hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/webapp/TestRMWithXFSFilter.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.yarn.webapp;

import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.servlet.GuiceServletContextListener;
import com.google.inject.servlet.ServletModule;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.guice.spi.container.servlet.GuiceContainer;
import com.sun.jersey.test.framework.WebAppDescriptor;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.http.XFrameOptionsFilter;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.JAXBContextResolver;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.RMWebServices;
import org.junit.Before;
import org.junit.Test;

import java.util.HashMap;
import java.util.Map;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;

/**
 * Used TestRMWebServices as an example of web invocations of RM and added
 * test for XFS Filter.
 */
public class TestRMWithXFSFilter extends JerseyTestBase {

  private static MockRM rm;

  private Injector injector;

  /**
   *
   */
  public class GuiceServletConfig extends GuiceServletContextListener {

    @Override
    protected Injector getInjector() {
      return injector;
    }
  }

  @Before
  @Override
  public void setUp() throws Exception {
    super.setUp();
  }

  public TestRMWithXFSFilter() {
    super(new WebAppDescriptor.Builder(
        "org.apache.hadoop.yarn.server.resourcemanager.webapp")
        .contextListenerClass(GuiceServletConfig.class)
        .filterClass(com.google.inject.servlet.GuiceFilter.class)
        .contextPath("jersey-guice-filter").servletPath("/").build());
  }

  @Test
  public void testDefaultBehavior() throws Exception {
    createInjector();

    WebResource r = resource();
    ClientResponse response = r.path("ws").path("v1").path("cluster")
        .path("info").accept("application/xml")
        .get(ClientResponse.class);
    assertEquals("Should have received DENY x-frame options header",
        "DENY",
        response.getHeaders().get(XFrameOptionsFilter.X_FRAME_OPTIONS).get(0));
  }

  protected void createInjector(String headerValue) {
    createInjector(headerValue, false);
  }


  protected void createInjector() {
    createInjector(null, false);
  }

  protected void createInjector(final String headerValue,
      final boolean explicitlyDisabled) {
    injector = Guice.createInjector(new ServletModule() {
      @Override
      protected void configureServlets() {
        bind(JAXBContextResolver.class);
        bind(RMWebServices.class);
        bind(GenericExceptionHandler.class);
        Configuration conf = new Configuration();
        conf.setClass(YarnConfiguration.RM_SCHEDULER, FifoScheduler.class,
            ResourceScheduler.class);
        rm = new MockRM(conf);
        bind(ResourceManager.class).toInstance(rm);
        serve("/*").with(GuiceContainer.class);
        XFrameOptionsFilter xfsFilter = new XFrameOptionsFilter();
        Map<String, String> initParams = new HashMap<>();
        if (headerValue != null) {
          initParams.put(XFrameOptionsFilter.CUSTOM_HEADER_PARAM, headerValue);
        }
        if (explicitlyDisabled) {
          initParams.put(
              "xframe-options-enabled", "false");
        }

        filter("/*").through(xfsFilter, initParams);
      }
    });
  }

  @Test
  public void testSameOrigin() throws Exception {
    createInjector("SAMEORIGIN");

    WebResource r = resource();
    ClientResponse response = r.path("ws").path("v1").path("cluster")
        .path("info").accept("application/xml")
        .get(ClientResponse.class);
    assertEquals("Should have received SAMEORIGIN x-frame options header",
        "SAMEORIGIN",
        response.getHeaders().get(XFrameOptionsFilter.X_FRAME_OPTIONS).get(0));
  }

  @Test
  public void testExplicitlyDisabled() throws Exception {
    createInjector(null, true);

    WebResource r = resource();
    ClientResponse response = r.path("ws").path("v1").path("cluster")
        .path("info").accept("application/xml")
        .get(ClientResponse.class);
    assertFalse("Should have not received x-frame options header",
        response.getHeaders().get(XFrameOptionsFilter.X_FRAME_OPTIONS) == null);
  }

}