Search in sources :

Example 1 with ContentTypeAwareResponse

use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.

the class ContentTypeNegotiationMessageRendererTest method shouldGenerateJSONResponseMessageForContentType.

@ParameterizedTest
@ValueSource(strings = { MediaType.APPLICATION_JSON_VALUE, "application/vnd.go.cd.v1+json", "application/vnd.go.cd.v2+json", "application/vnd.go.cd.v3+json", "application/vnd.go.cd.v4+json", "application/vnd.go.cd.v5+json", "application/vnd.go.cd.v6+json", "application/vnd.go.cd.v7+json", "application/vnd.go.cd.v8+json", "application/vnd.go.cd.v9+json", "application/vnd.go.cd.v50+json", "application/vnd.go.cd.v99+json" })
void shouldGenerateJSONResponseMessageForContentType(String contentType) {
    final MockHttpServletRequest request = HttpRequestBuilder.GET("/").withHeader("Accept", contentType).build();
    final ContentTypeAwareResponse response = new ContentTypeNegotiationMessageRenderer().getResponse(request);
    assertThat(response.getContentType().toString()).isEqualTo(contentType);
    assertThat(response.getFormattedMessage("foo")).isEqualTo("{\n  \"message\": \"foo\"\n}");
}
Also used : ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse) MockHttpServletRequest(com.thoughtworks.go.http.mocks.MockHttpServletRequest) ValueSource(org.junit.jupiter.params.provider.ValueSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 2 with ContentTypeAwareResponse

use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.

the class ContentTypeNegotiationMessageRendererTest method shouldGenerateXMLResponseMessageWhenRequestIsForXMLFile.

@Test
void shouldGenerateXMLResponseMessageWhenRequestIsForXMLFile() {
    final MockHttpServletRequest request = HttpRequestBuilder.GET("/foo.xml").build();
    final ContentTypeAwareResponse response = new ContentTypeNegotiationMessageRenderer().getResponse(request);
    assertThat(response.getContentType().toString()).isEqualTo("application/xml");
    assertThat(response.getFormattedMessage("foo")).isEqualTo("<access-denied>\n  <message>foo</message>\n</access-denied>\n");
}
Also used : ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse) MockHttpServletRequest(com.thoughtworks.go.http.mocks.MockHttpServletRequest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with ContentTypeAwareResponse

use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.

the class AccessTokenAuthenticationFilter method onAuthenticationFailure.

private void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, String errorMessage) throws IOException {
    response.setStatus(SC_UNAUTHORIZED);
    ContentTypeAwareResponse contentTypeAwareResponse = new ContentTypeNegotiationMessageRenderer().getResponse(request);
    response.setCharacterEncoding("utf-8");
    response.setContentType(contentTypeAwareResponse.getContentType().toString());
    response.getOutputStream().print(contentTypeAwareResponse.getFormattedMessage(errorMessage));
}
Also used : ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse) ContentTypeNegotiationMessageRenderer(com.thoughtworks.go.server.newsecurity.handlers.renderer.ContentTypeNegotiationMessageRenderer)

Example 4 with ContentTypeAwareResponse

use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.

the class ContentTypeNegotiationMessageRenderer method getResponse.

public ContentTypeAwareResponse getResponse(HttpServletRequest request) {
    try {
        List<MediaType> mediaTypes = MediaType.parseMediaTypes(request.getHeader("Accept"));
        MediaType.sortBySpecificityAndQuality(mediaTypes);
        for (MediaType mediaType : mediaTypes) {
            final ContentTypeAwareResponse accessDeniedHandler = ACCESS_DENIED_HANDLER_MAP.get(mediaType.removeQualityValue());
            if (accessDeniedHandler != null) {
                return accessDeniedHandler;
            }
        }
    } catch (Exception ignore) {
    }
    if (request.getRequestURI().endsWith(".xml")) {
        return APPLICATION_XML_REQUEST_HANDLER;
    }
    return JSON_ACCESS_DENIED_HANDLER;
}
Also used : ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse) MediaType(org.springframework.http.MediaType)

Example 5 with ContentTypeAwareResponse

use of com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse in project gocd by gocd.

the class DenyIfRefererIsNotFilesFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (request.getServletPath().startsWith("/files/")) {
        throw new UnsupportedOperationException("Filter should not be invoked for `/files/` urls.");
    }
    if (isRequestFromArtifact(request)) {
        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        ContentTypeAwareResponse contentTypeAwareResponse = CONTENT_TYPE_NEGOTIATION_MESSAGE_HANDLER.getResponse(request);
        response.setCharacterEncoding("utf-8");
        response.setContentType(contentTypeAwareResponse.getContentType().toString());
        response.getOutputStream().print(contentTypeAwareResponse.getFormattedMessage("Denied GoCD access for requests from artifacts."));
    } else {
        filterChain.doFilter(request, response);
    }
}
Also used : ContentTypeAwareResponse(com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)

Aggregations

ContentTypeAwareResponse (com.thoughtworks.go.server.newsecurity.models.ContentTypeAwareResponse)10 MockHttpServletRequest (com.thoughtworks.go.http.mocks.MockHttpServletRequest)4 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4 Test (org.junit.jupiter.api.Test)2 ValueSource (org.junit.jupiter.params.provider.ValueSource)2 ContentTypeNegotiationMessageRenderer (com.thoughtworks.go.server.newsecurity.handlers.renderer.ContentTypeNegotiationMessageRenderer)1 MediaType (org.springframework.http.MediaType)1