Example 1 with ContentTypeAwareResponse
use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.
the class ContentTypeNegotiationMessageRendererTest method shouldGenerateJSONResponseMessageForContentType.
@ParameterizedTest
@ValueSource(strings = { MediaType.APPLICATION_JSON_VALUE, "application/vnd.go.cd.v1+json", "application/vnd.go.cd.v2+json", "application/vnd.go.cd.v3+json", "application/vnd.go.cd.v4+json", "application/vnd.go.cd.v5+json", "application/vnd.go.cd.v6+json", "application/vnd.go.cd.v7+json", "application/vnd.go.cd.v8+json", "application/vnd.go.cd.v9+json", "application/vnd.go.cd.v50+json", "application/vnd.go.cd.v99+json" })
void shouldGenerateJSONResponseMessageForContentType(String contentType) {
final MockHttpServletRequest request = HttpRequestBuilder.GET("/").withHeader("Accept", contentType).build();
final ContentTypeAwareResponse response = new ContentTypeNegotiationMessageRenderer().getResponse(request);
assertThat(response.getContentType().toString()).isEqualTo(contentType);
assertThat(response.getFormattedMessage("foo")).isEqualTo("{\n \"message\": \"foo\"\n}");
}
Also used :
ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)
MockHttpServletRequest(com.thoughtworks.go.http.mocks.MockHttpServletRequest)
ValueSource(org.junit.jupiter.params.provider.ValueSource)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 2 with ContentTypeAwareResponse
use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.
the class ContentTypeNegotiationMessageRendererTest method shouldGenerateXMLResponseMessageWhenRequestIsForXMLFile.
@Test
void shouldGenerateXMLResponseMessageWhenRequestIsForXMLFile() {
final MockHttpServletRequest request = HttpRequestBuilder.GET("/foo.xml").build();
final ContentTypeAwareResponse response = new ContentTypeNegotiationMessageRenderer().getResponse(request);
assertThat(response.getContentType().toString()).isEqualTo("application/xml");
assertThat(response.getFormattedMessage("foo")).isEqualTo("<access-denied>\n <message>foo</message>\n</access-denied>\n");
}
Also used :
ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)
MockHttpServletRequest(com.thoughtworks.go.http.mocks.MockHttpServletRequest)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 3 with ContentTypeAwareResponse
use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.
the class AccessTokenAuthenticationFilter method onAuthenticationFailure.
private void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, String errorMessage) throws IOException {
response.setStatus(SC_UNAUTHORIZED);
ContentTypeAwareResponse contentTypeAwareResponse = new ContentTypeNegotiationMessageRenderer().getResponse(request);
response.setCharacterEncoding("utf-8");
response.setContentType(contentTypeAwareResponse.getContentType().toString());
response.getOutputStream().print(contentTypeAwareResponse.getFormattedMessage(errorMessage));
}
Also used :
ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)
ContentTypeNegotiationMessageRenderer(com.thoughtworks.go.server.newsecurity.handlers.renderer.ContentTypeNegotiationMessageRenderer)
Example 4 with ContentTypeAwareResponse
use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.
the class ContentTypeNegotiationMessageRenderer method getResponse.
public ContentTypeAwareResponse getResponse(HttpServletRequest request) {
try {
List<MediaType> mediaTypes = MediaType.parseMediaTypes(request.getHeader("Accept"));
MediaType.sortBySpecificityAndQuality(mediaTypes);
for (MediaType mediaType : mediaTypes) {
final ContentTypeAwareResponse accessDeniedHandler = ACCESS_DENIED_HANDLER_MAP.get(mediaType.removeQualityValue());
if (accessDeniedHandler != null) {
return accessDeniedHandler;
}
}
} catch (Exception ignore) {
}
if (request.getRequestURI().endsWith(".xml")) {
return APPLICATION_XML_REQUEST_HANDLER;
}
return JSON_ACCESS_DENIED_HANDLER;
}
Also used :
ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)
MediaType(org.springframework.http.MediaType)
Example 5 with ContentTypeAwareResponse
use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.
the class DenyIfRefererIsNotFilesFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (request.getServletPath().startsWith("/files/")) {
throw new UnsupportedOperationException("Filter should not be invoked for `/files/` urls.");
}
if (isRequestFromArtifact(request)) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
ContentTypeAwareResponse contentTypeAwareResponse = CONTENT_TYPE_NEGOTIATION_MESSAGE_HANDLER.getResponse(request);
response.setCharacterEncoding("utf-8");
response.setContentType(contentTypeAwareResponse.getContentType().toString());
response.getOutputStream().print(contentTypeAwareResponse.getFormattedMessage("Denied GoCD access for requests from artifacts."));
} else {
filterChain.doFilter(request, response);
}
}
Also used :
ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)
Aggregations
ContentTypeAwareResponse (com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)10
MockHttpServletRequest (com.thoughtworks.go.http.mocks.MockHttpServletRequest)4
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4
Test (org.junit.jupiter.api.Test)2
ValueSource (org.junit.jupiter.params.provider.ValueSource)2
ContentTypeNegotiationMessageRenderer (com.thoughtworks.go.server.newsecurity.handlers.renderer.ContentTypeNegotiationMessageRenderer)1
MediaType (org.springframework.http.MediaType)1
