Search in sources :

Example 71 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testNoHeaderDefaultConfigNonBrowserGoodRequest.

@Test
public void testNoHeaderDefaultConfigNonBrowserGoodRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
    // CSRF has not been sent
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(NON_BROWSER);
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 72 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestRestCsrfPreventionFilter method testMissingHeaderWithCustomHeaderConfigBadRequest.

@Test
public void testMissingHeaderWithCustomHeaderConfigBadRequest() throws ServletException, IOException {
    // Setup the configuration settings of the server
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
    Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
    HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
    // CSRF has not been sent
    Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
    // Objects to verify interactions based on request
    HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
    FilterChain mockChain = Mockito.mock(FilterChain.class);
    // Object under test
    RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
    filter.init(filterConfig);
    filter.doFilter(mockReq, mockRes, mockChain);
    Mockito.verifyZeroInteractions(mockChain);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 73 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestXFrameOptionsFilter method testDefaultOptionsValue.

@Test
public void testDefaultOptionsValue() throws Exception {
    final Collection<String> headers = new ArrayList<String>();
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    FilterChain chain = Mockito.mock(FilterChain.class);
    Mockito.doAnswer(new Answer() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            Object[] args = invocation.getArguments();
            Assert.assertTrue("header should be visible inside chain and filters.", ((HttpServletResponse) args[1]).containsHeader(X_FRAME_OPTIONS));
            return null;
        }
    }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
    Mockito.doAnswer(new Answer() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            Object[] args = invocation.getArguments();
            Assert.assertTrue("Options value incorrect should be DENY but is: " + args[1], "DENY".equals(args[1]));
            headers.add((String) args[1]);
            return null;
        }
    }).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
    XFrameOptionsFilter filter = new XFrameOptionsFilter();
    filter.init(filterConfig);
    filter.doFilter(request, response, chain);
    Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
}
Also used : FilterChain(javax.servlet.FilterChain) ArrayList(java.util.ArrayList) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) Answer(org.mockito.stubbing.Answer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 74 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestXFrameOptionsFilter method testCustomOptionsValueAndNoOverrides.

@Test
public void testCustomOptionsValueAndNoOverrides() throws Exception {
    final Collection<String> headers = new ArrayList<String>();
    FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
    Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn("SAMEORIGIN");
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    FilterChain chain = Mockito.mock(FilterChain.class);
    Mockito.doAnswer(new Answer() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            Object[] args = invocation.getArguments();
            HttpServletResponse resp = (HttpServletResponse) args[1];
            Assert.assertTrue("Header should be visible inside chain and filters.", resp.containsHeader(X_FRAME_OPTIONS));
            // let's try and set another value for the header and make
            // sure that it doesn't overwrite the configured value
            Assert.assertTrue(resp instanceof XFrameOptionsFilter.XFrameOptionsResponseWrapper);
            resp.setHeader(X_FRAME_OPTIONS, "LJM");
            return null;
        }
    }).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
    Mockito.doAnswer(new Answer() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            Object[] args = invocation.getArguments();
            Assert.assertEquals("Options value incorrect should be SAMEORIGIN but is: " + args[1], "SAMEORIGIN", args[1]);
            headers.add((String) args[1]);
            return null;
        }
    }).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
    XFrameOptionsFilter filter = new XFrameOptionsFilter();
    filter.init(filterConfig);
    filter.doFilter(request, response, chain);
    Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
    Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.toArray()[0], "SAMEORIGIN");
}
Also used : FilterChain(javax.servlet.FilterChain) ArrayList(java.util.ArrayList) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpServletRequest(javax.servlet.http.HttpServletRequest) Answer(org.mockito.stubbing.Answer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 75 with FilterConfig

use of javax.servlet.FilterConfig in project hadoop by apache.

the class TestAuthenticationFilter method testFallbackToRandomSecretProvider.

@Test
public void testFallbackToRandomSecretProvider() throws Exception {
    // minimal configuration & simple auth handler (Pseudo)
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn((new Long(TOKEN_VALIDITY_SEC)).toString());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertEquals(PseudoAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
        Assert.assertTrue(filter.isRandomSecret());
        Assert.assertFalse(filter.isCustomSignerSecretProvider());
        Assert.assertNull(filter.getCookieDomain());
        Assert.assertNull(filter.getCookiePath());
        Assert.assertEquals(TOKEN_VALIDITY_SEC, filter.getValidity());
    } finally {
        filter.destroy();
    }
}
Also used : ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

FilterConfig (javax.servlet.FilterConfig)118 Test (org.junit.Test)70 HttpServletRequest (javax.servlet.http.HttpServletRequest)64 FilterChain (javax.servlet.FilterChain)63 HttpServletResponse (javax.servlet.http.HttpServletResponse)50 ServletContext (javax.servlet.ServletContext)28 HashMap (java.util.HashMap)21 ServletException (javax.servlet.ServletException)21 Vector (java.util.Vector)17 Properties (java.util.Properties)15 Filter (javax.servlet.Filter)14 ServletResponse (javax.servlet.ServletResponse)14 ServletRequest (javax.servlet.ServletRequest)12 IOException (java.io.IOException)10 SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Signer (org.apache.hadoop.security.authentication.util.Signer)9 Enumeration (java.util.Enumeration)8 CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8