@Test public void customizedMapping() { this.registry.addMapping("/foo").allowedOrigins("http://domain2.com", "http://domain2.com") .allowedMethods("DELETE").allowCredentials(false).allowedHeaders("header1", "header2") .exposedHeaders("header3", "header4").maxAge(3600); Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations(); assertEquals(1, configs.size()); CorsConfiguration config = configs.get("/foo"); assertEquals(Arrays.asList("http://domain2.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("DELETE"), config.getAllowedMethods()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(false, config.getAllowCredentials()); assertEquals(Long.valueOf(3600), config.getMaxAge()); }
@Test // SPR-13468 public void classLevelComposedAnnotation() throws Exception { this.handlerMapping.registerHandler(new ClassLevelMappingWithComposedAnnotation()); this.request.setRequestURI("/foo"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"http://foo.com"}, config.getAllowedOrigins().toArray()); assertTrue(config.getAllowCredentials()); }
@Test public void customizedMapping() { this.registry.addMapping("/foo").allowedOrigins("http://domain2.com", "http://domain2.com") .allowedMethods("DELETE").allowCredentials(false).allowedHeaders("header1", "header2") .exposedHeaders("header3", "header4").maxAge(3600); Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations(); assertEquals(1, configs.size()); CorsConfiguration config = configs.get("/foo"); assertEquals(Arrays.asList("http://domain2.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("DELETE"), config.getAllowedMethods()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(false, config.getAllowCredentials()); assertEquals(Long.valueOf(3600), config.getMaxAge()); }
@Test public void defaultAnnotation() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setRequestURI("/default"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertNull(config.getAllowCredentials()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertEquals(new Long(1800), config.getMaxAge()); }
@Test public void customized() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setRequestURI("/customized"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"DELETE"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"http://site1.com", "http://site2.com"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[] {"header1", "header2"}, config.getAllowedHeaders().toArray()); assertArrayEquals(new String[] {"header3", "header4"}, config.getExposedHeaders().toArray()); assertEquals(new Long(123), config.getMaxAge()); assertFalse(config.getAllowCredentials()); }
@Test public void customOriginDefinedViaValueAttribute() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setRequestURI("/customOrigin"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertEquals(Arrays.asList("http://example.com"), config.getAllowedOrigins()); assertNull(config.getAllowCredentials()); }
@Test public void customOriginDefinedViaPlaceholder() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setRequestURI("/someOrigin"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertEquals(Arrays.asList("http://example.com"), config.getAllowedOrigins()); assertNull(config.getAllowCredentials()); }
@Test // SPR-13468 public void methodLevelComposedAnnotation() throws Exception { this.handlerMapping.registerHandler(new MethodLevelMappingWithComposedAnnotation()); this.request.setRequestURI("/foo"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"http://foo.com"}, config.getAllowedOrigins().toArray()); assertTrue(config.getAllowCredentials()); }
@Test public void setValues() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); assertEquals(Arrays.asList("*"), config.getAllowedOrigins()); config.addAllowedHeader("*"); assertEquals(Arrays.asList("*"), config.getAllowedHeaders()); config.addAllowedMethod("*"); assertEquals(Arrays.asList("*"), config.getAllowedMethods()); config.addExposedHeader("header1"); config.addExposedHeader("header2"); assertEquals(Arrays.asList("header1", "header2"), config.getExposedHeaders()); config.setAllowCredentials(true); assertTrue(config.getAllowCredentials()); config.setMaxAge(123L); assertEquals(new Long(123), config.getMaxAge()); }
@Test public void preFlightRequest() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setMethod("OPTIONS"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.request.setRequestURI("/default"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertNull(config.getAllowCredentials()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertEquals(new Long(1800), config.getMaxAge()); }
@Test public void testCors() throws Exception { loadBeanDefinitions("mvc-config-cors.xml"); String[] beanNames = appContext.getBeanNamesForType(AbstractHandlerMapping.class); assertEquals(2, beanNames.length); for (String beanName : beanNames) { AbstractHandlerMapping handlerMapping = (AbstractHandlerMapping)appContext.getBean(beanName); assertNotNull(handlerMapping); DirectFieldAccessor accessor = new DirectFieldAccessor(handlerMapping); Map<String, CorsConfiguration> configs = ((UrlBasedCorsConfigurationSource)accessor .getPropertyValue("corsConfigurationSource")).getCorsConfigurations(); assertNotNull(configs); assertEquals(2, configs.size()); CorsConfiguration config = configs.get("/api/**"); assertNotNull(config); assertArrayEquals(new String[]{"http://domain1.com", "http://domain2.com"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[]{"GET", "PUT"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[]{"header1", "header2", "header3"}, config.getAllowedHeaders().toArray()); assertArrayEquals(new String[]{"header1", "header2"}, config.getExposedHeaders().toArray()); assertFalse(config.getAllowCredentials()); assertEquals(Long.valueOf(123), config.getMaxAge()); config = configs.get("/resources/**"); assertArrayEquals(new String[]{"http://domain1.com"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[]{"GET", "HEAD", "POST"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[]{"*"}, config.getAllowedHeaders().toArray()); assertNull(config.getExposedHeaders()); assertNull(config.getAllowCredentials()); assertEquals(Long.valueOf(1800), config.getMaxAge()); } }
@Test public void classLevel() throws Exception { this.handlerMapping.registerHandler(new ClassLevelController()); this.request.setRequestURI("/foo"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertFalse(config.getAllowCredentials()); this.request.setRequestURI("/bar"); chain = this.handlerMapping.getHandler(request); config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertFalse(config.getAllowCredentials()); this.request.setRequestURI("/baz"); chain = this.handlerMapping.getHandler(request); config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertTrue(config.getAllowCredentials()); }
@Test public void preflightRequestWithCorsConfigurationSource() throws Exception { this.handlerMapping.setCorsConfigurationSource(new CustomCorsConfigurationSource()); this.request.setMethod(RequestMethod.OPTIONS.name()); this.request.setRequestURI("/foo"); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); HandlerExecutionChain chain = handlerMapping.getHandler(this.request); assertNotNull(chain); assertNotNull(chain.getHandler()); assertTrue(chain.getHandler().getClass().getSimpleName().equals("PreFlightHandler")); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[]{"*"}, config.getAllowedOrigins().toArray()); assertEquals(true, config.getAllowCredentials()); }
@Test public void testCorsMinimal() throws Exception { loadBeanDefinitions("mvc-config-cors-minimal.xml"); String[] beanNames = appContext.getBeanNamesForType(AbstractHandlerMapping.class); assertEquals(2, beanNames.length); for (String beanName : beanNames) { AbstractHandlerMapping handlerMapping = (AbstractHandlerMapping)appContext.getBean(beanName); assertNotNull(handlerMapping); DirectFieldAccessor accessor = new DirectFieldAccessor(handlerMapping); Map<String, CorsConfiguration> configs = ((UrlBasedCorsConfigurationSource)accessor .getPropertyValue("corsConfigurationSource")).getCorsConfigurations(); assertNotNull(configs); assertEquals(1, configs.size()); CorsConfiguration config = configs.get("/**"); assertNotNull(config); assertArrayEquals(new String[]{"*"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[]{"GET", "HEAD", "POST"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[]{"*"}, config.getAllowedHeaders().toArray()); assertNull(config.getExposedHeaders()); assertNull(config.getAllowCredentials()); assertEquals(Long.valueOf(1800), config.getMaxAge()); } }
@Test public void ambiguousProducesPreFlightRequest() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setMethod("OPTIONS"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.request.setRequestURI("/ambiguous-produces"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(config.getAllowCredentials()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertNull(config.getMaxAge()); }
@Test public void combineWithNullProperties() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.addAllowedHeader("header1"); config.addExposedHeader("header3"); config.addAllowedMethod(HttpMethod.GET.name()); config.setMaxAge(123L); config.setAllowCredentials(true); CorsConfiguration other = new CorsConfiguration(); config = config.combine(other); assertEquals(Arrays.asList("*"), config.getAllowedOrigins()); assertEquals(Arrays.asList("header1"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3"), config.getExposedHeaders()); assertEquals(Arrays.asList(HttpMethod.GET.name()), config.getAllowedMethods()); assertEquals(new Long(123), config.getMaxAge()); assertTrue(config.getAllowCredentials()); }
@Test public void ambiguousHeaderPreFlightRequest() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setMethod("OPTIONS"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "header1"); this.request.setRequestURI("/ambiguous-header"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(config.getAllowCredentials()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertNull(config.getMaxAge()); }
@Test public void combine() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("http://domain1.com"); config.addAllowedHeader("header1"); config.addExposedHeader("header3"); config.addAllowedMethod(HttpMethod.GET.name()); config.setMaxAge(123L); config.setAllowCredentials(true); CorsConfiguration other = new CorsConfiguration(); other.addAllowedOrigin("http://domain2.com"); other.addAllowedHeader("header2"); other.addExposedHeader("header4"); other.addAllowedMethod(HttpMethod.PUT.name()); other.setMaxAge(456L); other.setAllowCredentials(false); config = config.combine(other); assertEquals(Arrays.asList("http://domain1.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(Arrays.asList(HttpMethod.GET.name(), HttpMethod.PUT.name()), config.getAllowedMethods()); assertEquals(new Long(456), config.getMaxAge()); assertFalse(config.getAllowCredentials()); }
@Test public void actualRequestWithCorsConfigurationSource() throws Exception { this.handlerMapping.setCorsConfigurationSource(new CustomCorsConfigurationSource()); this.request.setMethod(RequestMethod.GET.name()); this.request.setRequestURI("/foo"); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); HandlerExecutionChain chain = handlerMapping.getHandler(this.request); assertNotNull(chain); assertTrue(chain.getHandler() instanceof SimpleHandler); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[]{"*"}, config.getAllowedOrigins().toArray()); assertEquals(true, config.getAllowCredentials()); }
@Test public void setNullValues() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(null); assertNull(config.getAllowedOrigins()); config.setAllowedHeaders(null); assertNull(config.getAllowedHeaders()); config.setAllowedMethods(null); assertNull(config.getAllowedMethods()); config.setExposedHeaders(null); assertNull(config.getExposedHeaders()); config.setAllowCredentials(null); assertNull(config.getAllowCredentials()); config.setMaxAge(null); assertNull(config.getMaxAge()); }