Example 71 with FilterConfig
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testNoHeaderDefaultConfigNonBrowserGoodRequest.
@Test
public void testNoHeaderDefaultConfigNonBrowserGoodRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(NON_BROWSER);
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
FilterConfig(javax.servlet.FilterConfig)
Test(org.junit.Test)
Example 72 with FilterConfig
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testMissingHeaderWithCustomHeaderConfigBadRequest.
@Test
public void testMissingHeaderWithCustomHeaderConfigBadRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verifyZeroInteractions(mockChain);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
FilterConfig(javax.servlet.FilterConfig)
Test(org.junit.Test)
Example 73 with FilterConfig
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestXFrameOptionsFilter method testDefaultOptionsValue.
@Test
public void testDefaultOptionsValue() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue("header should be visible inside chain and filters.", ((HttpServletResponse) args[1]).containsHeader(X_FRAME_OPTIONS));
return null;
}
}).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue("Options value incorrect should be DENY but is: " + args[1], "DENY".equals(args[1]));
headers.add((String) args[1]);
return null;
}
}).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
}
Also used :
FilterChain(javax.servlet.FilterChain)
ArrayList(java.util.ArrayList)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Answer(org.mockito.stubbing.Answer)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
FilterConfig(javax.servlet.FilterConfig)
Test(org.junit.Test)
Example 74 with FilterConfig
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestXFrameOptionsFilter method testCustomOptionsValueAndNoOverrides.
@Test
public void testCustomOptionsValueAndNoOverrides() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn("SAMEORIGIN");
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
final HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
HttpServletResponse resp = (HttpServletResponse) args[1];
Assert.assertTrue("Header should be visible inside chain and filters.", resp.containsHeader(X_FRAME_OPTIONS));
// let's try and set another value for the header and make
// sure that it doesn't overwrite the configured value
Assert.assertTrue(resp instanceof XFrameOptionsFilter.XFrameOptionsResponseWrapper);
resp.setHeader(X_FRAME_OPTIONS, "LJM");
return null;
}
}).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertEquals("Options value incorrect should be SAMEORIGIN but is: " + args[1], "SAMEORIGIN", args[1]);
headers.add((String) args[1]);
return null;
}
}).when(response).setHeader(Mockito.<String>anyObject(), Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.size(), 1);
Assert.assertEquals("X-Frame-Options count not equal to 1.", headers.toArray()[0], "SAMEORIGIN");
}
Also used :
FilterChain(javax.servlet.FilterChain)
ArrayList(java.util.ArrayList)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Answer(org.mockito.stubbing.Answer)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
FilterConfig(javax.servlet.FilterConfig)
Test(org.junit.Test)
Example 75 with FilterConfig
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestAuthenticationFilter method testFallbackToRandomSecretProvider.
@Test
public void testFallbackToRandomSecretProvider() throws Exception {
// minimal configuration & simple auth handler (Pseudo)
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn((new Long(TOKEN_VALIDITY_SEC)).toString());
Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
ServletContext context = Mockito.mock(ServletContext.class);
Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
Mockito.when(config.getServletContext()).thenReturn(context);
filter.init(config);
Assert.assertEquals(PseudoAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
Assert.assertTrue(filter.isRandomSecret());
Assert.assertFalse(filter.isCustomSignerSecretProvider());
Assert.assertNull(filter.getCookieDomain());
Assert.assertNull(filter.getCookiePath());
Assert.assertEquals(TOKEN_VALIDITY_SEC, filter.getValidity());
} finally {
filter.destroy();
}
}
Also used :
ServletContext(javax.servlet.ServletContext)
FilterConfig(javax.servlet.FilterConfig)
Vector(java.util.Vector)
Test(org.junit.Test)
Aggregations
FilterConfig (javax.servlet.FilterConfig)118
Test (org.junit.Test)70
HttpServletRequest (javax.servlet.http.HttpServletRequest)64
FilterChain (javax.servlet.FilterChain)63
HttpServletResponse (javax.servlet.http.HttpServletResponse)50
ServletContext (javax.servlet.ServletContext)28
HashMap (java.util.HashMap)21
ServletException (javax.servlet.ServletException)21
Vector (java.util.Vector)17
Properties (java.util.Properties)15
Filter (javax.servlet.Filter)14
ServletResponse (javax.servlet.ServletResponse)14
ServletRequest (javax.servlet.ServletRequest)12
IOException (java.io.IOException)10
SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10
HttpCookie (java.net.HttpCookie)9
Cookie (javax.servlet.http.Cookie)9
Signer (org.apache.hadoop.security.authentication.util.Signer)9
Enumeration (java.util.Enumeration)8
CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8
