You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/05/20 16:34:43 UTC
svn commit: r1484488 - in /cxf/trunk: rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java

Author: sergeyb
Date: Mon May 20 14:34:43 2013
New Revision: 1484488

URL: http://svn.apache.org/r1484488
Log:
[CXF-5017] Splitting CORS headers using a comma pattern only

Modified:
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1484488&r1=1484487&r2=1484488&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java (original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java Mon May 20 14:34:43 2013
@@ -70,7 +70,7 @@ import org.apache.cxf.phase.Phase;
 public class CrossOriginResourceSharingFilter implements ContainerRequestFilter, 
     ContainerResponseFilter {
     private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
-    private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",\\w*");
+    private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",");
     
     private static final String LOCAL_PREFLIGHT = "local_preflight";
     private static final String LOCAL_PREFLIGHT_ORIGIN = "local_preflight.origin";

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java?rev=1484488&r1=1484487&r2=1484488&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java Mon May 20 14:34:43 2013
@@ -151,7 +151,7 @@ public class CrossOriginSimpleTest exten
     }
     
     @Test
-    public void preflightPostClassAnnotation() throws ClientProtocolException, IOException {
+    public void preflightPostClassAnnotationFail() throws ClientProtocolException, IOException {
         HttpClient httpclient = new DefaultHttpClient();
         HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
         httpoptions.addHeader("Origin", "http://in.org");
@@ -161,6 +161,67 @@ public class CrossOriginSimpleTest exten
         httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
         HttpResponse response = httpclient.execute(httpoptions);
         assertEquals(200, response.getStatusLine().getStatusCode());
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+    }
+    
+    @Test
+    public void preflightPostClassAnnotationFail2() throws ClientProtocolException, IOException {
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+        httpoptions.addHeader("Origin", "http://area51.mil:31415");
+        httpoptions.addHeader("Content-Type", "application/json");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-3");
+        HttpResponse response = httpclient.execute(httpoptions);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+        assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+    }
+    
+    @Test
+    public void preflightPostClassAnnotationPass() throws ClientProtocolException, IOException {
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+        httpoptions.addHeader("Origin", "http://area51.mil:31415");
+        httpoptions.addHeader("Content-Type", "application/json");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
+        HttpResponse response = httpclient.execute(httpoptions);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+        assertEquals(1, origin.length);
+        assertEquals("http://area51.mil:31415", origin[0].getValue());
+        Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+        assertEquals(1, method.length);
+        assertEquals("POST", method[0].getValue());
+        Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+        assertEquals(1, requestHeaders.length);
+        assertEquals("X-custom-1", requestHeaders[0].getValue());
+    }
+    
+    @Test
+    public void preflightPostClassAnnotationPass2() throws ClientProtocolException, IOException {
+        HttpClient httpclient = new DefaultHttpClient();
+        HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+        httpoptions.addHeader("Origin", "http://area51.mil:31415");
+        httpoptions.addHeader("Content-Type", "application/json");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+        httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2");
+        HttpResponse response = httpclient.execute(httpoptions);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+        assertEquals(1, origin.length);
+        assertEquals("http://area51.mil:31415", origin[0].getValue());
+        Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+        assertEquals(1, method.length);
+        assertEquals("POST", method[0].getValue());
+        Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+        assertEquals(1, requestHeaders.length);
+        assertTrue(requestHeaders[0].getValue().contains("X-custom-1"));
+        assertTrue(requestHeaders[0].getValue().contains("X-custom-2"));
     }
     
     @Test