Example 16 with CorsConfiguration
use of org.springframework.web.cors.CorsConfiguration in project spring-framework by spring-projects.
the class CrossOriginTests method classLevel.
@Test
public void classLevel() throws Exception {
this.handlerMapping.registerHandler(new ClassLevelController());
this.request.setRequestURI("/foo");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, false);
assertNotNull(config);
assertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
assertFalse(config.getAllowCredentials());
this.request.setRequestURI("/bar");
chain = this.handlerMapping.getHandler(request);
config = getCorsConfiguration(chain, false);
assertNotNull(config);
assertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
assertFalse(config.getAllowCredentials());
this.request.setRequestURI("/baz");
chain = this.handlerMapping.getHandler(request);
config = getCorsConfiguration(chain, false);
assertNotNull(config);
assertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
assertTrue(config.getAllowCredentials());
}
Also used :
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
HandlerExecutionChain(org.springframework.web.servlet.HandlerExecutionChain)
Test(org.junit.Test)
Example 17 with CorsConfiguration
use of org.springframework.web.cors.CorsConfiguration in project spring-framework by spring-projects.
the class CrossOriginTests method ambiguousHeaderPreFlightRequest.
@Test
public void ambiguousHeaderPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "header1");
this.request.setRequestURI("/ambiguous-header");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
assertNotNull(config);
assertArrayEquals(new String[] { "*" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
assertTrue(config.getAllowCredentials());
assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
assertNull(config.getMaxAge());
}
Also used :
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
HandlerExecutionChain(org.springframework.web.servlet.HandlerExecutionChain)
Test(org.junit.Test)
Example 18 with CorsConfiguration
use of org.springframework.web.cors.CorsConfiguration in project spring-framework by spring-projects.
the class CrossOriginTests method ambiguousProducesPreFlightRequest.
@Test
public void ambiguousProducesPreFlightRequest() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelController());
this.request.setMethod("OPTIONS");
this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET");
this.request.setRequestURI("/ambiguous-produces");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, true);
assertNotNull(config);
assertArrayEquals(new String[] { "*" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedOrigins().toArray());
assertArrayEquals(new String[] { "*" }, config.getAllowedHeaders().toArray());
assertTrue(config.getAllowCredentials());
assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders()));
assertNull(config.getMaxAge());
}
Also used :
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
HandlerExecutionChain(org.springframework.web.servlet.HandlerExecutionChain)
Test(org.junit.Test)
Example 19 with CorsConfiguration
use of org.springframework.web.cors.CorsConfiguration in project spring-framework by spring-projects.
the class CrossOriginTests method methodLevelComposedAnnotation.
// SPR-13468
@Test
public void methodLevelComposedAnnotation() throws Exception {
this.handlerMapping.registerHandler(new MethodLevelMappingWithComposedAnnotation());
this.request.setRequestURI("/foo");
HandlerExecutionChain chain = this.handlerMapping.getHandler(request);
CorsConfiguration config = getCorsConfiguration(chain, false);
assertNotNull(config);
assertArrayEquals(new String[] { "GET" }, config.getAllowedMethods().toArray());
assertArrayEquals(new String[] { "http://foo.com" }, config.getAllowedOrigins().toArray());
assertTrue(config.getAllowCredentials());
}
Also used :
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
HandlerExecutionChain(org.springframework.web.servlet.HandlerExecutionChain)
Test(org.junit.Test)
Example 20 with CorsConfiguration
use of org.springframework.web.cors.CorsConfiguration in project spring-framework by spring-projects.
the class CrossOriginTests method getCorsConfiguration.
private CorsConfiguration getCorsConfiguration(HandlerExecutionChain chain, boolean isPreFlightRequest) {
if (isPreFlightRequest) {
Object handler = chain.getHandler();
assertTrue(handler.getClass().getSimpleName().equals("PreFlightHandler"));
DirectFieldAccessor accessor = new DirectFieldAccessor(handler);
return (CorsConfiguration) accessor.getPropertyValue("config");
} else {
HandlerInterceptor[] interceptors = chain.getInterceptors();
if (interceptors != null) {
for (HandlerInterceptor interceptor : interceptors) {
if (interceptor.getClass().getSimpleName().equals("CorsInterceptor")) {
DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor);
return (CorsConfiguration) accessor.getPropertyValue("config");
}
}
}
}
return null;
}
Also used :
CorsConfiguration(org.springframework.web.cors.CorsConfiguration)
HandlerInterceptor(org.springframework.web.servlet.HandlerInterceptor)
DirectFieldAccessor(org.springframework.beans.DirectFieldAccessor)
Aggregations
CorsConfiguration (org.springframework.web.cors.CorsConfiguration)44
Test (org.junit.Test)27
HandlerExecutionChain (org.springframework.web.servlet.HandlerExecutionChain)15
HandlerMethod (org.springframework.web.method.HandlerMethod)7
Bean (org.springframework.context.annotation.Bean)4
MockHttpServletRequest (org.springframework.mock.web.test.MockHttpServletRequest)3
ServerWebExchange (org.springframework.web.server.ServerWebExchange)3
HandlerInterceptor (org.springframework.web.servlet.HandlerInterceptor)3
List (java.util.List)2
DirectFieldAccessor (org.springframework.beans.DirectFieldAccessor)2
ConditionalOnBean (org.springframework.boot.autoconfigure.condition.ConditionalOnBean)2
CrossOrigin (org.springframework.web.bind.annotation.CrossOrigin)2
RequestMethod (org.springframework.web.bind.annotation.RequestMethod)2
AnnotationConfigWebApplicationContext (org.springframework.web.context.support.AnnotationConfigWebApplicationContext)2
UrlBasedCorsConfigurationSource (org.springframework.web.cors.UrlBasedCorsConfigurationSource)2
CorsFilter (org.springframework.web.filter.CorsFilter)2
AbstractHandlerMapping (org.springframework.web.servlet.handler.AbstractHandlerMapping)2
LinkedHashMap (java.util.LinkedHashMap)1
LinkedHashSet (java.util.LinkedHashSet)1
HttpWebRequestProperties (org.apereo.cas.configuration.model.core.web.security.HttpWebRequestProperties)1
