use of org.springframework.test.web.servlet.MockMvc in project spring-boot by spring-projects.
the class SpringBootWebSecurityConfigurationTests method securityHeadersCanBeDisabled.
@Test
public void securityHeadersCanBeDisabled() throws Exception {
this.context = SpringApplication.run(VanillaWebConfiguration.class, "--server.port=0", "--security.headers.content-type=false", "--security.headers.xss=false", "--security.headers.cache=false", "--security.headers.frame=false");
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters(this.context.getBean("springSecurityFilterChain", Filter.class)).build();
mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized()).andExpect(MockMvcResultMatchers.header().doesNotExist("X-Content-Type-Options")).andExpect(MockMvcResultMatchers.header().doesNotExist("X-XSS-Protection")).andExpect(MockMvcResultMatchers.header().doesNotExist("Cache-Control")).andExpect(MockMvcResultMatchers.header().doesNotExist("X-Frame-Options"));
}
use of org.springframework.test.web.servlet.MockMvc in project spring-boot by spring-projects.
the class SpringBootWebSecurityConfigurationTests method testWebConfigurationFilterChainUnauthenticatedWithAuthorizeModeNone.
@Test
public void testWebConfigurationFilterChainUnauthenticatedWithAuthorizeModeNone() throws Exception {
this.context = SpringApplication.run(VanillaWebConfiguration.class, "--server.port=0", "--security.basic.authorize-mode=none");
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters(this.context.getBean("springSecurityFilterChain", Filter.class)).build();
mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isNotFound());
}
use of org.springframework.test.web.servlet.MockMvc in project uplace.es by Uplace.
the class WebConfigurerTest method testCorsFilterOnOtherPath.
@Test
public void testCorsFilterOnOtherPath() throws Exception {
props.getCors().setAllowedOrigins(Collections.singletonList("*"));
props.getCors().setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
props.getCors().setAllowedHeaders(Collections.singletonList("*"));
props.getCors().setMaxAge(1800L);
props.getCors().setAllowCredentials(true);
MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new WebConfigurerTestController()).addFilters(webConfigurer.corsFilter()).build();
mockMvc.perform(get("/test/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com")).andExpect(status().isOk()).andExpect(header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
}
use of org.springframework.test.web.servlet.MockMvc in project uplace.es by Uplace.
the class WebConfigurerTest method testCorsFilterOnApiPath.
@Test
public void testCorsFilterOnApiPath() throws Exception {
props.getCors().setAllowedOrigins(Collections.singletonList("*"));
props.getCors().setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
props.getCors().setAllowedHeaders(Collections.singletonList("*"));
props.getCors().setMaxAge(1800L);
props.getCors().setAllowCredentials(true);
MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new WebConfigurerTestController()).addFilters(webConfigurer.corsFilter()).build();
mockMvc.perform(options("/api/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "other.domain.com")).andExpect(header().string(HttpHeaders.VARY, "Origin")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,POST,PUT,DELETE")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800"));
mockMvc.perform(get("/api/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "other.domain.com"));
}
use of org.springframework.test.web.servlet.MockMvc in project CzechIdMng by bcvsolutions.
the class DefaultRecaptchaRestTest method getMockHttpServletResponse.
private MockHttpServletResponse getMockHttpServletResponse(String jsonContent) throws Exception {
MockMvc mvc = getMockMvc();
ResultActions actions = mvc.perform(MockMvcRequestBuilders.post(BaseDtoController.BASE_PATH + RecaptchaController.URL_PATH).with(authentication(getAuthentication())).contentType(MediaTypes.HAL_JSON).content(jsonContent));
MvcResult res = actions.andReturn();
return res.getResponse();
}
Aggregations