Search in sources :

Example 41 with MockMvc

use of org.springframework.test.web.servlet.MockMvc in project spring-boot by spring-projects.

the class SpringBootWebSecurityConfigurationTests method securityHeadersCanBeDisabled.

@Test
public void securityHeadersCanBeDisabled() throws Exception {
    this.context = SpringApplication.run(VanillaWebConfiguration.class, "--server.port=0", "--security.headers.content-type=false", "--security.headers.xss=false", "--security.headers.cache=false", "--security.headers.frame=false");
    MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters(this.context.getBean("springSecurityFilterChain", Filter.class)).build();
    mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isUnauthorized()).andExpect(MockMvcResultMatchers.header().doesNotExist("X-Content-Type-Options")).andExpect(MockMvcResultMatchers.header().doesNotExist("X-XSS-Protection")).andExpect(MockMvcResultMatchers.header().doesNotExist("Cache-Control")).andExpect(MockMvcResultMatchers.header().doesNotExist("X-Frame-Options"));
}
Also used : MockMvc(org.springframework.test.web.servlet.MockMvc) Test(org.junit.Test)

Example 42 with MockMvc

use of org.springframework.test.web.servlet.MockMvc in project spring-boot by spring-projects.

the class SpringBootWebSecurityConfigurationTests method testWebConfigurationFilterChainUnauthenticatedWithAuthorizeModeNone.

@Test
public void testWebConfigurationFilterChainUnauthenticatedWithAuthorizeModeNone() throws Exception {
    this.context = SpringApplication.run(VanillaWebConfiguration.class, "--server.port=0", "--security.basic.authorize-mode=none");
    MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters(this.context.getBean("springSecurityFilterChain", Filter.class)).build();
    mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.status().isNotFound());
}
Also used : MockMvc(org.springframework.test.web.servlet.MockMvc) Test(org.junit.Test)

Example 43 with MockMvc

use of org.springframework.test.web.servlet.MockMvc in project uplace.es by Uplace.

the class WebConfigurerTest method testCorsFilterOnOtherPath.

@Test
public void testCorsFilterOnOtherPath() throws Exception {
    props.getCors().setAllowedOrigins(Collections.singletonList("*"));
    props.getCors().setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
    props.getCors().setAllowedHeaders(Collections.singletonList("*"));
    props.getCors().setMaxAge(1800L);
    props.getCors().setAllowCredentials(true);
    MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new WebConfigurerTestController()).addFilters(webConfigurer.corsFilter()).build();
    mockMvc.perform(get("/test/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com")).andExpect(status().isOk()).andExpect(header().doesNotExist(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN));
}
Also used : MockMvc(org.springframework.test.web.servlet.MockMvc) Test(org.junit.Test)

Example 44 with MockMvc

use of org.springframework.test.web.servlet.MockMvc in project uplace.es by Uplace.

the class WebConfigurerTest method testCorsFilterOnApiPath.

@Test
public void testCorsFilterOnApiPath() throws Exception {
    props.getCors().setAllowedOrigins(Collections.singletonList("*"));
    props.getCors().setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
    props.getCors().setAllowedHeaders(Collections.singletonList("*"));
    props.getCors().setMaxAge(1800L);
    props.getCors().setAllowCredentials(true);
    MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new WebConfigurerTestController()).addFilters(webConfigurer.corsFilter()).build();
    mockMvc.perform(options("/api/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com").header(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "other.domain.com")).andExpect(header().string(HttpHeaders.VARY, "Origin")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,POST,PUT,DELETE")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true")).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "1800"));
    mockMvc.perform(get("/api/test-cors").header(HttpHeaders.ORIGIN, "other.domain.com")).andExpect(status().isOk()).andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "other.domain.com"));
}
Also used : MockMvc(org.springframework.test.web.servlet.MockMvc) Test(org.junit.Test)

Example 45 with MockMvc

use of org.springframework.test.web.servlet.MockMvc in project CzechIdMng by bcvsolutions.

the class DefaultRecaptchaRestTest method getMockHttpServletResponse.

private MockHttpServletResponse getMockHttpServletResponse(String jsonContent) throws Exception {
    MockMvc mvc = getMockMvc();
    ResultActions actions = mvc.perform(MockMvcRequestBuilders.post(BaseDtoController.BASE_PATH + RecaptchaController.URL_PATH).with(authentication(getAuthentication())).contentType(MediaTypes.HAL_JSON).content(jsonContent));
    MvcResult res = actions.andReturn();
    return res.getResponse();
}
Also used : ResultActions(org.springframework.test.web.servlet.ResultActions) MvcResult(org.springframework.test.web.servlet.MvcResult) MockMvc(org.springframework.test.web.servlet.MockMvc)

Aggregations

MockMvc (org.springframework.test.web.servlet.MockMvc)97 Test (org.junit.Test)91 AnnotationConfigWebApplicationContext (org.springframework.web.context.support.AnnotationConfigWebApplicationContext)25 Todo (org.springframework.sync.Todo)16 List (java.util.List)15 TodoRepository (org.springframework.sync.TodoRepository)15 Filter (javax.servlet.Filter)13 MockServletContext (org.springframework.mock.web.MockServletContext)13 AnnotationConfigApplicationContext (org.springframework.context.annotation.AnnotationConfigApplicationContext)12 OncePerRequestFilter (org.springframework.web.filter.OncePerRequestFilter)9 MvcResult (org.springframework.test.web.servlet.MvcResult)6 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 Ignore (org.junit.Ignore)3 FilterChainProxy (org.springframework.security.web.FilterChainProxy)3 WebConnection (com.gargoylesoftware.htmlunit.WebConnection)2 CountDownLatch (java.util.concurrent.CountDownLatch)2 HttpSession (javax.servlet.http.HttpSession)2 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)2 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 DirectFieldAccessor (org.springframework.beans.DirectFieldAccessor)2