use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testMissingHeaderIgnoreGETMethodConfigGoodRequest.
@Test
public void testMissingHeaderIgnoreGETMethodConfigGoodRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getMethod()).thenReturn("GET");
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testHeaderPresentCustomHeaderConfigGoodRequest.
@Test
public void testHeaderPresentCustomHeaderConfigGoodRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
// CSRF HAS been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(X_CUSTOM_HEADER)).thenReturn("valueUnimportant");
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testMissingHeaderMultipleIgnoreMethodsConfigGoodRequest.
@Test
public void testMissingHeaderMultipleIgnoreMethodsConfigGoodRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET,OPTIONS");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getMethod()).thenReturn("OPTIONS");
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verify(mockChain).doFilter(mockReq, mockRes);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testMissingHeaderNoMethodsToIgnoreConfigBadRequest.
@Test
public void testMissingHeaderNoMethodsToIgnoreConfigBadRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getMethod()).thenReturn("GET");
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
Mockito.verifyZeroInteractions(mockChain);
}
use of javax.servlet.FilterConfig in project hadoop by apache.
the class TestRestCsrfPreventionFilter method testNoHeaderCustomAgentConfigBadRequest.
@Test
public void testNoHeaderCustomAgentConfigBadRequest() throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn(null);
Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.BROWSER_USER_AGENT_PARAM)).thenReturn("^Mozilla.*,^Opera.*,curl");
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).thenReturn("curl");
// Objects to verify interactions based on request
HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class);
FilterChain mockChain = Mockito.mock(FilterChain.class);
// Object under test
RestCsrfPreventionFilter filter = new RestCsrfPreventionFilter();
filter.init(filterConfig);
filter.doFilter(mockReq, mockRes, mockChain);
verify(mockRes, atLeastOnce()).sendError(HttpServletResponse.SC_BAD_REQUEST, EXPECTED_MESSAGE);
Mockito.verifyZeroInteractions(mockChain);
}
Aggregations