@Test public void handleTransportRequestWebsocket() throws Exception { TransportHandlingSockJsService wsService = new TransportHandlingSockJsService( this.taskScheduler, this.wsTransportHandler); String sockJsPath = "/websocket"; setRequest("GET", sockJsPrefix + sockJsPath); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(403, this.servletResponse.getStatus()); resetRequestAndResponse(); List<String> allowed = Collections.singletonList("http://mydomain1.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); wsService.setHandshakeInterceptors(Collections.singletonList(interceptor)); setRequest("GET", sockJsPrefix + sockJsPath); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(403, this.servletResponse.getStatus()); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(403, this.servletResponse.getStatus()); }
@Test public void handleTransportRequestXhrSend() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr_send"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); // no session yet resetResponse(); sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); // session created verify(this.xhrHandler).handleRequest(this.request, this.response, this.wsHandler, this.session); resetResponse(); sockJsPath = sessionUrlPrefix + "xhr_send"; setRequest("POST", sockJsPrefix + sockJsPath); given(this.xhrSendHandler.checkSessionType(this.session)).willReturn(true); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); // session exists verify(this.xhrSendHandler).handleRequest(this.request, this.response, this.wsHandler, this.session); }
@Test public void handleTransportRequestNoSuitableHandler() throws Exception { String sockJsPath = sessionUrlPrefix + "eventsource"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); }
@Test // SPR-12226 public void handleTransportRequestXhrAllowedOriginsMatch() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); }
@Test public void handleTransportRequestXhrSendWithDifferentUser() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); // session created verify(this.xhrHandler).handleRequest(this.request, this.response, this.wsHandler, this.session); this.session.setPrincipal(new TestPrincipal("little red riding hood")); this.servletRequest.setUserPrincipal(new TestPrincipal("wolf")); resetResponse(); reset(this.xhrSendHandler); sockJsPath = sessionUrlPrefix + "xhr_send"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); verifyNoMoreInteractions(this.xhrSendHandler); }
@Test public void handleTransportRequestIframe() throws Exception { String sockJsPath = "/iframe.html"; setRequest("GET", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(404, this.servletResponse.getStatus()); assertEquals("SAMEORIGIN", this.servletResponse.getHeader("X-Frame-Options")); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Collections.singletonList("http://mydomain1.com")); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); assertNull(this.servletResponse.getHeader("X-Frame-Options")); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Collections.singletonList("*")); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(404, this.servletResponse.getStatus()); assertNull(this.servletResponse.getHeader("X-Frame-Options")); }
@Test // SPR-12226 public void handleTransportRequestXhrAllowedOriginsNoMatch() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com", "http://mydomain2.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(403, this.servletResponse.getStatus()); }
@Test // SPR-13464 public void handleTransportRequestXhrSameOrigin() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); }
@Test // SPR-13545 public void handleInvalidTransportType() throws Exception { String sockJsPath = sessionUrlPrefix + "invalid"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.setAllowedOrigins(Arrays.asList("http://mydomain1.com")); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(404, this.servletResponse.getStatus()); }
@Test public void handleTransportRequestXhrOptions() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("OPTIONS", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(204, this.servletResponse.getStatus()); assertNull(this.servletResponse.getHeader("Access-Control-Allow-Origin")); assertNull(this.servletResponse.getHeader("Access-Control-Allow-Credentials")); assertNull(this.servletResponse.getHeader("Access-Control-Allow-Methods")); }
@Test public void handleTransportRequestXhr() throws Exception { String sockJsPath = sessionUrlPrefix + "xhr"; setRequest("POST", sockJsPrefix + sockJsPath); this.service.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(200, this.servletResponse.getStatus()); verify(this.xhrHandler).handleRequest(this.request, this.response, this.wsHandler, this.session); verify(taskScheduler).scheduleAtFixedRate(any(Runnable.class), eq(service.getDisconnectDelay())); assertEquals("no-store, no-cache, must-revalidate, max-age=0", this.response.getHeaders().getCacheControl()); assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertNull(this.servletResponse.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); }