreCase(name)) {
+                    return supportCredentials;
+                } else if (CorsFilter.PARAM_CORS_PREFLIGHT_MAXAGE
+                        .equalsIgnoreCase(name)) {
+                    return preflightMaxAge;
+                } else if (CorsFilter.PARAM_CORS_REQUEST_DECORATE
+                        .equalsIgnoreCase(name)) {
+                    return decorateRequest;
+                }
+                return null;
+            }
+
+            @Override
+            public Enumeration<String> getInitParameterNames() {
+                return null;
+            }
+        };
+
+        return filterConfig;
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/filters/TesterFilterConfigs.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: tomcat/trunk/test/org/apache/catalina/filters/TesterHttpServletRequest.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/filters/TesterHttpServletRequest.java?rev=1489385&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/filters/TesterHttpServletRequest.java (added)
+++ tomcat/trunk/test/org/apache/catalina/filters/TesterHttpServletRequest.java Tue Jun  4 10:51:31 2013
@@ -0,0 +1,468 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.catalina.filters;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.AsyncContext;
+import javax.servlet.DispatcherType;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpUpgradeHandler;
+import javax.servlet.http.Part;
+
+public class TesterHttpServletRequest implements HttpServletRequest {
+
+    private Map<String, Object> attributes = new HashMap<>();
+    private Map<String, List<String>> headers = new HashMap<>();
+    private String method;
+    private String contentType;
+
+    @Override
+    public Object getAttribute(String name) {
+        return attributes.get(name);
+    }
+
+    @Override
+    public Enumeration<String> getAttributeNames() {
+        return Collections.enumeration(attributes.keySet());
+    }
+
+    @Override
+    public String getCharacterEncoding() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public void setCharacterEncoding(String env)
+            throws UnsupportedEncodingException {
+
+    }
+
+    @Override
+    public int getContentLength() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getContentType() {
+        return this.contentType;
+    }
+
+    public void setContentType(String contentType) {
+        this.contentType = contentType;
+    }
+
+    @Override
+    public ServletInputStream getInputStream() throws IOException {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getParameter(String name) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Enumeration<String> getParameterNames() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String[] getParameterValues(String name) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Map<String,String[]> getParameterMap() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getProtocol() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getScheme() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getServerName() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public int getServerPort() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public BufferedReader getReader() throws IOException {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRemoteAddr() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRemoteHost() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public void setAttribute(String name, Object o) {
+        attributes.put(name, o);
+    }
+
+    @Override
+    public void removeAttribute(String name) {
+        attributes.remove(name);
+    }
+
+    @Override
+    public Locale getLocale() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Enumeration<Locale> getLocales() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isSecure() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public RequestDispatcher getRequestDispatcher(String path) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRealPath(String path) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public int getRemotePort() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getLocalName() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getLocalAddr() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public int getLocalPort() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getAuthType() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Cookie[] getCookies() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public long getDateHeader(String name) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getHeader(String name) {
+        List<String> list = headers.get(name);
+        if (list != null) {
+            return list.get(0);
+            // return CorsFilter.join(new HashSet<>(list), ",");
+        }
+        return null;
+    }
+
+    public void setHeader(String name, String value) {
+        List<String> values = new ArrayList<>();
+        values.add(value);
+        headers.put(name, values);
+    }
+
+    @Override
+    public Enumeration<String> getHeaders(String name) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Enumeration<String> getHeaderNames() {
+        return Collections.enumeration(headers.keySet());
+    }
+
+    @Override
+    public int getIntHeader(String name) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getMethod() {
+        return method;
+    }
+
+    public void setMethod(String method) {
+        this.method = method;
+    }
+
+    @Override
+    public String getPathInfo() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getPathTranslated() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getContextPath() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getQueryString() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRemoteUser() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isUserInRole(String role) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Principal getUserPrincipal() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRequestedSessionId() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getRequestURI() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public StringBuffer getRequestURL() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String getServletPath() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public HttpSession getSession(boolean create) {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public HttpSession getSession() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isRequestedSessionIdValid() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isRequestedSessionIdFromCookie() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isRequestedSessionIdFromURL() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isRequestedSessionIdFromUrl() {
+
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public long getContentLengthLong() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public ServletContext getServletContext() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public AsyncContext startAsync() throws IllegalStateException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public AsyncContext startAsync(ServletRequest servletRequest,
+            ServletResponse servletResponse) throws IllegalStateException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isAsyncStarted() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean isAsyncSupported() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public AsyncContext getAsyncContext() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public DispatcherType getDispatcherType() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public String changeSessionId() {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public boolean authenticate(HttpServletResponse response)
+            throws IOException, ServletException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public void login(String username, String password)
+            throws ServletException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public void logout() throws ServletException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Collection<Part> getParts() throws IOException, ServletException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public Part getPart(String name) throws IOException, ServletException {
+        throw new RuntimeException("Not implemented");
+    }
+
+    @Override
+    public <T extends HttpUpgradeHandler> T upgrade(
+            Class<T> httpUpgradeHandlerClass) throws IOException {
+        throw new RuntimeException("Not implemented");
+    }
+
+}

Propchange: tomcat/trunk/test/org/apache/catalina/filters/TesterHttpServletRequest.java
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message