Search in sources :

Example 66 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestCrossOriginFilter method testSameOrigin.

@Test
public void testSameOrigin() throws ServletException, IOException {
    // Setup the configuration settings of the server
    Map<String, String> conf = new HashMap<String, String>();
    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "");
    FilterConfig filterConfig = new FilterConfigTest(conf);
    // Origin is not specified for same origin requests
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn(null);
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verifyZeroInteractions(mockRes);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) CrossOriginFilter(org.apache.hadoop.security.http.CrossOriginFilter) Test(org.junit.Test)

Example 67 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestCrossOriginFilter method testDisallowedHeader.

@Test
public void testDisallowedHeader() throws ServletException, IOException {
    // Setup the configuration settings of the server
    Map<String, String> conf = new HashMap<String, String>();
    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
    FilterConfig filterConfig = new FilterConfigTest(conf);
    // Origin is not specified for same origin requests
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com");
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)).thenReturn("GET");
    Mockito.when(mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_HEADERS)).thenReturn("Disallowed-Header");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verifyZeroInteractions(mockRes);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) CrossOriginFilter(org.apache.hadoop.security.http.CrossOriginFilter) Test(org.junit.Test)

Example 68 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testNoHeaderDefaultConfigBadRequest.

@Test
public void testNoHeaderDefaultConfigBadRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
    // CSRF has not been sent
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    verify(mockRes, atLeastOnce()).sendError(HttpServletResponse.SC_BAD_REQUEST, EXPECTED_MESSAGE);
    Mockito.verifyZeroInteractions(mockChain);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 69 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testHeaderPresentDefaultConfigGoodRequest.

@Test
public void testHeaderPresentDefaultConfigGoodRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
    // CSRF HAS been sent
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn("valueUnimportant");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 70 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testMissingHeaderMultipleIgnoreMethodsConfigBadRequest.

@Test
public void testMissingHeaderMultipleIgnoreMethodsConfigBadRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET,OPTIONS");
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
    // CSRF has not been sent
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
    Mockito.when(mockReq.getMethod()).thenReturn("PUT");
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verifyZeroInteractions(mockChain);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Aggregations

FilterConfig (javax.servlet.FilterConfig)118 Test (org.junit.Test)70 HttpServletRequest (javax.servlet.http.HttpServletRequest)64 FilterChain (javax.servlet.FilterChain)63 HttpServletResponse (javax.servlet.http.HttpServletResponse)50 ServletContext (javax.servlet.ServletContext)28 HashMap (java.util.HashMap)21 ServletException (javax.servlet.ServletException)21 Vector (java.util.Vector)17 Properties (java.util.Properties)15 Filter (javax.servlet.Filter)14 ServletResponse (javax.servlet.ServletResponse)14 ServletRequest (javax.servlet.ServletRequest)12 IOException (java.io.IOException)10 SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Signer (org.apache.hadoop.security.authentication.util.Signer)9 Enumeration (java.util.Enumeration)8 CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8