Forked from mrserverless/DropwizardJettyCrossOriginIntegrationTest.java
Created
July 7, 2016 09:35
-
-
Save frhd/926ae8ac47ba903e001641d51e4d9af5 to your computer and use it in GitHub Desktop.
Dropwizard 0.8.0 and 0.9.0 Jetty CORS Filter with Unit Tests. To prove this works once and for all
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import io.dropwizard.Application; | |
import io.dropwizard.Configuration; | |
import io.dropwizard.client.JerseyClientBuilder; | |
import io.dropwizard.setup.Environment; | |
import io.dropwizard.testing.junit.DropwizardAppRule; | |
import org.assertj.core.data.MapEntry; | |
import org.eclipse.jetty.servlets.CrossOriginFilter; | |
import org.junit.ClassRule; | |
import org.junit.Test; | |
import javax.servlet.DispatcherType; | |
import javax.servlet.FilterRegistration; | |
import javax.ws.rs.client.Client; | |
import javax.ws.rs.core.MultivaluedMap; | |
import javax.ws.rs.core.Response; | |
import java.util.EnumSet; | |
import static io.dropwizard.testing.ResourceHelpers.resourceFilePath; | |
import static java.util.Arrays.asList; | |
import static javax.ws.rs.core.HttpHeaders.AUTHORIZATION; | |
import static javax.ws.rs.core.HttpHeaders.CONTENT_LENGTH; | |
import static javax.ws.rs.core.HttpHeaders.DATE; | |
import static javax.ws.rs.core.MediaType.APPLICATION_JSON; | |
import static org.assertj.core.api.Assertions.assertThat; | |
import static org.eclipse.jetty.servlets.CrossOriginFilter.*; | |
public class JettyCrossOriginDWIntegrationTest { | |
private static final String GOOD_ORIGIN = "allowed_host"; | |
private static final String BAD_ORIGIN = "denied_host"; | |
public static class CORSApplication extends Application<Configuration> { | |
@Override | |
public void run(Configuration configuration, Environment environment) throws Exception { | |
FilterRegistration.Dynamic filter = environment.servlets().addFilter("CORSFilter", CrossOriginFilter.class); | |
filter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, environment.getApplicationContext().getContextPath() + "*"); | |
filter.setInitParameter(ALLOWED_METHODS_PARAM, "GET,PUT,POST,OPTIONS"); | |
filter.setInitParameter(ALLOWED_ORIGINS_PARAM, GOOD_ORIGIN); | |
filter.setInitParameter(ALLOWED_HEADERS_PARAM, "Origin, Content-Type, Accept"); | |
filter.setInitParameter(ALLOW_CREDENTIALS_PARAM, "true"); | |
} | |
} | |
@ClassRule | |
public static final DropwizardAppRule<Configuration> RULE = | |
new DropwizardAppRule<>(CORSApplication.class, resourceFilePath("test-config.yml")); | |
private static Client client; | |
@BeforeClass | |
public static void setUp() { | |
client = new JerseyClientBuilder(RULE.getEnvironment()).build("test client"); | |
} | |
@Test | |
public void allowedOriginPreflightOptions() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.header(ACCESS_CONTROL_REQUEST_METHOD_HEADER, "GET") | |
.header(ACCESS_CONTROL_REQUEST_HEADERS_HEADER, "Content-Type") | |
.options(); | |
// then | |
MultivaluedMap<String, Object> headers = response.getHeaders(); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, asList(GOOD_ORIGIN))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, asList("true"))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_MAX_AGE_HEADER, asList("1800"))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_METHODS_HEADER, asList("GET,PUT,POST,OPTIONS"))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, asList("Origin, Content-Type, Accept"))); | |
} | |
@Test | |
public void deniedOriginPreflightOptions() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", BAD_ORIGIN) | |
.header(ACCESS_CONTROL_REQUEST_METHOD_HEADER, "GET") | |
.options(); | |
// then | |
assertThat(response.getHeaders()).containsOnlyKeys(DATE, CONTENT_LENGTH); | |
} | |
@Test | |
public void deniedMethodPreflightOptions() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.header(ACCESS_CONTROL_REQUEST_METHOD_HEADER, "DELETE") | |
.options(); | |
// then | |
assertThat(response.getHeaders()).containsOnlyKeys(DATE, CONTENT_LENGTH); | |
} | |
@Test | |
public void deniedHeaderPreflightOptions() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.header(ACCESS_CONTROL_REQUEST_HEADERS_HEADER, AUTHORIZATION) | |
.options(); | |
// then | |
MultivaluedMap<String, Object> headers = response.getHeaders(); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, asList(GOOD_ORIGIN))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, asList("true"))); | |
assertThat(response.getHeaders()).doesNotContainKeys( | |
ACCESS_CONTROL_MAX_AGE_HEADER, | |
ACCESS_CONTROL_ALLOW_METHODS_HEADER, | |
ACCESS_CONTROL_ALLOW_HEADERS_HEADER); | |
} | |
@Test | |
public void allowedOriginAllowedMethodAllowedHeaderRequest() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.header("Content-Type", APPLICATION_JSON) | |
.get(); | |
// then | |
MultivaluedMap<String, Object> headers = response.getHeaders(); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, asList(GOOD_ORIGIN))); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, asList("true"))); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_EXPOSE_HEADERS_HEADER, asList(""))); | |
assertThat(headers).doesNotContainKeys( | |
ACCESS_CONTROL_MAX_AGE_HEADER, | |
ACCESS_CONTROL_ALLOW_METHODS_HEADER, | |
ACCESS_CONTROL_ALLOW_HEADERS_HEADER); | |
} | |
@Test | |
public void deniedOriginRequest() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", BAD_ORIGIN) | |
.get(); | |
// then | |
assertThat(response.getHeaders()).doesNotContainKeys( | |
ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, | |
ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, | |
ACCESS_CONTROL_EXPOSE_HEADERS_HEADER, | |
ACCESS_CONTROL_MAX_AGE_HEADER, | |
ACCESS_CONTROL_ALLOW_METHODS_HEADER, | |
ACCESS_CONTROL_ALLOW_HEADERS_HEADER); | |
} | |
@Test | |
public void deniedMethodRequest() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.delete(); | |
// then | |
MultivaluedMap<String, Object> headers = response.getHeaders(); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, asList(GOOD_ORIGIN))); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, asList("true"))); | |
assertThat(response.getHeaders()).contains(MapEntry.entry(ACCESS_CONTROL_EXPOSE_HEADERS_HEADER, asList(""))); | |
assertThat(headers).doesNotContainKeys( | |
ACCESS_CONTROL_MAX_AGE_HEADER, | |
ACCESS_CONTROL_ALLOW_METHODS_HEADER, | |
ACCESS_CONTROL_ALLOW_HEADERS_HEADER); | |
} | |
@Test | |
public void deniedHeaderRequest() { | |
// when | |
Response response = client.target(String.format("http://localhost:%d/", RULE.getLocalPort())).request() | |
.header("Origin", GOOD_ORIGIN) | |
.header("Content-Type", AUTHORIZATION) | |
.delete(); | |
// then | |
MultivaluedMap<String, Object> headers = response.getHeaders(); | |
assertThat(response.getHeaders()).doesNotContainKeys(ACCESS_CONTROL_ALLOW_HEADERS_HEADER, ACCESS_CONTROL_MAX_AGE_HEADER, ACCESS_CONTROL_ALLOW_METHODS_HEADER); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, asList(GOOD_ORIGIN))); | |
assertThat(headers).contains(MapEntry.entry(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, asList("true"))); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment