Search in sources :

Example 26 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestCrossOriginFilter method testAllowAllOrigins.

@Test
public void testAllowAllOrigins() throws ServletException, IOException {
    // Setup the configuration settings of the server
    Map<String, String> conf = new HashMap<String, String>();
    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*");
    FilterConfig filterConfig = new FilterConfigTest(conf);
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
    Assert.assertTrue(filter.areOriginsAllowed("example.com"));
}
Also used : HashMap(java.util.HashMap) FilterConfig(javax.servlet.FilterConfig) CrossOriginFilter(org.apache.hadoop.security.http.CrossOriginFilter) Test(org.junit.Test)

Example 27 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestCrossOriginFilter method testCrossOriginFilter.

@Test
public void testCrossOriginFilter() throws ServletException, IOException {
    // Setup the configuration settings of the server
    Map<String, String> conf = new HashMap<String, String>();
    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
    FilterConfig filterConfig = new FilterConfigTest(conf);
    // Origin is not specified for same origin requests
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com");
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)).thenReturn("GET");
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_HEADERS)).thenReturn("X-Requested-With");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verify(mockRes).setHeader(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN, "example.com");
    Mockito.verify(mockRes).setHeader(CrossOriginFilter.ACCESS_CONTROL_ALLOW_CREDENTIALS, Boolean.TRUE.toString());
    Mockito.verify(mockRes).setHeader(CrossOriginFilter.ACCESS_CONTROL_ALLOW_METHODS, filter.getAllowedMethodsHeader());
    Mockito.verify(mockRes).setHeader(CrossOriginFilter.ACCESS_CONTROL_ALLOW_HEADERS, filter.getAllowedHeadersHeader());
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) CrossOriginFilter(org.apache.hadoop.security.http.CrossOriginFilter) Test(org.junit.Test)

Example 28 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestCrossOriginFilter method testDisallowedMethod.

@Test
public void testDisallowedMethod() throws ServletException, IOException {
    // Setup the configuration settings of the server
    Map<String, String> conf = new HashMap<String, String>();
    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
    FilterConfig filterConfig = new FilterConfigTest(conf);
    // Origin is not specified for same origin requests
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com");
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)).thenReturn("DISALLOWED_METHOD");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verifyZeroInteractions(mockRes);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) CrossOriginFilter(org.apache.hadoop.security.http.CrossOriginFilter) Test(org.junit.Test)

Example 29 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testMissingHeaderIgnoreGETMethodConfigGoodRequest.

@Test
public void testMissingHeaderIgnoreGETMethodConfigGoodRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET");
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
    // CSRF has not been sent
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
    Mockito.when(mockReq.getMethod()).thenReturn("GET");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 30 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testHeaderPresentCustomHeaderConfigGoodRequest.

@Test
public void testHeaderPresentCustomHeaderConfigGoodRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
    // CSRF HAS been sent
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(X_CUSTOM_HEADER)).thenReturn("valueUnimportant");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Aggregations

FilterConfig (javax.servlet.FilterConfig)118 Test (org.junit.Test)70 HttpServletRequest (javax.servlet.http.HttpServletRequest)64 FilterChain (javax.servlet.FilterChain)63 HttpServletResponse (javax.servlet.http.HttpServletResponse)50 ServletContext (javax.servlet.ServletContext)28 HashMap (java.util.HashMap)21 ServletException (javax.servlet.ServletException)21 Vector (java.util.Vector)17 Properties (java.util.Properties)15 Filter (javax.servlet.Filter)14 ServletResponse (javax.servlet.ServletResponse)14 ServletRequest (javax.servlet.ServletRequest)12 IOException (java.io.IOException)10 SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Signer (org.apache.hadoop.security.authentication.util.Signer)9 Enumeration (java.util.Enumeration)8 CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8