XFrameOptionsFilterTest.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2017 Open Source Geospatial Foundation - all rights reserved
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.filters;

import static org.junit.Assert.assertEquals;

import java.io.IOException;

import javax.servlet.ServletException;

import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;

/**
 * Simple test to make sure the XFrameOptions filter works and is configurable.
 */
public class XFrameOptionsFilterTest {

    @Test
    public void doFilter() throws Exception {
        String header = getXStreamHeader();
        assertEquals("Expect default XFrameOption to be DENY", "SAMEORIGIN", header);
    }

    @Test
    public void testFilterWithNoSetPolicy() throws IOException, ServletException {
        String currentShouldSetProperty =
            System.getProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_SHOULD_SET_POLICY);
        System.setProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_SHOULD_SET_POLICY, "false");
        String header = getXStreamHeader();

        assertEquals("Expect default XFrameOption to be null", null, header);

        if (currentShouldSetProperty != null) {
            System.setProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_SHOULD_SET_POLICY, currentShouldSetProperty);
        }
    }

    @Test
    public void testFilterWithSameOrigin() throws IOException, ServletException {
        String currentShouldSetProperty =
            System.getProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_POLICY);
        System.setProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_POLICY, "DENY");
        String header = getXStreamHeader();

        assertEquals("Expect default XFrameOption to be DENY", "DENY", header);

        if (currentShouldSetProperty != null) {
            System.setProperty(XFrameOptionsFilter.GEOSERVER_XFRAME_POLICY, currentShouldSetProperty);
        }
    }

    private String getXStreamHeader() throws IOException, ServletException {
        MockHttpServletRequest request = new MockHttpServletRequest("GET", "http://www.geoserver.org");
        MockHttpServletResponse response = new MockHttpServletResponse();
        XFrameOptionsFilter filter = new XFrameOptionsFilter();
        MockServletContext context = new MockServletContext();
        MockFilterConfig config = new MockFilterConfig(context);
        MockFilterChain mockChain = new MockFilterChain();

        filter.doFilter(request, response, mockChain);

        return response.getHeader("X-Frame-Options");
    }

}