Google Git
Sign in
apache / knox / 1436feddff5a40c2ed51912e046c80ada1f6a0f9 / . / gateway-provider-security-webappsec / src / test / java / org / apache / knox / gateway / webappsec / XFrameOptionsFilterTest.java
blob: 6ac05259ac610b42688561554470fa8b0d34c848 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.knox.gateway.webappsec;
import static org.junit.Assert.fail;
import java.io.IOException;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Properties;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Test;
public class XFrameOptionsFilterTest {
private static final String X_FRAME_OPTIONS = "X-Frame-Options";
String options;
Collection<String> headerNames;
Collection<String> headers;
@Test
public void testDefaultOptionsValue() throws Exception {
try {
XFrameOptionsFilter filter = new XFrameOptionsFilter();
Properties props = new Properties();
props.put("xframe.options.enabled", "true");
filter.init(new TestFilterConfig(props));
HttpServletRequest request = EasyMock.createNiceMock(
HttpServletRequest.class);
HttpServletResponse response = EasyMock.createNiceMock(
HttpServletResponse.class);
EasyMock.replay(request);
EasyMock.replay(response);
TestFilterChain chain = new TestFilterChain();
filter.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.",
chain.doFilterCalled );
Assert.assertEquals("Options value incorrect should be DENY but is: "
+ options, "DENY", options);
Assert.assertEquals("X-Frame-Options count not equal to 1.", 1, headers.size());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
@Test
public void testConfiguredOptionsValue() throws Exception {
try {
XFrameOptionsFilter filter = new XFrameOptionsFilter();
Properties props = new Properties();
props.put("xframe.options.enabled", "true");
props.put("xframe.options", "SAMEORIGIN");
filter.init(new TestFilterConfig(props));
HttpServletRequest request = EasyMock.createNiceMock(
HttpServletRequest.class);
HttpServletResponse response = EasyMock.createNiceMock(
HttpServletResponse.class);
EasyMock.replay(request);
EasyMock.replay(response);
TestFilterChain chain = new TestFilterChain();
filter.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.",
chain.doFilterCalled );
Assert.assertEquals("Options value incorrect should be SAMEORIGIN but is: "
+ options, "SAMEORIGIN", options);
Assert.assertEquals("X-Frame-Options count not equal to 1.", 1, headers.size());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
// @Test
// public void testExistingXFrameOptionHeader() throws Exception {
// try {
// XFrameOptionsFilter filter = new XFrameOptionsFilter();
// Properties props = new Properties();
// props.put("xframe.options.enabled", "true");
// props.put("xframe.options", "SAMEORIGIN");
// filter.init(new TestFilterConfig(props));
//
// HttpServletRequest request = EasyMock.createNiceMock(
// HttpServletRequest.class);
// HttpServletResponse response = EasyMock.createNiceMock(
// HttpServletResponse.class);
// EasyMock.replay(request);
// EasyMock.replay(response);
//
// TestFilterChain chain = new TestFilterChain();
// filter.doFilter(request, response, chain);
// Assert.assertTrue("doFilterCalled should not be false.",
// chain.doFilterCalled );
// Assert.assertTrue("Options value incorrect should be SAMEORIGIN but is: "
// + options, "SAMEORIGIN".equals(options));
//
// Assert.assertTrue("X-Frame-Options count not equal to 1.", headers.size() == 1);
// } catch (ServletException se) {
// fail("Should NOT have thrown a ServletException.");
// }
// }
class TestFilterConfig implements FilterConfig {
Properties props;
TestFilterConfig(Properties props) {
this.props = props;
}
@Override
public String getFilterName() {
return null;
}
@Override
public ServletContext getServletContext() {
return null;
}
@Override
public String getInitParameter(String name) {
return props.getProperty(name, null);
}
@Override
public Enumeration<String> getInitParameterNames() {
return null;
}
}
class TestFilterChain implements FilterChain {
boolean doFilterCalled;
@Override
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
doFilterCalled = true;
options = ((HttpServletResponse)response).getHeader(X_FRAME_OPTIONS);
headerNames = ((HttpServletResponse)response).getHeaderNames();
headers = ((HttpServletResponse)response).getHeaders(X_FRAME_OPTIONS);
}
}
}