use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testNoHeaderDefaultConfigNonBrowserGoodRequest.
@Test
public void testNoHeaderDefaultConfigNonBrowserGoodRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(NON_BROWSER);
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testMissingHeaderWithCustomHeaderConfigBadRequest.
@Test
public void testMissingHeaderWithCustomHeaderConfigBadRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verifyZeroInteractions(mockChain);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestXFrameOptionsFilter method testDefaultOptionsValue.
@Test
public void testDefaultOptionsValue() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue("header should be visible inside chain and filters.", ((HttpServletResponse) args[1]).containsHeader(X_FRAME_OPTIONS));
return null;
}
}).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue("Options value incorrect should be DENY but is: " + args[1], "DENY".equals(args[1]));
headers.add((String) args[1]);
return null;
}
}).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestXFrameOptionsFilter method testCustomOptionsValueAndNoOverrides.
@Test
public void testCustomOptionsValueAndNoOverrides() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn("SAMEORIGIN");
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
HttpServletResponse resp = (HttpServletResponse) args[1];
Assert.assertTrue("Header should be visible inside chain and filters.", resp.containsHeader(X_FRAME_OPTIONS));
// let's try and set another value for the header and make
// sure that it doesn't overwrite the configured value
Assert.assertTrue(resp instanceof XFrameOptionsFilter.XFrameOptionsResponseWrapper);
resp.setHeader(X_FRAME_OPTIONS, "LJM");
return null;
}
}).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertEquals("Options value incorrect should be SAMEORIGIN but is: " + args[1], "SAMEORIGIN", args[1]);
headers.add((String) args[1]);
return null;
}
}).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.toArray()[0], "SAMEORIGIN");
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestAuthenticationFilter method testFallbackToRandomSecretProvider.
@Test
public void testFallbackToRandomSecretProvider() throws Exception {
// minimal configuration & simple auth handler (Pseudo)
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn((new Long(TOKEN_VALIDITY_SEC)).toString());
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
ServletContext context = Mockito.mock(ServletContext.class);
Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
Mockito.when(config.getServletContext()).thenReturn(context);
filter.init(config);
Assert.assertEquals(PseudoAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
Assert.assertTrue(filter.isRandomSecret());
Assert.assertFalse(filter.isCustomSignerSecretProvider());
Assert.assertNull(filter.getCookieDomain());
Assert.assertNull(filter.getCookiePath());
Assert.assertEquals(TOKEN_VALIDITY_SEC, filter.getValidity());
} finally {
filter.destroy();
}
}
Aggregations