Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
爱吃血肠
spring-framework
提交
72b44af8
S
spring-framework
项目概览
爱吃血肠
/
spring-framework
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
72b44af8
编写于
5月 31, 2015
作者:
S
Sam Brannen
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Introduce test for invalid @CrossOrigin.allowCredentials()
上级
891d41c0
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
46 addition
and
20 deletion
+46
-20
spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
...t/mvc/method/annotation/RequestMappingHandlerMapping.java
+7
-5
spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
...k/web/servlet/mvc/method/annotation/CrossOriginTests.java
+39
-15
未找到文件。
spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerMapping.java
浏览文件 @
72b44af8
...
...
@@ -328,15 +328,17 @@ public class RequestMappingHandlerMapping extends RequestMappingInfoHandlerMappi
for
(
String
header
:
annotation
.
exposedHeaders
())
{
config
.
addExposedHeader
(
header
);
}
if
(
annotation
.
allowCredentials
().
equalsIgnoreCase
(
"true"
))
{
String
allowCredentials
=
annotation
.
allowCredentials
();
if
(
"true"
.
equalsIgnoreCase
(
allowCredentials
))
{
config
.
setAllowCredentials
(
true
);
}
else
if
(
annotation
.
allowCredentials
().
equalsIgnoreCase
(
"false"
))
{
else
if
(
"false"
.
equalsIgnoreCase
(
allowCredentials
))
{
config
.
setAllowCredentials
(
false
);
}
else
if
(!
a
nnotation
.
allowCredentials
()
.
isEmpty
())
{
throw
new
IllegalStateException
(
"
AllowCredentials value must be \"true\", \"false\" "
+
"or \"\" (empty string), current value is "
+
annotation
.
allowCredentials
()
);
else
if
(!
a
llowCredentials
.
isEmpty
())
{
throw
new
IllegalStateException
(
"
@CrossOrigin's allowCredentials value must be \"true\", \"false\", "
+
"or an empty string (\"\"); current value is ["
+
allowCredentials
+
"]."
);
}
if
(
annotation
.
maxAge
()
!=
-
1
&&
config
.
getMaxAge
()
==
null
)
{
config
.
setMaxAge
(
annotation
.
maxAge
());
...
...
spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
浏览文件 @
72b44af8
...
...
@@ -18,21 +18,22 @@ package org.springframework.web.servlet.mvc.method.annotation;
import
java.lang.reflect.Method
;
import
static
org
.
junit
.
Assert
.*;
import
org.junit.Before
;
import
org.junit.Rule
;
import
org.junit.Test
;
import
org.junit.rules.ExpectedException
;
import
org.springframework.beans.DirectFieldAccessor
;
import
org.springframework.core.annotation.AnnotationUtils
;
import
org.springframework.http.HttpHeaders
;
import
org.springframework.util.CollectionUtils
;
import
org.springframework.web.context.support.StaticWebApplicationContext
;
import
org.springframework.web.cors.CorsConfiguration
;
import
org.springframework.mock.web.test.MockHttpServletRequest
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.util.CollectionUtils
;
import
org.springframework.web.bind.annotation.CrossOrigin
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.context.support.StaticWebApplicationContext
;
import
org.springframework.web.cors.CorsConfiguration
;
import
org.springframework.web.servlet.HandlerExecutionChain
;
import
org.springframework.web.servlet.HandlerInterceptor
;
import
org.springframework.web.servlet.mvc.condition.ConsumesRequestCondition
;
...
...
@@ -43,17 +44,24 @@ import org.springframework.web.servlet.mvc.condition.ProducesRequestCondition;
import
org.springframework.web.servlet.mvc.condition.RequestMethodsRequestCondition
;
import
org.springframework.web.servlet.mvc.method.RequestMappingInfo
;
import
static
org
.
hamcrest
.
CoreMatchers
.*;
import
static
org
.
junit
.
Assert
.*;
/**
* Test fixture for {@link CrossOrigin @CrossOrigin} annotated methods.
*
* @author Sebastien Deleuze
* @author Sam Brannen
*/
@SuppressWarnings
(
"unchecked"
)
public
class
CrossOriginTests
{
private
TestRequestMappingInfoHandlerMapping
handlerMapping
;
private
MockHttpServletRequest
request
;
@Rule
public
ExpectedException
exception
=
ExpectedException
.
none
();
@Before
public
void
setUp
()
{
this
.
handlerMapping
=
new
TestRequestMappingInfoHandlerMapping
();
...
...
@@ -123,6 +131,14 @@ public class CrossOriginTests {
assertEquals
(
false
,
config
.
getAllowCredentials
());
}
@Test
public
void
bogusAllowCredentialsValue
()
throws
Exception
{
exception
.
expect
(
IllegalStateException
.
class
);
exception
.
expectMessage
(
containsString
(
"@CrossOrigin's allowCredentials"
));
exception
.
expectMessage
(
containsString
(
"current value is [bogus]"
));
this
.
handlerMapping
.
registerHandler
(
new
MethodLevelControllerWithBogusAllowCredentialsValue
());
}
@Test
public
void
classLevel
()
throws
Exception
{
this
.
handlerMapping
.
registerHandler
(
new
ClassLevelController
());
...
...
@@ -218,59 +234,67 @@ public class CrossOriginTests {
@Controller
private
static
class
MethodLevelController
{
@RequestMapping
(
value
=
"/no"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
path
=
"/no"
,
method
=
RequestMethod
.
GET
)
public
void
noAnnotation
()
{
}
@RequestMapping
(
value
=
"/no"
,
method
=
RequestMethod
.
POST
)
@RequestMapping
(
path
=
"/no"
,
method
=
RequestMethod
.
POST
)
public
void
noAnnotationPost
()
{
}
@CrossOrigin
@RequestMapping
(
value
=
"/default"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
path
=
"/default"
,
method
=
RequestMethod
.
GET
)
public
void
defaultAnnotation
()
{
}
@CrossOrigin
@RequestMapping
(
value
=
"/default"
,
method
=
RequestMethod
.
GET
,
params
=
"q"
)
@RequestMapping
(
path
=
"/default"
,
method
=
RequestMethod
.
GET
,
params
=
"q"
)
public
void
defaultAnnotationWithParams
()
{
}
@CrossOrigin
@RequestMapping
(
value
=
"/ambiguous-header"
,
method
=
RequestMethod
.
GET
,
headers
=
"header1=a"
)
@RequestMapping
(
path
=
"/ambiguous-header"
,
method
=
RequestMethod
.
GET
,
headers
=
"header1=a"
)
public
void
ambigousHeader1a
()
{
}
@CrossOrigin
@RequestMapping
(
value
=
"/ambiguous-header"
,
method
=
RequestMethod
.
GET
,
headers
=
"header1=b"
)
@RequestMapping
(
path
=
"/ambiguous-header"
,
method
=
RequestMethod
.
GET
,
headers
=
"header1=b"
)
public
void
ambigousHeader1b
()
{
}
@CrossOrigin
@RequestMapping
(
value
=
"/ambiguous-produces"
,
method
=
RequestMethod
.
GET
,
produces
=
"application/xml"
)
@RequestMapping
(
path
=
"/ambiguous-produces"
,
method
=
RequestMethod
.
GET
,
produces
=
"application/xml"
)
public
String
ambigousProducesXml
()
{
return
"<a></a>"
;
}
@CrossOrigin
@RequestMapping
(
value
=
"/ambiguous-produces"
,
method
=
RequestMethod
.
GET
,
produces
=
"application/json"
)
@RequestMapping
(
path
=
"/ambiguous-produces"
,
method
=
RequestMethod
.
GET
,
produces
=
"application/json"
)
public
String
ambigousProducesJson
()
{
return
"{}"
;
}
@CrossOrigin
(
origin
=
{
"http://site1.com"
,
"http://site2.com"
},
allowedHeaders
=
{
"header1"
,
"header2"
},
exposedHeaders
=
{
"header3"
,
"header4"
},
method
=
RequestMethod
.
DELETE
,
maxAge
=
123
,
allowCredentials
=
"false"
)
@RequestMapping
(
value
=
"/customized"
,
method
=
{
RequestMethod
.
GET
,
RequestMethod
.
POST
}
)
@RequestMapping
(
path
=
"/customized"
,
method
=
{
RequestMethod
.
GET
,
RequestMethod
.
POST
}
)
public
void
customized
()
{
}
}
@Controller
private
static
class
MethodLevelControllerWithBogusAllowCredentialsValue
{
@CrossOrigin
(
allowCredentials
=
"bogus"
)
@RequestMapping
(
"/bogus"
)
public
void
bogusAllowCredentialsValue
()
{
}
}
@Controller
@CrossOrigin
private
static
class
ClassLevelController
{
@RequestMapping
(
value
=
"/foo"
,
method
=
RequestMethod
.
GET
)
@RequestMapping
(
path
=
"/foo"
,
method
=
RequestMethod
.
GET
)
public
void
foo
()
{
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录