You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/05/20 16:34:43 UTC
svn commit: r1484488 - in /cxf/trunk:
rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
Author: sergeyb
Date: Mon May 20 14:34:43 2013
New Revision: 1484488
URL: http://svn.apache.org/r1484488
Log:
[CXF-5017] Splitting CORS headers using a comma pattern only
Modified:
cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1484488&r1=1484487&r2=1484488&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java (original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java Mon May 20 14:34:43 2013
@@ -70,7 +70,7 @@ import org.apache.cxf.phase.Phase;
public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
ContainerResponseFilter {
private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
- private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",\\w*");
+ private static final Pattern FIELD_COMMA_PATTERN = Pattern.compile(",");
private static final String LOCAL_PREFLIGHT = "local_preflight";
private static final String LOCAL_PREFLIGHT_ORIGIN = "local_preflight.origin";
Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java?rev=1484488&r1=1484487&r2=1484488&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java Mon May 20 14:34:43 2013
@@ -151,7 +151,7 @@ public class CrossOriginSimpleTest exten
}
@Test
- public void preflightPostClassAnnotation() throws ClientProtocolException, IOException {
+ public void preflightPostClassAnnotationFail() throws ClientProtocolException, IOException {
HttpClient httpclient = new DefaultHttpClient();
HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
httpoptions.addHeader("Origin", "http://in.org");
@@ -161,6 +161,67 @@ public class CrossOriginSimpleTest exten
httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
HttpResponse response = httpclient.execute(httpoptions);
assertEquals(200, response.getStatusLine().getStatusCode());
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+ }
+
+ @Test
+ public void preflightPostClassAnnotationFail2() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-3");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS).length);
+ assertEquals(0, response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS).length);
+ }
+
+ @Test
+ public void preflightPostClassAnnotationPass() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+ assertEquals(1, origin.length);
+ assertEquals("http://area51.mil:31415", origin[0].getValue());
+ Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+ assertEquals(1, method.length);
+ assertEquals("POST", method[0].getValue());
+ Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+ assertEquals(1, requestHeaders.length);
+ assertEquals("X-custom-1", requestHeaders[0].getValue());
+ }
+
+ @Test
+ public void preflightPostClassAnnotationPass2() throws ClientProtocolException, IOException {
+ HttpClient httpclient = new DefaultHttpClient();
+ HttpOptions httpoptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
+ httpoptions.addHeader("Origin", "http://area51.mil:31415");
+ httpoptions.addHeader("Content-Type", "application/json");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, "POST");
+ httpoptions.addHeader(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, "X-custom-1, X-custom-2");
+ HttpResponse response = httpclient.execute(httpoptions);
+ assertEquals(200, response.getStatusLine().getStatusCode());
+ Header[] origin = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN);
+ assertEquals(1, origin.length);
+ assertEquals("http://area51.mil:31415", origin[0].getValue());
+ Header[] method = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS);
+ assertEquals(1, method.length);
+ assertEquals("POST", method[0].getValue());
+ Header[] requestHeaders = response.getHeaders(CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS);
+ assertEquals(1, requestHeaders.length);
+ assertTrue(requestHeaders[0].getValue().contains("X-custom-1"));
+ assertTrue(requestHeaders[0].getValue().contains("X-custom-2"));
}
@Test