Search in sources :

Example 1 with SecureCookieHandler

use of io.undertow.server.handlers.SecureCookieHandler in project undertow by undertow-io.

the class MarkSecureHandlerTestCase method testMarkSecureHandlerWithSecureCookieHandler.

@Test
public void testMarkSecureHandlerWithSecureCookieHandler() throws IOException, GeneralSecurityException, ServletException {
    final PathHandler root = new PathHandler();
    final ServletContainer container = ServletContainer.Factory.newInstance();
    ServletInfo s = new ServletInfo("servlet", MessageServlet.class).addInitParam(MessageServlet.MESSAGE, HELLO_WORLD).addMapping("/issecure");
    DeploymentInfo builder = new DeploymentInfo().setClassLoader(MarkSecureHandlerTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").addServlet(s);
    builder.addFilter(new FilterInfo("issecure-filter", IsSecureFilter.class));
    builder.addFilterUrlMapping("issecure-filter", "/*", DispatcherType.REQUEST);
    DeploymentManager manager = container.addDeployment(builder);
    manager.deploy();
    root.addPrefixPath(builder.getContextPath(), manager.start());
    DefaultServer.setRootHandler(new MarkSecureHandler(new SecureCookieHandler(root)));
    TestHttpClient client = new TestHttpClient();
    try {
        HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/issecure");
        HttpResponse result = client.execute(get);
        Assert.assertEquals(StatusCodes.OK, result.getStatusLine().getStatusCode());
        // When MarkSecureHandler is enabled, req.isSecure() should be true
        Assert.assertEquals("true", result.getHeaders("issecure")[0].getValue());
        // When SecureCookieHandler is enabled with MarkSecureHandler, secure cookie is enabled as this channel is treated as secure
        Header header = result.getFirstHeader("set-cookie");
        Assert.assertEquals("foo=bar; secure", header.getValue());
        final String response = HttpClientUtils.readResponse(result);
        Assert.assertEquals(HELLO_WORLD, response);
    } finally {
        client.getConnectionManager().shutdown();
    }
}
Also used : DeploymentManager(io.undertow.servlet.api.DeploymentManager) HttpGet(org.apache.http.client.methods.HttpGet) PathHandler(io.undertow.server.handlers.PathHandler) HttpResponse(org.apache.http.HttpResponse) MarkSecureHandler(io.undertow.servlet.handlers.MarkSecureHandler) TestHttpClient(io.undertow.testutils.TestHttpClient) ServletInfo(io.undertow.servlet.api.ServletInfo) Header(org.apache.http.Header) ServletContainer(io.undertow.servlet.api.ServletContainer) SecureCookieHandler(io.undertow.server.handlers.SecureCookieHandler) DeploymentInfo(io.undertow.servlet.api.DeploymentInfo) FilterInfo(io.undertow.servlet.api.FilterInfo) Test(org.junit.Test)

Aggregations

PathHandler (io.undertow.server.handlers.PathHandler)1 SecureCookieHandler (io.undertow.server.handlers.SecureCookieHandler)1 DeploymentInfo (io.undertow.servlet.api.DeploymentInfo)1 DeploymentManager (io.undertow.servlet.api.DeploymentManager)1 FilterInfo (io.undertow.servlet.api.FilterInfo)1 ServletContainer (io.undertow.servlet.api.ServletContainer)1 ServletInfo (io.undertow.servlet.api.ServletInfo)1 MarkSecureHandler (io.undertow.servlet.handlers.MarkSecureHandler)1 TestHttpClient (io.undertow.testutils.TestHttpClient)1 Header (org.apache.http.Header)1 HttpResponse (org.apache.http.HttpResponse)1 HttpGet (org.apache.http.client.methods.HttpGet)1 Test (org.junit.Test)1