private static HttpOptions getHttpOptions(ClientConfiguration config, String url, String cookie, String userAgent, Map<String, String> headers) { HttpOptions httpget = new HttpOptions(url); // Request configuration can be overridden at the request level. // They will take precedence over the one set at the client level. RequestConfig requestConfig = config.getRequestConfig(); httpget.setConfig(requestConfig); // httpget.addHeader("Host", "www.bbossgroups.com"); if(config.getKeepAlive()>0) httpget.addHeader("Connection", "Keep-Alive"); // if (cookie != null) // httpget.addHeader("Cookie", cookie); // if (userAgent != null) // httpget.addHeader("User-Agent", userAgent); if (headers != null && headers.size() > 0) { Iterator<Entry<String, String>> entries = headers.entrySet().iterator(); while (entries.hasNext()) { Entry<String, String> entry = entries.next(); httpget.addHeader(entry.getKey(), entry.getValue()); } } return httpget; }
@Test public void simplePostClassAnnotation() throws ClientProtocolException, IOException { HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost"); httpoptions.addHeader("Origin", "http://in.org"); // nonsimple header httpoptions.addHeader("Content-Type", "text/plain"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST"); HttpResponse response = httpclient.execute(httpoptions); assertEquals(200, response.getStatusLine().getStatusCode()); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void testPreflightCORSRequest() throws Exception { URI fullPathKey = rest.fullPathKey("cors_preflight_key"); HttpOptions options = new HttpOptions(fullPathKey); options.addHeader("Origin", "http://whatever"); options.addHeader("Access-Control-Request-Method", "PUT"); options.addHeader("Access-Control-Request-Headers", "Key-Content-Type"); HttpResponse resp = rest.client.execute(options); assertEquals("*", resp.getFirstHeader("access-control-allow-origin").getValue()); String value = resp.getFirstHeader("access-control-allow-methods").getValue(); assertTrue(value.contains("GET")); assertTrue(value.contains("POST")); assertTrue(value.contains("PUT")); assertEquals("Key-Content-Type", resp.getFirstHeader("access-control-allow-headers").getValue()); } }
@Test public void preflightPostClassAnnotationFail2() throws ClientProtocolException, IOException { HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost"); httpoptions.addHeader("Origin", "http://area51.mil:31415"); httpoptions.addHeader("Content-Type", "application/json"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-3"); HttpResponse response = httpclient.execute(httpoptions); assertEquals(200, response.getStatusLine().getStatusCode()); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void preflightPostClassAnnotationFail() throws ClientProtocolException, IOException { HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost"); httpoptions.addHeader("Origin", "http://in.org"); // nonsimple header httpoptions.addHeader("Content-Type", "application/json"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1"); HttpResponse response = httpclient.execute(httpoptions); assertEquals(200, response.getStatusLine().getStatusCode()); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length); assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void preflightPostClassAnnotationPass() throws ClientProtocolException, IOException { HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost"); httpoptions.addHeader("Origin", "http://area51.mil:31415"); httpoptions.addHeader("Content-Type", "application/json"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1"); HttpResponse response = httpclient.execute(httpoptions); assertEquals(200, response.getStatusLine().getStatusCode()); Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN); assertEquals(1, origin.length); assertEquals("http://area51.mil:31415", origin[0].getValue()); Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS); assertEquals(1, method.length); assertEquals("POST", method[0].getValue()); Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS); assertEquals(1, requestHeaders.length); assertEquals("X-custom-1", requestHeaders[0].getValue()); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void testAnnotatedLocalPreflightNoGo() throws Exception { configureAllowOrigins(true, null); String r = configClient.replacePath("/setAllowCredentials/false") .accept("text/plain").post(null, String.class); assertEquals("ok", r); HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions http = new HttpOptions("http://localhost:" + PORT + "/antest/delete"); // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:4444"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "DELETE"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:4444"}, false, response); // we could check that the others are also missing. if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void preflightPostClassAnnotationPass2() throws ClientProtocolException, IOException { HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost"); httpoptions.addHeader("Origin", "http://area51.mil:31415"); httpoptions.addHeader("Content-Type", "application/json"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST"); httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2"); HttpResponse response = httpclient.execute(httpoptions); assertEquals(200, response.getStatusLine().getStatusCode()); Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN); assertEquals(1, origin.length); assertEquals("http://area51.mil:31415", origin[0].getValue()); Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS); assertEquals(1, method.length); assertEquals("POST", method[0].getValue()); Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS); assertEquals(1, requestHeaders.length); assertTrue(requestHeaders[0].getValue().contains("X-custom-1")); assertTrue(requestHeaders[0].getValue().contains("X-custom-2")); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void testAnnotatedMethodPreflight2() throws Exception { configureAllowOrigins(true, null); String r = configClient.replacePath("/setAllowCredentials/false") .accept("text/plain").post(null, String.class); assertEquals("ok", r); HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions http = new HttpOptions("http://localhost:" + PORT + "/untest/annotatedPut2"); // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:31415"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response); assertAllowCredentials(response, true); List<String> exposeHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS)); // preflight never returns Expose-Headers assertEquals(Collections.emptyList(), exposeHeadersValues); List<String> allowHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS)); assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void testAnnotatedMethodPreflight() throws Exception { configureAllowOrigins(true, null); String r = configClient.replacePath("/setAllowCredentials/false") .accept("text/plain").post(null, String.class); assertEquals("ok", r); HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions http = new HttpOptions("http://localhost:" + PORT + "/untest/annotatedPut"); // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:31415"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "PUT"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, x-custom-2"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, response); assertAllowCredentials(response, true); List<String> exposeHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS)); // preflight never returns Expose-Headers assertEquals(Collections.emptyList(), exposeHeadersValues); List<String> allowHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS)); assertEquals(Arrays.asList(new String[] {"X-custom-1", "x-custom-2" }), allowHeadersValues); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }
@Test public void testAnnotatedLocalPreflight() throws Exception { configureAllowOrigins(true, null); String r = configClient.replacePath("/setAllowCredentials/false") .accept("text/plain").post(null, String.class); assertEquals("ok", r); HttpClient httpclient = HttpClientBuilder.create().build(); HttpOptions http = new HttpOptions("http://localhost:" + PORT + "/antest/delete"); // this is the origin we expect to get. http.addHeader("Origin", "http://area51.mil:3333"); http.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "DELETE"); HttpResponse response = httpclient.execute(http); assertEquals(200, response.getStatusLine().getStatusCode()); assertOriginResponse(false, new String[]{"http://area51.mil:3333"}, true, response); assertAllowCredentials(response, false); List<String> exposeHeadersValues = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS)); // preflight never returns Expose-Headers assertEquals(Collections.emptyList(), exposeHeadersValues); List<String> allowedMethods = headerValues(response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS)); assertEquals(Arrays.asList("DELETE PUT"), allowedMethods); if (httpclient instanceof Closeable) { ((Closeable)httpclient).close(); } }