View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2020 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet;
25  
26  import javax.servlet.FilterChain;
27  import javax.servlet.FilterConfig;
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  
31  import mockit.Expectations;
32  import mockit.Mocked;
33  import mockit.Tested;
34  import mockit.Verifications;
35  
36  import org.junit.jupiter.api.Test;
37  
38  import waffle.util.CorsPreFlightCheck;
39  
40  /**
41   * The Class CorsAwareNegotiateSecurityFilterTest.
42   */
43  class CorsAwareNegotiateSecurityFilterTest {
44  
45      /** The cors aware negotiate security filter. */
46      @Tested
47      CorsAwareNegotiateSecurityFilter corsAwareNegotiateSecurityFilter;
48  
49      /** The preflight request. */
50      @Mocked
51      HttpServletRequest preflightRequest;
52  
53      /** The preflight response. */
54      @Mocked
55      HttpServletResponse preflightResponse;
56  
57      /** The chain. */
58      @Mocked
59      FilterChain chain;
60  
61      /** The filter config. */
62      @Mocked
63      FilterConfig filterConfig;
64  
65      /**
66       * Do filter test cors preflight request.
67       *
68       * @throws Exception
69       *             the exception
70       */
71      @Test
72      void doFilterTestCorsPreflightRequest() throws Exception {
73  
74          new Expectations() {
75              {
76                  CorsAwareNegotiateSecurityFilterTest.this.preflightRequest.getMethod();
77                  this.result = "OPTIONS";
78                  CorsAwareNegotiateSecurityFilterTest.this.preflightRequest.getHeader("Access-Control-Request-Method");
79                  this.result = "LOGIN";
80                  CorsAwareNegotiateSecurityFilterTest.this.preflightRequest.getHeader("Access-Control-Request-Headers");
81                  this.result = "X-Request-For";
82                  CorsAwareNegotiateSecurityFilterTest.this.preflightRequest.getHeader("Origin");
83                  this.result = "https://theorigin.preflight";
84              }
85          };
86  
87          this.corsAwareNegotiateSecurityFilter.doFilter(this.preflightRequest, this.preflightResponse, this.chain);
88  
89          new Verifications() {
90              {
91                  CorsPreFlightCheck.isPreflight(CorsAwareNegotiateSecurityFilterTest.this.preflightRequest);
92                  this.times = 1;
93                  CorsAwareNegotiateSecurityFilterTest.this.chain.doFilter(
94                          CorsAwareNegotiateSecurityFilterTest.this.preflightRequest,
95                          CorsAwareNegotiateSecurityFilterTest.this.preflightResponse);
96              }
97          };
98  
99      }
100 
101 }