public static void addSecuritySanityCheckFilter( ServletContextHandler root, ObjectMapper jsonMapper ) { root.addFilter( new FilterHolder( new SecuritySanityCheckFilter(jsonMapper) ), "/*", null ); }
@Test public void testValidRequest() throws Exception { HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class); HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class); FilterChain filterChain = EasyMock.createStrictMock(FilterChain.class); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(null).once(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).once(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(null).once(); filterChain.doFilter(req, resp); EasyMock.expectLastCall().once(); EasyMock.replay(req, filterChain); SecuritySanityCheckFilter filter = new SecuritySanityCheckFilter(new DefaultObjectMapper()); filter.doFilter(req, resp, filterChain); EasyMock.verify(req, filterChain); }
@Test public void testInvalidRequest() throws Exception { HttpServletRequest req = EasyMock.createStrictMock(HttpServletRequest.class); HttpServletResponse resp = EasyMock.createStrictMock(HttpServletResponse.class); FilterChain filterChain = EasyMock.createStrictMock(FilterChain.class); ServletOutputStream outputStream = EasyMock.createNiceMock(ServletOutputStream.class); AuthenticationResult authenticationResult = new AuthenticationResult("does-not-belong", "does-not-belong", null, null); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHORIZATION_CHECKED)).andReturn(true).once(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_ALLOW_UNSECURED_PATH)).andReturn(null).anyTimes(); EasyMock.expect(req.getAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT)).andReturn(authenticationResult).once(); EasyMock.expect(resp.getOutputStream()).andReturn(outputStream).once(); resp.setStatus(403); EasyMock.expectLastCall().once(); resp.setContentType("application/json"); EasyMock.expectLastCall().once(); resp.setCharacterEncoding("UTF-8"); EasyMock.expectLastCall().once(); EasyMock.replay(req, resp, filterChain, outputStream); SecuritySanityCheckFilter filter = new SecuritySanityCheckFilter(new DefaultObjectMapper()); filter.doFilter(req, resp, filterChain); EasyMock.verify(req, resp, filterChain, outputStream); } }
public static void addSecuritySanityCheckFilter( ServletContextHandler root, ObjectMapper jsonMapper ) { root.addFilter( new FilterHolder( new SecuritySanityCheckFilter(jsonMapper) ), "/*", null ); }