Skip to content

S
spring-framework

爱吃血肠 / spring-framework

通知 1
Star 0
Fork 0
S
spring-framework

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
WebUtilsTests.java 6.8 KB
Newer Older
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
1 
/*
S
Explicit type can be replaced by <>  
Stephane Nicoll 已提交
2 
 * Copyright 2002-2016 the original author or authors.
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.web.util;
R
Add support for matrix variables  
Rossen Stoyanchev 已提交
19 
import java.util.Arrays;
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
20 
import java.util.Collections;
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
21 
import java.util.HashMap;
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
22 
import java.util.List;
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
23 24 
import java.util.Map;
A
Added extractFullFilenameFromUrlPath to WebUtils  
Arjen Poutsma 已提交
25 
import org.junit.Test;
J
Consistent formatting of license headers, package javadocs, and import declarations  
Juergen Hoeller 已提交
26
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
27 28 29 30 
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.mock.web.test.MockHttpServletRequest;
R
Add support for matrix variables  
Rossen Stoyanchev 已提交
31 
import org.springframework.util.MultiValueMap;
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
32
R
Fix lines over 120 characters  
Rossen Stoyanchev 已提交
33 34 35 36 
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
J
Consistent formatting of license headers, package javadocs, and import declarations  
Juergen Hoeller 已提交
37
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
38 39 
/**
 * @author Juergen Hoeller
A
Added extractFullFilenameFromUrlPath to WebUtils  
Arjen Poutsma 已提交
40 
 * @author Arjen Poutsma
R
Add support for matrix variables  
Rossen Stoyanchev 已提交
41 
 * @author Rossen Stoyanchev
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
42 
 * @author Sebastien Deleuze
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
43 
 */
A
Added extractFullFilenameFromUrlPath to WebUtils  
Arjen Poutsma 已提交
44 
public class WebUtilsTests {
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
45
A
Added extractFullFilenameFromUrlPath to WebUtils  
Arjen Poutsma 已提交
46 47 
	@Test
	public void findParameterValue() {
S
Explicit type can be replaced by <>  
Stephane Nicoll 已提交
48 
		Map<String, Object> params = new HashMap<>();
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
49 50 51 
		params.put("myKey1", "myValue1");
		params.put("myKey2_myValue2", "xxx");
		params.put("myKey3_myValue3.x", "xxx");
J
Java 5 code style  
Juergen Hoeller 已提交
52 
		params.put("myKey4_myValue4.y", new String[] {"yyy"});
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
53 54 55 56 57 58 59 60 

		assertNull(WebUtils.findParameterValue(params, "myKey0"));
		assertEquals("myValue1", WebUtils.findParameterValue(params, "myKey1"));
		assertEquals("myValue2", WebUtils.findParameterValue(params, "myKey2"));
		assertEquals("myValue3", WebUtils.findParameterValue(params, "myKey3"));
		assertEquals("myValue4", WebUtils.findParameterValue(params, "myKey4"));
	}
R
Add support for matrix variables  
Rossen Stoyanchev 已提交
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 
	@Test
	public void parseMatrixVariablesString() {
		MultiValueMap<String, String> variables;

		variables = WebUtils.parseMatrixVariables(null);
		assertEquals(0, variables.size());

		variables = WebUtils.parseMatrixVariables("year");
		assertEquals(1, variables.size());
		assertEquals("", variables.getFirst("year"));

		variables = WebUtils.parseMatrixVariables("year=2012");
		assertEquals(1, variables.size());
		assertEquals("2012", variables.getFirst("year"));

		variables = WebUtils.parseMatrixVariables("year=2012;colors=red,blue,green");
		assertEquals(2, variables.size());
		assertEquals(Arrays.asList("red", "blue", "green"), variables.get("colors"));
		assertEquals("2012", variables.getFirst("year"));

		variables = WebUtils.parseMatrixVariables(";year=2012;colors=red,blue,green;");
		assertEquals(2, variables.size());
		assertEquals(Arrays.asList("red", "blue", "green"), variables.get("colors"));
		assertEquals("2012", variables.getFirst("year"));

		variables = WebUtils.parseMatrixVariables("colors=red;colors=blue;colors=green");
		assertEquals(1, variables.size());
		assertEquals(Arrays.asList("red", "blue", "green"), variables.get("colors"));
	}
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
91 
	@Test
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
92 
	public void isValidOrigin() {
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
93 
		List<String> allowed = Collections.emptyList();
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
94 95 
		assertTrue(checkValidOrigin("mydomain1.com", -1, "http://mydomain1.com", allowed));
		assertFalse(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed));
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
96 97 

		allowed = Collections.singletonList("*");
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
98 
		assertTrue(checkValidOrigin("mydomain1.com", -1, "http://mydomain2.com", allowed));
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
99 100 

		allowed = Collections.singletonList("http://mydomain1.com");
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
101 102 
		assertTrue(checkValidOrigin("mydomain2.com", -1, "http://mydomain1.com", allowed));
		assertFalse(checkValidOrigin("mydomain2.com", -1, "http://mydomain3.com", allowed));
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
103 104 105 
	}

	@Test
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
106 107 108 109 110 111 112 113 114 115 116 117 
	public void isSameOrigin() {
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com"));
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com:80"));
		assertTrue(checkSameOrigin("mydomain1.com", 443, "https://mydomain1.com"));
		assertTrue(checkSameOrigin("mydomain1.com", 443, "https://mydomain1.com:443"));
		assertTrue(checkSameOrigin("mydomain1.com", 123, "http://mydomain1.com:123"));
		assertTrue(checkSameOrigin("mydomain1.com", -1, "ws://mydomain1.com"));
		assertTrue(checkSameOrigin("mydomain1.com", 443, "wss://mydomain1.com"));

		assertFalse(checkSameOrigin("mydomain1.com", -1, "http://mydomain2.com"));
		assertFalse(checkSameOrigin("mydomain1.com", -1, "https://mydomain1.com"));
		assertFalse(checkSameOrigin("mydomain1.com", -1, "invalid-origin"));
S
Avoid stacktrace for invalid Origin header values  
Sebastien Deleuze 已提交
118 119 120 121 122 123 124 125 126 127 

		// Handling of invalid origins as described in SPR-13478
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com/"));
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com:80/"));
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com/path"));
		assertTrue(checkSameOrigin("mydomain1.com", -1, "http://mydomain1.com:80/path"));
		assertFalse(checkSameOrigin("mydomain2.com", -1, "http://mydomain1.com/"));
		assertFalse(checkSameOrigin("mydomain2.com", -1, "http://mydomain1.com:80/"));
		assertFalse(checkSameOrigin("mydomain2.com", -1, "http://mydomain1.com/path"));
		assertFalse(checkSameOrigin("mydomain2.com", -1, "http://mydomain1.com:80/path"));
S
Make UriComponentsBuilder.fromOriginHeader() IPv6 compliant  
Sebastien Deleuze 已提交
128 129 130 131 

		// Handling of IPv6 hosts as described in SPR-13525
		assertTrue(checkSameOrigin("[::1]", -1, "http://[::1]"));
		assertTrue(checkSameOrigin("[::1]", 8080, "http://[::1]:8080"));
R
Fix lines over 120 characters  
Rossen Stoyanchev 已提交
132 133 134 135 136 137 
		assertTrue(checkSameOrigin(
				"[2001:0db8:0000:85a3:0000:0000:ac1f:8001]", -1,
				"http://[2001:0db8:0000:85a3:0000:0000:ac1f:8001]"));
		assertTrue(checkSameOrigin(
				"[2001:0db8:0000:85a3:0000:0000:ac1f:8001]", 8080,
				"http://[2001:0db8:0000:85a3:0000:0000:ac1f:8001]:8080"));
S
Make UriComponentsBuilder.fromOriginHeader() IPv6 compliant  
Sebastien Deleuze 已提交
138 
		assertFalse(checkSameOrigin("[::1]", -1, "http://[::1]:8080"));
R
Fix lines over 120 characters  
Rossen Stoyanchev 已提交
139 140 
		assertFalse(checkSameOrigin("[::1]", 8080,
				"http://[2001:0db8:0000:85a3:0000:0000:ac1f:8001]:8080"));
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
141 
	}
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
142 143
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
144 145 146 147 148 149 150 151 152 
	private boolean checkValidOrigin(String serverName, int port, String originHeader, List<String> allowed) {
		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
		ServerHttpRequest request = new ServletServerHttpRequest(servletRequest);
		servletRequest.setServerName(serverName);
		if (port != -1) {
			servletRequest.setServerPort(port);
		}
		request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
		return WebUtils.isValidOrigin(request, allowed);
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
153 154 
	}
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
155 
	private boolean checkSameOrigin(String serverName, int port, String originHeader) {
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
156 157 
		MockHttpServletRequest servletRequest = new MockHttpServletRequest();
		ServerHttpRequest request = new ServletServerHttpRequest(servletRequest);
R
Allow "ws" and "wss" for isValidCorsOrigin checks  
Rossen Stoyanchev 已提交
158 159 160 161 162 
		servletRequest.setServerName(serverName);
		if (port != -1) {
			servletRequest.setServerPort(port);
		}
		request.getHeaders().set(HttpHeaders.ORIGIN, originHeader);
S
Avoid rejecting same-origin requests detected as CORS requests  
Sebastien Deleuze 已提交
163 
		return WebUtils.isSameOrigin(request);
S
Change SockJS and Websocket default allowedOrigins to same origin  
Sebastien Deleuze 已提交
164 165 
	}
A
Added testsuite, as one project for now. Will move individual tests to respective modules later  
Arjen Poutsma 已提交
166 
}