FilterConfig filterConfig = new FilterConfigTest(conf);
conf.put(CrossOriginFilter.ALLOWED_HEADERS, "X-Requested-With,Accept"); conf.put(CrossOriginFilter.ALLOWED_METHODS, "GET,POST"); FilterConfig filterConfig = new FilterConfigTest(conf); conf.put(CrossOriginFilter.ALLOWED_HEADERS, "Content-Type,Origin"); conf.put(CrossOriginFilter.ALLOWED_METHODS, "GET,HEAD"); filterConfig = new FilterConfigTest(conf);
conf.put(CrossOriginFilter.ALLOWED_HEADERS, "X-Requested-With,Accept"); conf.put(CrossOriginFilter.ALLOWED_METHODS, "GET,POST"); FilterConfig filterConfig = new FilterConfigTest(conf); conf.put(CrossOriginFilter.ALLOWED_HEADERS, "Content-Type,Origin"); conf.put(CrossOriginFilter.ALLOWED_METHODS, "GET,HEAD"); filterConfig = new FilterConfigTest(conf);
FilterConfig filterConfig = new FilterConfigTest(conf);
@Test public void testDisallowedHeader() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)) .thenReturn("GET"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_HEADERS)) .thenReturn("Disallowed-Header"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testDisallowedHeader() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)) .thenReturn("GET"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_HEADERS)) .thenReturn("Disallowed-Header"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testPatternMatchingOrigins() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*.example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); // match multiple sub-domains Assert.assertFalse(filter.areOriginsAllowed("example.com")); Assert.assertFalse(filter.areOriginsAllowed("foo:example.com")); Assert.assertTrue(filter.areOriginsAllowed("foo.example.com")); Assert.assertTrue(filter.areOriginsAllowed("foo.bar.example.com")); // First origin is allowed Assert.assertTrue(filter.areOriginsAllowed("foo.example.com foo.nomatch.com")); // Second origin is allowed Assert.assertTrue(filter.areOriginsAllowed("foo.nomatch.com foo.example.com")); // No origin in list is allowed Assert.assertFalse(filter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com")); }
@Test public void testDisallowedMethod() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)) .thenReturn("DISALLOWED_METHOD"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testDisallowedMethod() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.com"); Mockito.when( mockReq.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD)) .thenReturn("DISALLOWED_METHOD"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testDisallowedOrigin() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.org"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testDisallowedOrigin() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn("example.org"); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testSameOrigin() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, ""); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn(null); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testSameOrigin() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, ""); FilterConfig filterConfig = new FilterConfigTest(conf); // Origin is not specified for same origin requests HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); Mockito.when(mockReq.getHeader(CrossOriginFilter.ORIGIN)).thenReturn(null); // Objects to verify interactions based on request HttpServletResponse mockRes = Mockito.mock(HttpServletResponse.class); FilterChain mockChain = Mockito.mock(FilterChain.class); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); filter.doFilter(mockReq, mockRes, mockChain); Mockito.verifyZeroInteractions(mockRes); Mockito.verify(mockChain).doFilter(mockReq, mockRes); }
@Test public void testPatternMatchingOrigins() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*.example.com"); FilterConfig filterConfig = new FilterConfigTest(conf); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); // match multiple sub-domains Assert.assertFalse(filter.areOriginsAllowed("example.com")); Assert.assertFalse(filter.areOriginsAllowed("foo:example.com")); Assert.assertTrue(filter.areOriginsAllowed("foo.example.com")); Assert.assertTrue(filter.areOriginsAllowed("foo.bar.example.com")); // First origin is allowed Assert.assertTrue(filter.areOriginsAllowed("foo.example.com foo.nomatch.com")); // Second origin is allowed Assert.assertTrue(filter.areOriginsAllowed("foo.nomatch.com foo.example.com")); // No origin in list is allowed Assert.assertFalse(filter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com")); }
@Test public void testAllowAllOrigins() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*"); FilterConfig filterConfig = new FilterConfigTest(conf); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); Assert.assertTrue(filter.areOriginsAllowed("example.com")); }
@Test public void testAllowAllOrigins() throws ServletException, IOException { // Setup the configuration settings of the server Map<String, String> conf = new HashMap<String, String>(); conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*"); FilterConfig filterConfig = new FilterConfigTest(conf); // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); Assert.assertTrue(filter.areOriginsAllowed("example.com")); }